From 80f33b2a4b53b6e712873ba41c9f333f62edbb3b Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 13 Sep 2015 09:10:01 +0000
Subject: If we have hardware acceleration for AES, prefer AES as a symmetric
 cipher over CHACHA20. Otherwise, prefer CHACHA20 with AES second.

ok beck@ miod@
---
 src/lib/libssl/src/ssl/ssl_ciph.c | 37 ++++++++++++++++++++++++++++++-------
 src/lib/libssl/ssl_ciph.c         | 37 ++++++++++++++++++++++++++++++-------
 2 files changed, 60 insertions(+), 14 deletions(-)

diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 96b4099d19..42fdaad338 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.81 2015/02/07 04:17:11 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.82 2015/09/13 09:10:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1358,6 +1358,16 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
 	return (retval);
 }
 
+static inline int
+ssl_aes_is_accelerated(void)
+{
+#if defined(__x86_64__)
+	return ((OPENSSL_ia32cap_loc()[0] & (1UL << 57)) != 0);
+#else
+	return (0);
+#endif
+}
+
 STACK_OF(SSL_CIPHER) *
 ssl_create_cipher_list(const SSL_METHOD *ssl_method,
     STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1406,12 +1416,25 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
 
-	/*
-	 * CHACHA20 is fast and safe on all hardware and is thus our preferred
-	 * symmetric cipher, with AES second.
-	 */
-	ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+	if (ssl_aes_is_accelerated() == 1) {
+		/*
+		 * We have hardware assisted AES - prefer AES as a symmetric
+		 * cipher, with CHACHA20 second.
+		 */
+		ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
+		    CIPHER_ADD, -1, &head, &tail);
+		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0,
+		    CIPHER_ADD, -1, &head, &tail);
+	} else {
+		/*
+		 * CHACHA20 is fast and safe on all hardware and is thus our
+		 * preferred symmetric cipher, with AES second.
+		 */
+		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0,
+		    CIPHER_ADD, -1, &head, &tail);
+		ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
+		    CIPHER_ADD, -1, &head, &tail);
+	}
 
 	/* Temporarily enable everything else for sorting */
 	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 96b4099d19..42fdaad338 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.81 2015/02/07 04:17:11 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.82 2015/09/13 09:10:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1358,6 +1358,16 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
 	return (retval);
 }
 
+static inline int
+ssl_aes_is_accelerated(void)
+{
+#if defined(__x86_64__)
+	return ((OPENSSL_ia32cap_loc()[0] & (1UL << 57)) != 0);
+#else
+	return (0);
+#endif
+}
+
 STACK_OF(SSL_CIPHER) *
 ssl_create_cipher_list(const SSL_METHOD *ssl_method,
     STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1406,12 +1416,25 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
 
-	/*
-	 * CHACHA20 is fast and safe on all hardware and is thus our preferred
-	 * symmetric cipher, with AES second.
-	 */
-	ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+	if (ssl_aes_is_accelerated() == 1) {
+		/*
+		 * We have hardware assisted AES - prefer AES as a symmetric
+		 * cipher, with CHACHA20 second.
+		 */
+		ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
+		    CIPHER_ADD, -1, &head, &tail);
+		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0,
+		    CIPHER_ADD, -1, &head, &tail);
+	} else {
+		/*
+		 * CHACHA20 is fast and safe on all hardware and is thus our
+		 * preferred symmetric cipher, with AES second.
+		 */
+		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0,
+		    CIPHER_ADD, -1, &head, &tail);
+		ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
+		    CIPHER_ADD, -1, &head, &tail);
+	}
 
 	/* Temporarily enable everything else for sorting */
 	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-- 
cgit v1.2.3-55-g6feb