mirror of
https://github.com/golang/go
synced 2024-09-28 22:24:29 -06:00
[dev.boringcrypto] crypto/tls: restore AES-GCM priority when BoringCrypto is enabled
This patch used to be in crypto/internal/cipherhw.AESGCMSupport which was removed from the tree. It was meant and documented to affect only crypto/tls, so move the logic there. Change-Id: I36ed4f08a5fe2abaab18907910899ae0297d1611 Reviewed-on: https://go-review.googlesource.com/114816 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
parent
3d9a6ac709
commit
18db93d7e6
@ -7,6 +7,7 @@ package tls
|
|||||||
import (
|
import (
|
||||||
"container/list"
|
"container/list"
|
||||||
"crypto"
|
"crypto"
|
||||||
|
"crypto/internal/boring"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/sha512"
|
"crypto/sha512"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
@ -945,7 +946,8 @@ func initDefaultCipherSuites() {
|
|||||||
|
|
||||||
hasGCMAsm := hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
|
hasGCMAsm := hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
|
||||||
|
|
||||||
if hasGCMAsm {
|
if hasGCMAsm || boring.Enabled {
|
||||||
|
// If BoringCrypto is enabled, always prioritize AES-GCM.
|
||||||
// If AES-GCM hardware is provided then prioritise AES-GCM
|
// If AES-GCM hardware is provided then prioritise AES-GCM
|
||||||
// cipher suites.
|
// cipher suites.
|
||||||
topCipherSuites = []uint16{
|
topCipherSuites = []uint16{
|
||||||
|
Loading…
Reference in New Issue
Block a user