Thanks for this! I should have also specified that I didn't just go ahead and enable them because I wasn't sure if they're considered safe. I like abiding by OpenBSD's crypto best practices when possible.
Is there any reason why they're disabled by default? On another note, I was skeptical about this being the cause because even OpenBSD Tor relays using only <=12% of their CPU capacity have the characteristic underperformance. Unless there's a latency issue caused by this, I feel like it's probably something else. On another note, I'm looking into system call statistics and other ways to find the problem here. I'm very new to this, so suggestions on tools and techniques are appreciated. On 12/31/2014 06:47 PM, Carlin Bingham wrote: > On Thu, 1 Jan 2015, at 11:49 AM, Libertas wrote: >> I also completely forgot to mention the below warning, which Tor >> 0.2.5.10 (the current release) gives when run on OpenBSD 5.6-stable >> amd64: >> >>> We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, >>> but with a version of OpenSSL that apparently lacks accelerated >>> support for the NIST P-224 and P-256 groups. Building openssl with >>> such support (using the enable-ec_nistp_64_gcc_128 option when >>> configuring it) would make ECDH much faster. >> >> Were the mentioned SSL features removed from LibreSSL, or have they not >> yet been introduced? Could this be the culprit? >> > > It appears the code is still there, just isn't enabled by default. Some > searching suggests that OpenSSL doesn't enable it by default either as > the config script can't automatically work out if the platform supports > it. > > As a test I edited /usr/include/openssl/opensslfeatures.h to remove the > OPENSSL_NO_EC_NISTP_64_GCC_128 define, and rebuilt libcrypto. > > > running `openssl speed ecdhp224 ecdhp256` > > without acceleration: > > op op/s > 224 bit ecdh (nistp224) 0.0003s 3113.0 > 256 bit ecdh (nistp256) 0.0004s 2779.1 > > > with acceleration: > > op op/s > 224 bit ecdh (nistp224) 0.0001s 10556.8 > 256 bit ecdh (nistp256) 0.0002s 4232.4 > > > -- > Carlin