On Thu, 1 Jan 2015, at 11:49 AM, Libertas wrote: > I also completely forgot to mention the below warning, which Tor > 0.2.5.10 (the current release) gives when run on OpenBSD 5.6-stable > amd64: > > > We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, > > but with a version of OpenSSL that apparently lacks accelerated > > support for the NIST P-224 and P-256 groups. Building openssl with > > such support (using the enable-ec_nistp_64_gcc_128 option when > > configuring it) would make ECDH much faster. > > Were the mentioned SSL features removed from LibreSSL, or have they not > yet been introduced? Could this be the culprit? >
It appears the code is still there, just isn't enabled by default. Some searching suggests that OpenSSL doesn't enable it by default either as the config script can't automatically work out if the platform supports it. As a test I edited /usr/include/openssl/opensslfeatures.h to remove the OPENSSL_NO_EC_NISTP_64_GCC_128 define, and rebuilt libcrypto. running `openssl speed ecdhp224 ecdhp256` without acceleration: op op/s 224 bit ecdh (nistp224) 0.0003s 3113.0 256 bit ecdh (nistp256) 0.0004s 2779.1 with acceleration: op op/s 224 bit ecdh (nistp224) 0.0001s 10556.8 256 bit ecdh (nistp256) 0.0002s 4232.4 -- Carlin