0x676e67 · 0x676e67 · Jun 17, 2025 · Jun 17, 2025 · Jun 17, 2025 · Jun 17, 2025
diff --git a/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch b/boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch
@@ -4983,7 +4983,7 @@ index 6e5cc2da1..b1b31f3a7 100644
          ticket_age_skew < std::numeric_limits<int32_t>::min()) {
        return false;
 diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc
-index 971ebd0b1..348fb93dc 100644
+index 971ebd0b1..27a8abfae 100644
 --- a/src/ssl/handshake_client.cc
 +++ b/src/ssl/handshake_client.cc
 @@ -158,6 +158,8 @@
@@ -4995,79 +4995,7 @@ index 971ebd0b1..348fb93dc 100644
  #include <openssl/ec_key.h>
  #include <openssl/ecdsa.h>
  #include <openssl/err.h>
-@@ -215,13 +217,15 @@ static void ssl_get_client_disabled(const SSL_HANDSHAKE *hs,
-   }
- }
-
--static bool ssl_add_tls13_cipher(CBB *cbb, uint16_t cipher_id,
--                                 ssl_compliance_policy_t policy) {
--  if (ssl_tls13_cipher_meets_policy(cipher_id, policy)) {
--    return CBB_add_u16(cbb, cipher_id);
--  }
--  return true;
--}
-+// Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance.
-+// Compatible with some Firefox cipher sequence order
-+// static bool ssl_add_tls13_cipher(CBB *cbb, uint16_t cipher_id,
-+//                                  ssl_compliance_policy_t policy) {
-+//   if (ssl_tls13_cipher_meets_policy(cipher_id, policy)) {
-+//     return CBB_add_u16(cbb, cipher_id);
-+//   }
-+//   return true;
-+// }
-
- static bool ssl_write_client_cipher_list(const SSL_HANDSHAKE *hs, CBB *out,
-                                          ssl_client_hello_type_t type) {
-@@ -242,26 +246,28 @@ static bool ssl_write_client_cipher_list(const SSL_HANDSHAKE *hs, CBB *out,
-
-   // Add TLS 1.3 ciphers. Order ChaCha20-Poly1305 relative to AES-GCM based on
-   // hardware support.
--  if (hs->max_version >= TLS1_3_VERSION) {
--    const bool has_aes_hw = ssl->config->aes_hw_override
--                                ? ssl->config->aes_hw_override_value
--                                : EVP_has_aes_hardware();
--
--    if ((!has_aes_hw &&  //
--         !ssl_add_tls13_cipher(&child,
--                               TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff,
--                               ssl->config->tls13_cipher_policy)) ||
--        !ssl_add_tls13_cipher(&child, TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff,
--                              ssl->config->tls13_cipher_policy) ||
--        !ssl_add_tls13_cipher(&child, TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff,
--                              ssl->config->tls13_cipher_policy) ||
--        (has_aes_hw &&  //
--         !ssl_add_tls13_cipher(&child,
--                               TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff,
--                               ssl->config->tls13_cipher_policy))) {
--      return false;
--    }
--  }
-+  // Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance.
-+  // Compatible with some Firefox cipher sequence order
-+  // if (hs->max_version >= TLS1_3_VERSION) {
-+  //   const bool has_aes_hw = ssl->config->aes_hw_override
-+  //                               ? ssl->config->aes_hw_override_value
-+  //                               : EVP_has_aes_hardware();
-+
-+  //   if ((!has_aes_hw &&  //
-+  //        !ssl_add_tls13_cipher(&child,
-+  //                              TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff,
-+  //                              ssl->config->tls13_cipher_policy)) ||
-+  //       !ssl_add_tls13_cipher(&child, TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff,
-+  //                             ssl->config->tls13_cipher_policy) ||
-+  //       !ssl_add_tls13_cipher(&child, TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff,
-+  //                             ssl->config->tls13_cipher_policy) ||
-+  //       (has_aes_hw &&  //
-+  //        !ssl_add_tls13_cipher(&child,
-+  //                              TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff,
-+  //                              ssl->config->tls13_cipher_policy))) {
-+  //     return false;
-+  //   }
-+  // }
-
-   if (hs->min_version < TLS1_3_VERSION && type != ssl_client_hello_inner) {
-     bool any_enabled = false;
-@@ -1119,7 +1125,26 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
+@@ -1119,7 +1121,26 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
      hs->peer_psk_identity_hint.reset(raw);
    }
 
@@ -5095,7 +5023,7 @@ index 971ebd0b1..348fb93dc 100644
      // Parse the server parameters.
      uint8_t group_type;
      uint16_t group_id;
-@@ -1477,6 +1502,58 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
+@@ -1477,6 +1498,58 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
          !CBB_flush(&body)) {
        return ssl_hs_error;
      }
@@ -5311,7 +5239,7 @@ index 1e6da2153..2a342d768 100644
    ~ssl_ctx_st();
    friend OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *);
 diff --git a/src/ssl/ssl_cipher.cc b/src/ssl/ssl_cipher.cc
-index ebb075351..44febcb50 100644
+index ebb075351..e272c4fed 100644
 --- a/src/ssl/ssl_cipher.cc
 +++ b/src/ssl/ssl_cipher.cc
 @@ -175,26 +175,106 @@ static constexpr SSL_CIPHER kCiphers[] = {
@@ -5567,34 +5495,7 @@ index ebb075351..44febcb50 100644
      // GCM based TLS v1.2 ciphersuites from RFC 5289
 
      // Cipher C02B
-@@ -467,15 +647,17 @@ Span<const SSL_CIPHER> AllCiphers() {
-   return MakeConstSpan(kCiphers, OPENSSL_ARRAY_SIZE(kCiphers));
- }
-
--static constexpr size_t NumTLS13Ciphers() {
--  size_t num = 0;
--  for (const auto &cipher : kCiphers) {
--    if (cipher.algorithm_mkey == SSL_kGENERIC) {
--      num++;
--    }
--  }
--  return num;
--}
-+// Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance.
-+// Compatible with some Firefox cipher sequence order
-+// static constexpr size_t NumTLS13Ciphers() {
-+//   size_t num = 0;
-+//   for (const auto &cipher : kCiphers) {
-+//     if (cipher.algorithm_mkey == SSL_kGENERIC) {
-+//       num++;
-+//     }
-+//   }
-+//   return num;
-+// }
-
- #define CIPHER_ADD 1
- #define CIPHER_KILL 2
-@@ -550,6 +732,10 @@ static const CIPHER_ALIAS kCipherAliases[] = {
+@@ -550,6 +730,10 @@ static const CIPHER_ALIAS kCipherAliases[] = {
      // MAC aliases
      {"SHA1", ~0u, ~0u, ~0u, SSL_SHA1, 0},
      {"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0},
@@ -5605,7 +5506,7 @@ index ebb075351..44febcb50 100644
 
      // Legacy protocol minimum version aliases. "TLSv1" is intentionally the
      // same as "SSLv3".
-@@ -641,11 +827,19 @@ bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
+@@ -641,11 +825,19 @@ bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
    } else if (cipher->algorithm_mac == SSL_SHA256) {
      if (cipher->algorithm_enc == SSL_AES128) {
        *out_aead = EVP_aead_aes_128_cbc_sha256_tls();
@@ -5625,7 +5526,7 @@ index ebb075351..44febcb50 100644
    } else {
      return false;
    }
-@@ -1152,13 +1346,20 @@ bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
+@@ -1152,13 +1344,20 @@ bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
        TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 & 0xffff,
    };
    static const uint16_t kLegacyCiphers[] = {
@@ -5646,7 +5547,7 @@ index ebb075351..44febcb50 100644
        TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 & 0xffff,
        TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 & 0xffff,
        TLS1_CK_RSA_WITH_AES_128_SHA & 0xffff,
-@@ -1166,12 +1367,28 @@ bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
+@@ -1166,6 +1365,12 @@ bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
        TLS1_CK_RSA_WITH_AES_256_SHA & 0xffff,
        TLS1_CK_PSK_WITH_AES_256_CBC_SHA & 0xffff,
        SSL3_CK_RSA_DES_192_CBC3_SHA & 0xffff,
@@ -5656,48 +5557,10 @@ index ebb075351..44febcb50 100644
 +      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 & 0xffff,
 +      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 & 0xffff,
 +      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 & 0xffff,
-+  };
-+  // Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance.
-+  // Compatible with some Firefox cipher sequence order
-+  static const uint16_t kTLS13Ciphers[] = {
-+      TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff,
-+      TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff,
-+      TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff,
    };
 
    // Set up a linked list of ciphers.
--  CIPHER_ORDER co_list[OPENSSL_ARRAY_SIZE(kAESCiphers) +
--                       OPENSSL_ARRAY_SIZE(kChaChaCiphers) +
--                       OPENSSL_ARRAY_SIZE(kLegacyCiphers)];
-+  // Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance.
-+  // Compatible with some Firefox cipher sequence order
-+  // CIPHER_ORDER co_list[OPENSSL_ARRAY_SIZE(kAESCiphers) +
-+  //                      OPENSSL_ARRAY_SIZE(kChaChaCiphers) +
-+  //                      OPENSSL_ARRAY_SIZE(kLegacyCiphers)];
-+  CIPHER_ORDER co_list[OPENSSL_ARRAY_SIZE(kCiphers)];
-   for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(co_list); i++) {
-     co_list[i].next =
-         i + 1 < OPENSSL_ARRAY_SIZE(co_list) ? &co_list[i + 1] : nullptr;
-@@ -1207,8 +1424,17 @@ bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
-     co_list[num++].cipher = SSL_get_cipher_by_value(id);
-     assert(co_list[num - 1].cipher != nullptr);
-   }
-+  for (uint16_t id: kTLS13Ciphers) {
-+    co_list[num++].cipher = SSL_get_cipher_by_value(id);
-+    assert(co_list[num - 1].cipher != nullptr);
-+  }
-   assert(num == OPENSSL_ARRAY_SIZE(co_list));
--  static_assert(OPENSSL_ARRAY_SIZE(co_list) + NumTLS13Ciphers() ==
-+  // Comment this part of the code to cancel the device AES encryption cipher sequence priority, which may affect performance.
-+  // Compatible with some Firefox cipher sequence order
-+  // static_assert(OPENSSL_ARRAY_SIZE(co_list) + NumTLS13Ciphers() ==
-+  //                   OPENSSL_ARRAY_SIZE(kCiphers),
-+  //               "Not all ciphers are included in the cipher order");
-+  static_assert(OPENSSL_ARRAY_SIZE(co_list) ==
-                     OPENSSL_ARRAY_SIZE(kCiphers),
-                 "Not all ciphers are included in the cipher order");
-
-@@ -1403,6 +1629,8 @@ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher) {
+@@ -1403,6 +1608,8 @@ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher) {
        return NID_sha1;
      case SSL_SHA256:
        return NID_sha256;
@@ -5706,7 +5569,7 @@ index ebb075351..44febcb50 100644
    }
    assert(0);
    return NID_undef;
-@@ -1655,6 +1883,10 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf,
+@@ -1655,6 +1862,10 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf,
        mac = "SHA256";
        break;
 

diff --git a/boring/src/ssl/test/ech.rs b/boring/src/ssl/test/ech.rs
@@ -36,7 +36,6 @@ fn bootstrap_ech(config: &[u8], key: &[u8], list: &[u8]) -> (Server, ClientSslBu
 }
 
 #[test]
-#[ignore]
 fn ech() {
     let (_server, client) = bootstrap_ech(ECH_CONFIG, ECH_KEY, ECH_CONFIG_LIST);
-Original file line number
+Diff line change
@@ Expand Up @@
     }
     #[test]
-    #[ignore]
     fn ech() {
         let (_server, client) = bootstrap_ech(ECH_CONFIG, ECH_KEY, ECH_CONFIG_LIST);
@@ Expand Down @@