aws-lc: do not use large buffer

test_10_08, uploading larger files for a h2 proxy, sporadically fails
with a decrpytion error on received data in AWS-LC. The frequency can
be increased by simulated network receive blocks.

Not setting a 4 * TLS record sized buffer, leaving AWS-LC at its
default buffer size seems to mitigate this problem.

Closes #18434

diff --git a/lib/cf-h2-proxy.c b/lib/cf-h2-proxy.c
index 007cc770d9be3c5c4cfbc5f456c37d52924d0631..d67bbd55adfbf2ee76ff1fcff657915a691b9cb3 100644 (file)
--- a/lib/cf-h2-proxy.c
+++ b/lib/cf-h2-proxy.c
@@ -474,7 +474,7 @@ static CURLcode proxy_h2_progress_ingress(struct Curl_cfilter *cf,
                 Curl_bufq_len(&ctx->inbufq), result, nread);
     if(result) {
       if(result != CURLE_AGAIN) {
-        failf(data, "Failed receiving HTTP2 data");
+        failf(data, "Failed receiving HTTP2 proxy data");
         return result;
       }
       break;

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 45469205cf6150eed99971772288f4daddc8b75a..5971d9a3581a034a2c1e758ef622f06d9e229e89 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -121,8 +121,14 @@
 static void ossl_provider_cleanup(struct Curl_easy *data);
 #endif
 
+/*
+ * AWS-LC has `SSL_CTX_set_default_read_buffer_len()?` but runs into
+ * decryption failures with large buffers. Sporadic failures in
+ * test_10_08 with h2 proxy uploads, increased frequency
+ * with CURL_DBG_SOCK_RBLOCK=50. Looks like a bug on their part.
+ */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-  !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)
+  !defined(LIBRESSL_VERSION_NUMBER) && !defined(HAVE_BORINGSSL_LIKE)
 #define HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN 1
 #endif
 
@@ -4129,7 +4135,6 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
      However using a large buffer (8 packets) actually decreases performance.
      4 packets is better.
    */
-
 #ifdef HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN
   SSL_CTX_set_default_read_buffer_len(octx->ssl_ctx, 0x401e * 4);
 #endif

diff --git a/tests/http/test_10_proxy.py b/tests/http/test_10_proxy.py
index ac70ec3eb25a563ba8955bb0df542b67b26f2f15..e61284a4cadfe22f60c05ee70eb82f2e72ece196 100644 (file)
--- a/tests/http/test_10_proxy.py
+++ b/tests/http/test_10_proxy.py
@@ -226,11 +226,11 @@ class TestProxy:
                              extra_args=xargs)
         assert self.get_tunnel_proto_used(r) == tunnel
         r.check_response(count=count, http_status=200)
+        assert r.total_connects == 1, r.dump_logs()
         indata = open(srcfile).readlines()
         for i in range(count):
             respdata = open(curl.response_file(i)).readlines()
             assert respdata == indata, f'response {i} differs'
-        assert r.total_connects == 1, r.dump_logs()
 
     @pytest.mark.skipif(condition=not Env.have_ssl_curl(), reason="curl without SSL")
     @pytest.mark.parametrize("tunnel", ['http/1.1', 'h2'])