[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Inform the user if they're passing up a 10x ECDH speedup.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Inform the user if they're passing up a 10x ECDH speedup.
From: nickm@xxxxxxxxxxxxxx
Date: Wed, 26 Dec 2012 03:13:09 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Dec 2012 22:13:36 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx

commit c8b3bdb78215d4d7821d9bfa15bb8f7786403ce9
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Tue Dec 25 17:39:09 2012 -0500

    Inform the user if they're passing up a 10x ECDH speedup.
---
 src/common/tortls.c |   32 ++++++++++++++++++++++++++++++++
 1 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index bba8926..47b8f28 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -526,6 +526,38 @@ tor_tls_init(void)
                SSLeay_version(SSLEAY_VERSION), version);
     }
 
+#if (SIZEOF_VOID_P >= 8 &&                              \
+     !defined(OPENSSL_NO_EC) &&                         \
+     OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
+    if (version >= OPENSSL_V_SERIES(1,0,1)) {
+      /* Warn if we could *almost* be running with much faster ECDH.
+         If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
+         don't have one of the built-in __uint128-based speedups, we are
+         just one build operation away from an accelerated handshake.
+
+         (We could be looking at OPENSSL_NO_EC_NISTP_64_GCC_128 instead of
+          doing this test, but that gives compile-time options, not runtime
+          behavior.)
+      */
+      EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+      const EC_GROUP *g = key ? EC_KEY_get0_group(key) : NULL;
+      const EC_METHOD *m = g ? EC_GROUP_method_of(g) : NULL;
+      const int warn = (m == EC_GFp_simple_method() ||
+                        m == EC_GFp_mont_method() ||
+                        m == EC_GFp_nist_method());
+      EC_KEY_free(key);
+
+      if (warn)
+        log_notice(LD_GENERAL, "We were built to run on a 64-bit CPU, with "
+                   "OpenSSL 1.0.1 or later, but with a version of OpenSSL "
+                   "that apparently lacks accelerated support for the NIST "
+                   "P-224 and P-256 groups. Building openssl with such "
+                   "support (using the enable-ec_nistp_64_gcc_128 option "
+                   "when configuring it) would make ECDH about 5-10x "
+                   "faster.");
+    }
+#endif
+
     tor_tls_allocate_tor_tls_object_ex_data_index();
 
     tls_library_is_initialized = 1;



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Make ECDHE group configurable: 224 for public, 256 for bridges (default)
Next by Author: [tor-commits] [tor/master] Be more noncomittal about performance improvement of uint128 backend.
Previous by thread: [tor-commits] [tor/master] Make ECDHE group configurable: 224 for public, 256 for bridges (default)
Next by thread: [tor-commits] [tor/master] Be more noncomittal about performance improvement of uint128 backend.
Index(es):
- Author
- Thread