From: Filippo Valsorda <hi@filippo.io>
Date: Fri, 25 May 2018 22:20:36 +0000 (-0400)
Subject: [dev.boringcrypto] crypto/tls: restore AES-GCM priority when BoringCrypto is enabled
X-Git-Tag: go1.19beta1~484^2~145
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=18db93d7e6;p=gostls13.git

[dev.boringcrypto] crypto/tls: restore AES-GCM priority when BoringCrypto is enabled

This patch used to be in crypto/internal/cipherhw.AESGCMSupport which
was removed from the tree. It was meant and documented to affect only
crypto/tls, so move the logic there.

Change-Id: I36ed4f08a5fe2abaab18907910899ae0297d1611
Reviewed-on: https://go-review.googlesource.com/114816
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
---

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index c47c432f01..897a8e09bc 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -7,6 +7,7 @@ package tls
 import (
 	"container/list"
 	"crypto"
+	"crypto/internal/boring"
 	"crypto/rand"
 	"crypto/sha512"
 	"crypto/x509"
@@ -945,7 +946,8 @@ func initDefaultCipherSuites() {
 
 	hasGCMAsm := hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
 
-	if hasGCMAsm {
+	if hasGCMAsm || boring.Enabled {
+		// If BoringCrypto is enabled, always prioritize AES-GCM.
 		// If AES-GCM hardware is provided then prioritise AES-GCM
 		// cipher suites.
 		topCipherSuites = []uint16{