|
@@ -526,6 +526,38 @@ tor_tls_init(void)
|
|
|
SSLeay_version(SSLEAY_VERSION), version);
|
|
|
}
|
|
|
|
|
|
+#if (SIZEOF_VOID_P >= 8 && \
|
|
|
+ !defined(OPENSSL_NO_EC) && \
|
|
|
+ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
|
|
|
+ if (version >= OPENSSL_V_SERIES(1,0,1)) {
|
|
|
+ /* Warn if we could *almost* be running with much faster ECDH.
|
|
|
+ If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
|
|
|
+ don't have one of the built-in __uint128-based speedups, we are
|
|
|
+ just one build operation away from an accelerated handshake.
|
|
|
+
|
|
|
+ (We could be looking at OPENSSL_NO_EC_NISTP_64_GCC_128 instead of
|
|
|
+ doing this test, but that gives compile-time options, not runtime
|
|
|
+ behavior.)
|
|
|
+ */
|
|
|
+ EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
|
|
+ const EC_GROUP *g = key ? EC_KEY_get0_group(key) : NULL;
|
|
|
+ const EC_METHOD *m = g ? EC_GROUP_method_of(g) : NULL;
|
|
|
+ const int warn = (m == EC_GFp_simple_method() ||
|
|
|
+ m == EC_GFp_mont_method() ||
|
|
|
+ m == EC_GFp_nist_method());
|
|
|
+ EC_KEY_free(key);
|
|
|
+
|
|
|
+ if (warn)
|
|
|
+ log_notice(LD_GENERAL, "We were built to run on a 64-bit CPU, with "
|
|
|
+ "OpenSSL 1.0.1 or later, but with a version of OpenSSL "
|
|
|
+ "that apparently lacks accelerated support for the NIST "
|
|
|
+ "P-224 and P-256 groups. Building openssl with such "
|
|
|
+ "support (using the enable-ec_nistp_64_gcc_128 option "
|
|
|
+ "when configuring it) would make ECDH about 5-10x "
|
|
|
+ "faster.");
|
|
|
+ }
|
|
|
+#endif
|
|
|
+
|
|
|
tor_tls_allocate_tor_tls_object_ex_data_index();
|
|
|
|
|
|
tls_library_is_initialized = 1;
|