From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 May 2025 14:45:00 +0000 (-0400)
Subject: Remove check for unaccelerated ECC
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f32649d029fd9be49d16a936adcdf3c3747893b1;p=thirdparty%2Ftor.git

Remove check for unaccelerated ECC

The "enable-ec_nistp_64_gcc_128" option does not appear to be necessary
in any of our supported versions.
---

diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 1068cc10f1..6452a03fba 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -295,40 +295,6 @@ tor_tls_init(void)
   if (!tls_library_is_initialized) {
     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
 
-#if (SIZEOF_VOID_P >= 8)
-    /* LCOV_EXCL_START : we can't test these lines on the same machine */
-    {
-      /* TODO: I'm not sure that this test is still necessary on our
-       * supported openssl/libressl versions. */
-
-      /* Warn if we could *almost* be running with much faster ECDH.
-         If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
-         don't have one of the built-in __uint128-based speedups, we are
-         just one build operation away from an accelerated handshake.
-
-         (We could be looking at OPENSSL_NO_EC_NISTP_64_GCC_128 instead of
-          doing this test, but that gives compile-time options, not runtime
-          behavior.)
-      */
-      EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-      const EC_GROUP *g = key ? EC_KEY_get0_group(key) : NULL;
-      const EC_METHOD *m = g ? EC_GROUP_method_of(g) : NULL;
-      const int warn = (m == EC_GFp_simple_method() ||
-                        m == EC_GFp_mont_method() ||
-                        m == EC_GFp_nist_method());
-      EC_KEY_free(key);
-
-      if (warn)
-        log_notice(LD_GENERAL, "We were built to run on a 64-bit CPU, with "
-                   "OpenSSL 1.0.1 or later, but with a version of OpenSSL "
-                   "that apparently lacks accelerated support for the NIST "
-                   "P-224 and P-256 groups. Building openssl with such "
-                   "support (using the enable-ec_nistp_64_gcc_128 option "
-                   "when configuring it) would make ECDH much faster.");
-    }
-    /* LCOV_EXCL_STOP */
-#endif /* (SIZEOF_VOID_P >= 8 */
-
     tor_tls_allocate_tor_tls_object_ex_data_index();
 
     tls_library_is_initialized = 1;