diff --git a/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch b/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch index 90dc001a..25943e21 100644 --- a/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch +++ b/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch @@ -4983,7 +4983,7 @@ index 6e5cc2da1..b1b31f3a7 100644 ticket_age_skew < std::numeric_limits::min()) { return false; diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc -index 971ebd0b1..348fb93dc 100644 +index 971ebd0b1..27a8abfae 100644 --- a/src/ssl/handshake_client.cc +++ b/src/ssl/handshake_client.cc @@ -158,6 +158,8 @@ @@ -4995,79 +4995,7 @@ index 971ebd0b1..348fb93dc 100644 #include #include #include -@@ -215,13 +217,15 @@ static void ssl_get_client_disabled(const SSL_HANDSHAKE *hs, - } - } - --static bool ssl_add_tls13_cipher(CBB *cbb, uint16_t cipher_id, -- ssl_compliance_policy_t policy) { -- if (ssl_tls13_cipher_meets_policy(cipher_id, policy)) { -- return CBB_add_u16(cbb, cipher_id); -- } -- return true; --} -+// Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance. -+// Compatible with some Firefox cipher sequence order -+// static bool ssl_add_tls13_cipher(CBB *cbb, uint16_t cipher_id, -+// ssl_compliance_policy_t policy) { -+// if (ssl_tls13_cipher_meets_policy(cipher_id, policy)) { -+// return CBB_add_u16(cbb, cipher_id); -+// } -+// return true; -+// } - - static bool ssl_write_client_cipher_list(const SSL_HANDSHAKE *hs, CBB *out, - ssl_client_hello_type_t type) { -@@ -242,26 +246,28 @@ static bool ssl_write_client_cipher_list(const SSL_HANDSHAKE *hs, CBB *out, - - // Add TLS 1.3 ciphers. Order ChaCha20-Poly1305 relative to AES-GCM based on - // hardware support. -- if (hs->max_version >= TLS1_3_VERSION) { -- const bool has_aes_hw = ssl->config->aes_hw_override -- ? ssl->config->aes_hw_override_value -- : EVP_has_aes_hardware(); -- -- if ((!has_aes_hw && // -- !ssl_add_tls13_cipher(&child, -- TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff, -- ssl->config->tls13_cipher_policy)) || -- !ssl_add_tls13_cipher(&child, TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff, -- ssl->config->tls13_cipher_policy) || -- !ssl_add_tls13_cipher(&child, TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff, -- ssl->config->tls13_cipher_policy) || -- (has_aes_hw && // -- !ssl_add_tls13_cipher(&child, -- TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff, -- ssl->config->tls13_cipher_policy))) { -- return false; -- } -- } -+ // Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance. -+ // Compatible with some Firefox cipher sequence order -+ // if (hs->max_version >= TLS1_3_VERSION) { -+ // const bool has_aes_hw = ssl->config->aes_hw_override -+ // ? ssl->config->aes_hw_override_value -+ // : EVP_has_aes_hardware(); -+ -+ // if ((!has_aes_hw && // -+ // !ssl_add_tls13_cipher(&child, -+ // TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff, -+ // ssl->config->tls13_cipher_policy)) || -+ // !ssl_add_tls13_cipher(&child, TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff, -+ // ssl->config->tls13_cipher_policy) || -+ // !ssl_add_tls13_cipher(&child, TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff, -+ // ssl->config->tls13_cipher_policy) || -+ // (has_aes_hw && // -+ // !ssl_add_tls13_cipher(&child, -+ // TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff, -+ // ssl->config->tls13_cipher_policy))) { -+ // return false; -+ // } -+ // } - - if (hs->min_version < TLS1_3_VERSION && type != ssl_client_hello_inner) { - bool any_enabled = false; -@@ -1119,7 +1125,26 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) { +@@ -1119,7 +1121,26 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) { hs->peer_psk_identity_hint.reset(raw); } @@ -5095,7 +5023,7 @@ index 971ebd0b1..348fb93dc 100644 // Parse the server parameters. uint8_t group_type; uint16_t group_id; -@@ -1477,6 +1502,58 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) { +@@ -1477,6 +1498,58 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) { !CBB_flush(&body)) { return ssl_hs_error; } @@ -5311,7 +5239,7 @@ index 1e6da2153..2a342d768 100644 ~ssl_ctx_st(); friend OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *); diff --git a/src/ssl/ssl_cipher.cc b/src/ssl/ssl_cipher.cc -index ebb075351..44febcb50 100644 +index ebb075351..e272c4fed 100644 --- a/src/ssl/ssl_cipher.cc +++ b/src/ssl/ssl_cipher.cc @@ -175,26 +175,106 @@ static constexpr SSL_CIPHER kCiphers[] = { @@ -5567,34 +5495,7 @@ index ebb075351..44febcb50 100644 // GCM based TLS v1.2 ciphersuites from RFC 5289 // Cipher C02B -@@ -467,15 +647,17 @@ Span AllCiphers() { - return MakeConstSpan(kCiphers, OPENSSL_ARRAY_SIZE(kCiphers)); - } - --static constexpr size_t NumTLS13Ciphers() { -- size_t num = 0; -- for (const auto &cipher : kCiphers) { -- if (cipher.algorithm_mkey == SSL_kGENERIC) { -- num++; -- } -- } -- return num; --} -+// Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance. -+// Compatible with some Firefox cipher sequence order -+// static constexpr size_t NumTLS13Ciphers() { -+// size_t num = 0; -+// for (const auto &cipher : kCiphers) { -+// if (cipher.algorithm_mkey == SSL_kGENERIC) { -+// num++; -+// } -+// } -+// return num; -+// } - - #define CIPHER_ADD 1 - #define CIPHER_KILL 2 -@@ -550,6 +732,10 @@ static const CIPHER_ALIAS kCipherAliases[] = { +@@ -550,6 +730,10 @@ static const CIPHER_ALIAS kCipherAliases[] = { // MAC aliases {"SHA1", ~0u, ~0u, ~0u, SSL_SHA1, 0}, {"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0}, @@ -5605,7 +5506,7 @@ index ebb075351..44febcb50 100644 // Legacy protocol minimum version aliases. "TLSv1" is intentionally the // same as "SSLv3". -@@ -641,11 +827,19 @@ bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, +@@ -641,11 +825,19 @@ bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, } else if (cipher->algorithm_mac == SSL_SHA256) { if (cipher->algorithm_enc == SSL_AES128) { *out_aead = EVP_aead_aes_128_cbc_sha256_tls(); @@ -5625,7 +5526,7 @@ index ebb075351..44febcb50 100644 } else { return false; } -@@ -1152,13 +1346,20 @@ bool ssl_create_cipher_list(UniquePtr *out_cipher_list, +@@ -1152,13 +1344,20 @@ bool ssl_create_cipher_list(UniquePtr *out_cipher_list, TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 & 0xffff, }; static const uint16_t kLegacyCiphers[] = { @@ -5646,7 +5547,7 @@ index ebb075351..44febcb50 100644 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 & 0xffff, TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 & 0xffff, TLS1_CK_RSA_WITH_AES_128_SHA & 0xffff, -@@ -1166,12 +1367,28 @@ bool ssl_create_cipher_list(UniquePtr *out_cipher_list, +@@ -1166,6 +1365,12 @@ bool ssl_create_cipher_list(UniquePtr *out_cipher_list, TLS1_CK_RSA_WITH_AES_256_SHA & 0xffff, TLS1_CK_PSK_WITH_AES_256_CBC_SHA & 0xffff, SSL3_CK_RSA_DES_192_CBC3_SHA & 0xffff, @@ -5656,48 +5557,10 @@ index ebb075351..44febcb50 100644 + TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 & 0xffff, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 & 0xffff, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 & 0xffff, -+ }; -+ // Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance. -+ // Compatible with some Firefox cipher sequence order -+ static const uint16_t kTLS13Ciphers[] = { -+ TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff, -+ TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff, -+ TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff, }; // Set up a linked list of ciphers. -- CIPHER_ORDER co_list[OPENSSL_ARRAY_SIZE(kAESCiphers) + -- OPENSSL_ARRAY_SIZE(kChaChaCiphers) + -- OPENSSL_ARRAY_SIZE(kLegacyCiphers)]; -+ // Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance. -+ // Compatible with some Firefox cipher sequence order -+ // CIPHER_ORDER co_list[OPENSSL_ARRAY_SIZE(kAESCiphers) + -+ // OPENSSL_ARRAY_SIZE(kChaChaCiphers) + -+ // OPENSSL_ARRAY_SIZE(kLegacyCiphers)]; -+ CIPHER_ORDER co_list[OPENSSL_ARRAY_SIZE(kCiphers)]; - for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(co_list); i++) { - co_list[i].next = - i + 1 < OPENSSL_ARRAY_SIZE(co_list) ? &co_list[i + 1] : nullptr; -@@ -1207,8 +1424,17 @@ bool ssl_create_cipher_list(UniquePtr *out_cipher_list, - co_list[num++].cipher = SSL_get_cipher_by_value(id); - assert(co_list[num - 1].cipher != nullptr); - } -+ for (uint16_t id: kTLS13Ciphers) { -+ co_list[num++].cipher = SSL_get_cipher_by_value(id); -+ assert(co_list[num - 1].cipher != nullptr); -+ } - assert(num == OPENSSL_ARRAY_SIZE(co_list)); -- static_assert(OPENSSL_ARRAY_SIZE(co_list) + NumTLS13Ciphers() == -+ // Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance. -+ // Compatible with some Firefox cipher sequence order -+ // static_assert(OPENSSL_ARRAY_SIZE(co_list) + NumTLS13Ciphers() == -+ // OPENSSL_ARRAY_SIZE(kCiphers), -+ // "Not all ciphers are included in the cipher order"); -+ static_assert(OPENSSL_ARRAY_SIZE(co_list) == - OPENSSL_ARRAY_SIZE(kCiphers), - "Not all ciphers are included in the cipher order"); - -@@ -1403,6 +1629,8 @@ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher) { +@@ -1403,6 +1608,8 @@ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher) { return NID_sha1; case SSL_SHA256: return NID_sha256; @@ -5706,7 +5569,7 @@ index ebb075351..44febcb50 100644 } assert(0); return NID_undef; -@@ -1655,6 +1883,10 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, +@@ -1655,6 +1862,10 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, mac = "SHA256"; break; diff --git a/boring/src/ssl/test/ech.rs b/boring/src/ssl/test/ech.rs index 6683dc3c..d2797d42 100644 --- a/boring/src/ssl/test/ech.rs +++ b/boring/src/ssl/test/ech.rs @@ -36,7 +36,6 @@ fn bootstrap_ech(config: &[u8], key: &[u8], list: &[u8]) -> (Server, ClientSslBu } #[test] -#[ignore] fn ech() { let (_server, client) = bootstrap_ech(ECH_CONFIG, ECH_KEY, ECH_CONFIG_LIST);