From 8480808c2fb16350a40b3fa365a20d83a36b810a Mon Sep 17 00:00:00 2001
From: Philipp Hancke <phancke@meta.com>
Date: Sat, 31 Aug 2024 13:41:12 -0700
Subject: [PATCH] ssl: remove SSL_set_read_ahead for DTLS mode

since it has no impact for DTLS:
  https://docs.openssl.org/1.1.1/man3/SSL_CTX_set_read_ahead/

BUG=webrtc:353750117

Change-Id: I09d135aa69471af9d2feaf82e35625da3ae2e247
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361220
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: David Benjamin <davidben@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42950}
---
 rtc_base/openssl_adapter.cc        | 4 ----
 rtc_base/openssl_stream_adapter.cc | 8 ++------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/rtc_base/openssl_adapter.cc b/rtc_base/openssl_adapter.cc
index 43f39c00e4..3517ed8181 100644
--- a/rtc_base/openssl_adapter.cc
+++ b/rtc_base/openssl_adapter.cc
@@ -1000,10 +1000,6 @@ SSL_CTX* OpenSSLAdapter::CreateContext(SSLMode mode,
   SSL_CTX_set_cipher_list(
       ctx, "ALL:!SHA256:!SHA384:!aPSK:!ECDSA+SHA1:!ADH:!LOW:!EXP:!MD5:!3DES");
 
-  if (mode == SSL_MODE_DTLS) {
-    SSL_CTX_set_read_ahead(ctx, 1);
-  }
-
   if (enable_cache) {
     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
     SSL_CTX_sess_set_new_cb(ctx, &OpenSSLAdapter::NewSSLSessionCallback);
diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index 26df804c7d..b7b1d1cfd1 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -874,15 +874,11 @@ int OpenSSLStreamAdapter::BeginSSL() {
   SSL_set_app_data(ssl_, this);
 
   SSL_set_bio(ssl_, bio, bio);  // the SSL object owns the bio now.
-  if (ssl_mode_ == SSL_MODE_DTLS) {
 #ifdef OPENSSL_IS_BORINGSSL
+  if (ssl_mode_ == SSL_MODE_DTLS) {
     DTLSv1_set_initial_timeout_duration(ssl_, dtls_handshake_timeout_ms_);
-#else
-    // Enable read-ahead for DTLS so whole packets are read from internal BIO
-    // before parsing. This is done internally by BoringSSL for DTLS.
-    SSL_set_read_ahead(ssl_, 1);
-#endif
   }
+#endif
 
   SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE |
                          SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);