From 9f39a43e0d728721d5a9e2586ce47a57585591c5 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <rolandshoemaker@gmail.com>
Date: Thu, 15 Oct 2020 18:32:20 -0700
Subject: crypto/tls: de-prioritize AES-GCM ciphers when lacking hardware
 support

When either the server or client are lacking hardware support for
AES-GCM ciphers, indicated by the server lacking the relevant
instructions and by the client not putting AES-GCM ciphers at the top
of its preference list, reorder the preference list to de-prioritize
AES-GCM based ciphers when they are adjacent to other AEAD ciphers.

Also updates a number of recorded openssl TLS tests which previously
only specified TLS 1.2 cipher preferences (using -cipher), but not
TLS 1.3 cipher preferences (using -ciphersuites), to specify both
preferences, making these tests more predictable.

Fixes #41181.

Change-Id: Ied896c96c095481e755aaff9ff0746fb4cb9568e
Reviewed-on: https://go-review.googlesource.com/c/go/+/262857
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
---
 .../testdata/Server-TLSv12-IssueTicketPreDisable   | 66 +++++++++++-----------
 1 file changed, 33 insertions(+), 33 deletions(-)

(limited to 'src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable')

diff --git a/src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable b/src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
index c50fbcedf7..8cb57f5e95 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
+++ b/src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 71 01 00 00  6d 03 03 98 eb fe 13 a7  |....q...m.......|
-00000010  81 d8 8b 0b c6 78 c3 44  ce f7 7b 63 d1 7c 61 4d  |.....x.D..{c.|aM|
-00000020  be fe 52 5f c0 24 88 c2  85 d1 40 00 00 04 00 2f  |..R_.$....@..../|
+00000000  16 03 01 00 71 01 00 00  6d 03 03 e1 40 35 c8 5c  |....q...m...@5.\|
+00000010  71 63 3f 5a 00 42 e6 3e  64 62 b8 c4 e7 e7 ba 98  |qc?Z.B.>db......|
+00000020  d8 fa 2c b5 65 f7 50 db  43 d9 70 00 00 04 00 2f  |..,.e.P.C.p..../|
 00000030  00 ff 01 00 00 40 00 23  00 00 00 16 00 00 00 17  |.....@.#........|
 00000040  00 00 00 0d 00 30 00 2e  04 03 05 03 06 03 08 07  |.....0..........|
 00000050  08 08 08 09 08 0a 08 0b  08 04 08 05 08 06 04 01  |................|
@@ -52,40 +52,40 @@
 00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 04 0e 00 00  |.\!.;...........|
 000002a0  00                                                |.|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 11 4c a1 a0 ba  |............L...|
-00000010  12 83 63 98 3c 1a 5d df  a2 01 b6 6c 05 ec a1 1e  |..c.<.]....l....|
-00000020  dc a5 6b b9 97 c3 76 51  06 45 4b 74 9e 1b 61 0f  |..k...vQ.EKt..a.|
-00000030  9e d3 c7 db 7f d3 ee 23  1a 32 66 0f 2f 2c d3 52  |.......#.2f./,.R|
-00000040  e0 ec cc 31 71 d4 e6 2b  b6 95 78 0b eb c9 70 b1  |...1q..+..x...p.|
-00000050  77 09 6f 8d 6d 8d 1b d7  b2 38 96 d3 f0 a2 94 37  |w.o.m....8.....7|
-00000060  14 ed d8 d6 b5 1e bc 71  b2 35 68 76 5b 10 dc 8f  |.......q.5hv[...|
-00000070  de 9d 1d b5 59 d0 f1 04  70 9b 74 a9 af 7f b6 6b  |....Y...p.t....k|
-00000080  de 29 5a fd 8f 95 cd 2c  d6 b9 18 14 03 03 00 01  |.)Z....,........|
-00000090  01 16 03 03 00 40 02 70  cb 83 3c 42 32 58 9f 05  |.....@.p..<B2X..|
-000000a0  36 b7 3b 47 1d 58 ec cf  3f 2a ae 23 ac e6 d0 4c  |6.;G.X..?*.#...L|
-000000b0  91 53 0f e8 7c c9 19 a9  e9 1c 6d fc 21 bd a0 51  |.S..|.....m.!..Q|
-000000c0  0a b2 f5 9d 34 22 30 24  bc fe 44 e0 b2 23 51 9d  |....4"0$..D..#Q.|
-000000d0  c5 a8 d4 60 a3 bd                                 |...`..|
+00000000  16 03 03 00 86 10 00 00  82 00 80 4f ce 06 88 66  |...........O...f|
+00000010  dd e1 0a 55 ef fb 1b 9e  70 62 8b 3b 0d e4 19 0f  |...U....pb.;....|
+00000020  4f 16 c9 79 92 9c 4d 16  21 ea 43 d7 58 7f 35 65  |O..y..M.!.C.X.5e|
+00000030  a3 15 7a 8d b5 6e 9b f6  73 19 c2 0c 58 be 9d 8a  |..z..n..s...X...|
+00000040  5a a8 be f3 89 48 64 28  6a 7f be b7 4a 58 93 af  |Z....Hd(j...JX..|
+00000050  c0 ff 8a ae 01 34 1f cf  7b b0 7a 5e 69 19 43 fa  |.....4..{.z^i.C.|
+00000060  21 b8 dc ee 0e ab 3b 81  c9 b9 be b9 56 a0 dd 62  |!.....;.....V..b|
+00000070  02 45 14 54 4d 05 5a cc  31 68 1f 17 91 a6 0e d7  |.E.TM.Z.1h......|
+00000080  5a f3 ae bb 5e 90 1d c3  c9 56 2a 14 03 03 00 01  |Z...^....V*.....|
+00000090  01 16 03 03 00 40 a1 34  07 ef 45 42 d2 88 bb 6e  |.....@.4..EB...n|
+000000a0  7f 3a 2a 39 67 3f 90 76  95 b7 cc 86 b6 1a 6c c6  |.:*9g?.v......l.|
+000000b0  da 8f 26 f3 34 6c 1f 6f  05 11 39 40 00 46 00 be  |..&.4l.o..9@.F..|
+000000c0  8f 3a af 86 d6 6d 5d 00  f3 5d 22 1c 31 2c 24 ee  |.:...m]..]".1,$.|
+000000d0  e5 11 ba 94 5f b1                                 |...._.|
 >>> Flow 4 (server to client)
 00000000  16 03 03 00 8b 04 00 00  87 00 00 00 00 00 81 50  |...............P|
 00000010  46 ad c1 db a8 38 86 7b  2b bb fd d0 c3 42 3e 00  |F....8.{+....B>.|
 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000030  6f 2c 9f 83 51 ed 14 ef  68 ca 42 c5 4c 3e 73 fe  |o,..Q...h.B.L>s.|
-00000040  72 ef 06 25 96 ef 3d 89  51 22 e3 10 57 02 e5 69  |r..%..=.Q"..W..i|
-00000050  aa d0 6d ad 66 b3 4c 07  fc ba a4 1e 3a ad a2 3b  |..m.f.L.....:..;|
-00000060  40 f7 7d 9a 11 8e a0 9e  54 c5 7c 53 7d 49 38 16  |@.}.....T.|S}I8.|
-00000070  43 a6 1b 37 8e aa 02 78  25 9b 06 54 13 54 de 6a  |C..7...x%..T.T.j|
-00000080  ae 62 72 97 47 1d f8 0a  32 c3 86 93 0e 64 cc 04  |.br.G...2....d..|
+00000030  6f 2c 9f 83 51 ed 14 ef  68 ca 42 c5 4c 20 33 6c  |o,..Q...h.B.L 3l|
+00000040  01 97 a5 69 44 bf 8f ea  db 83 05 fb ef cc 51 1f  |...iD.........Q.|
+00000050  0b 4d 44 77 89 11 cf c8  38 16 67 ea a2 3e 8b 2a  |.MDw....8.g..>.*|
+00000060  18 f2 f7 25 ce e0 d8 4c  93 31 b0 59 23 49 38 16  |...%...L.1.Y#I8.|
+00000070  3a f9 63 9e 61 21 1b ab  67 09 6a 23 07 8e d0 4a  |:.c.a!..g.j#...J|
+00000080  19 78 9c 1e 60 40 a7 83  c5 9a 48 41 35 c4 e9 63  |.x..`@....HA5..c|
 00000090  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-000000a0  00 00 00 00 00 00 00 00  00 00 00 ac 24 92 7d 6c  |............$.}l|
-000000b0  d5 fe a8 a7 b7 45 fe 58  f6 13 02 ed de c8 ba 44  |.....E.X.......D|
-000000c0  18 59 1e f9 06 82 2f 42  22 62 5a 82 4d 70 9a c3  |.Y..../B"bZ.Mp..|
-000000d0  41 55 b0 66 ae e2 b1 1d  d9 38 0a 17 03 03 00 40  |AU.f.....8.....@|
+000000a0  00 00 00 00 00 00 00 00  00 00 00 b8 46 07 9e 14  |............F...|
+000000b0  85 ba 6d e0 f1 f5 99 43  80 9a 54 6b 33 1e 4f c1  |..m....C..Tk3.O.|
+000000c0  88 b7 3d 60 04 d4 e9 b0  b2 6d c4 1a ca 3b 9f 83  |..=`.....m...;..|
+000000d0  28 5f ea b2 54 e4 11 78  69 de 1a 17 03 03 00 40  |(_..T..xi......@|
 000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-000000f0  bd 16 9e 9c f2 9b 0d f8  f1 42 ba f3 38 64 69 ac  |.........B..8di.|
-00000100  4a c9 25 d7 03 0b ec 8f  53 14 26 68 da b7 43 34  |J.%.....S.&h..C4|
-00000110  18 cd 66 dc 36 5e f5 16  ca 18 78 37 89 8a d5 9d  |..f.6^....x7....|
+000000f0  55 34 ad ae 9b 37 df cd  88 ae fc 6a ac c5 cf 16  |U4...7.....j....|
+00000100  ec f1 bc 22 1e d2 c1 52  5e a2 e7 d2 6e 37 7a 29  |..."...R^...n7z)|
+00000110  c8 b9 d4 7d 81 63 1a f0  53 d9 10 fd 4f 3d 1c dd  |...}.c..S...O=..|
 00000120  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000130  00 00 00 00 00 64 f9 5c  df db 60 b7 22 15 77 29  |.....d.\..`.".w)|
-00000140  33 6f 93 22 81 c4 e5 71  af 27 60 e5 76 5f a6 f6  |3o."...q.'`.v_..|
-00000150  e0 73 87 9f ed                                    |.s...|
+00000130  00 00 00 00 00 8f f2 11  0d 93 99 83 29 d4 10 a4  |............)...|
+00000140  7c bb 26 7b 24 f1 15 3a  9b 81 0e cb 0a 51 4b 39  ||.&{$..:.....QK9|
+00000150  69 1d e5 38 5e                                    |i..8^|
-- 
cgit v1.3