1 files changed, 25 insertions, 10 deletions

diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
index d6bf9e439b..050a321e7f 100644
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -1688,6 +1688,7 @@ func TestAESCipherReordering(t *testing.T) {
 		preferServerCipherSuites bool
 		serverCiphers            []uint16
 		expectedCipher           uint16
+		boringExpectedCipher     uint16 // If non-zero, used when BoringCrypto is enabled.
 	}{
 		{
 			name: "server has hardware AES, client doesn't (pick ChaCha)",
@@ -1723,8 +1724,9 @@ func TestAESCipherReordering(t *testing.T) {
 				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
 			},
-			serverHasAESGCM: false,
-			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			serverHasAESGCM:      false,
+			expectedCipher:       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			boringExpectedCipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // When BoringCrypto is enabled, AES-GCM is prioritized even without server hardware.
 		},
 		{
 			name: "client prefers AES-GCM, server has hardware AES (pick AES-GCM)",
@@ -1775,8 +1777,9 @@ func TestAESCipherReordering(t *testing.T) {
 				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
 			},
-			serverHasAESGCM: false,
-			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			serverHasAESGCM:      false,
+			expectedCipher:       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			boringExpectedCipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // When BoringCrypto is enabled, AES-GCM is prioritized even without server hardware.
 		},
 		{
 			name: "client supports multiple AES-GCM, server doesn't have hardware AES and doesn't support ChaCha (pick corrent AES-GCM)",
@@ -1820,8 +1823,12 @@ func TestAESCipherReordering(t *testing.T) {
 				t.Errorf("pickCipherSuite failed: %s", err)
 			}
 
-			if tc.expectedCipher != hs.suite.id {
-				t.Errorf("unexpected cipher chosen: want %d, got %d", tc.expectedCipher, hs.suite.id)
+			want := tc.expectedCipher
+			if boringEnabled && tc.boringExpectedCipher != 0 {
+				want = tc.boringExpectedCipher
+			}
+			if want != hs.suite.id {
+				t.Errorf("unexpected cipher chosen: want %d, got %d", want, hs.suite.id)
 			}
 		})
 	}
@@ -1837,6 +1844,7 @@ func TestAESCipherReordering13(t *testing.T) {
 		serverHasAESGCM          bool
 		preferServerCipherSuites bool
 		expectedCipher           uint16
+		boringExpectedCipher     uint16 // If non-zero, used when BoringCrypto is enabled.
 	}{
 		{
 			name: "server has hardware AES, client doesn't (pick ChaCha)",
@@ -1867,6 +1875,7 @@ func TestAESCipherReordering13(t *testing.T) {
 			serverHasAESGCM:          false,
 			preferServerCipherSuites: true,
 			expectedCipher:           TLS_CHACHA20_POLY1305_SHA256,
+			boringExpectedCipher:     TLS_AES_128_GCM_SHA256, // When BoringCrypto is enabled, AES-GCM is prioritized even without server hardware.
 		},
 		{
 			name: "client prefers AES and sends GREASE, server doesn't have hardware, prefer server ciphers (pick ChaCha)",
@@ -1878,6 +1887,7 @@ func TestAESCipherReordering13(t *testing.T) {
 			serverHasAESGCM:          false,
 			preferServerCipherSuites: true,
 			expectedCipher:           TLS_CHACHA20_POLY1305_SHA256,
+			boringExpectedCipher:     TLS_AES_128_GCM_SHA256, // When BoringCrypto is enabled, AES-GCM is prioritized even without server hardware.
 		},
 		{
 			name: "client prefers AES, server doesn't (pick ChaCha)",
@@ -1885,8 +1895,9 @@ func TestAESCipherReordering13(t *testing.T) {
 				TLS_AES_128_GCM_SHA256,
 				TLS_CHACHA20_POLY1305_SHA256,
 			},
-			serverHasAESGCM: false,
-			expectedCipher:  TLS_CHACHA20_POLY1305_SHA256,
+			serverHasAESGCM:      false,
+			expectedCipher:       TLS_CHACHA20_POLY1305_SHA256,
+			boringExpectedCipher: TLS_AES_128_GCM_SHA256, // When BoringCrypto is enabled, AES-GCM is prioritized even without server hardware.
 		},
 		{
 			name: "client prefers AES, server has hardware AES (pick AES)",
@@ -1933,8 +1944,12 @@ func TestAESCipherReordering13(t *testing.T) {
 				t.Errorf("pickCipherSuite failed: %s", err)
 			}
 
-			if tc.expectedCipher != hs.suite.id {
-				t.Errorf("unexpected cipher chosen: want %d, got %d", tc.expectedCipher, hs.suite.id)
+			want := tc.expectedCipher
+			if boringEnabled && tc.boringExpectedCipher != 0 {
+				want = tc.boringExpectedCipher
+			}
+			if want != hs.suite.id {
+				t.Errorf("unexpected cipher chosen: want %d, got %d", want, hs.suite.id)
 			}
 		})
 	}