bogo: re-enable ECH bogo for aws-lc-rs

This requires taking a patch on an unreleased aws-lc-rs fix that
increases a `MAX_HKDF_INFO_LEN` constant beyond 80 bytes. In
practice when computing ECH confirmation the info fed through the HKDF
interface can be larger than 80 bytes and without this change the
operation fails with an output length error.

Cargo.toml

@@ -31,3 +31,6 @@ lto = "yes"
 # TODO(XXX): Remove this once 0.25 is released - we want the ECH fixes from
 #            https://github.com/hickory-dns/hickory-dns/pull/2183
 hickory-resolver = { git = "https://github.com/hickory-dns/hickory-dns", rev = "6334a01430088ead8642cafaee592ec7bf49831f" }
+
+# TODO(XXX): Remove this once upstream HKDF info size limit increased.
+aws-lc-rs = { path = "../aws-lc-rs/aws-lc-rs" }

bogo/config.json.in

@@ -32,7 +32,6 @@
     "CertCompression*": "not implemented",
     "DuplicateCertCompressionExt*": "",
     "TLS-ECH-Server*": "ECH server support NYI",
-#ifdef RING
     "TLS-ECH-Client-ExpectECHOuterExtensions": "ECH extension compression NYI",
     "TLS-ECH-Client-CompressSupportedVersions": "ECH extension compression NYI",
     "TLS-ECH-Client-SelectECHConfig": "TODO(XXX): re-enable after upstream bogo fix",
@@ -53,9 +52,6 @@
     "TLS-ECH-GREASE-Client-TLS13-HelloRetryRequest": "TODO(XXX): fix this test",
     "TLS-ECH-Client-GREASE-IgnoreHRRExtension": "TODO(XXX): fix this test",
 #endif /* 1 */
-#else
-    "TLS-ECH-*": "TODO(XXXX): figure this out...",
-#endif /* ring */
     "ALPS-*": "",
     "*Kyber*": "",
     "ExtraClientEncryptedExtension-*": "we don't implement ALPS",

bogo/runme

@@ -5,7 +5,7 @@
 
 set -xe
 
-case ${BOGO_SHIM_PROVIDER:-ring} in
+case ${BOGO_SHIM_PROVIDER:-aws-lc-rs} in
   ring)
       cargo build -p rustls@0.23.5 --example bogo_shim --no-default-features --features ring,tls12,logging,std
       cpp -P -DRING config.json.in -oconfig.json