[Tor-BSD] Recognizing Randomness Exhaustion

Libertas libertas at mykolab.com
Wed Dec 31 19:42:03 EST 2014 

Thanks for this!

I should have also specified that I didn't just go ahead and enable them
because I wasn't sure if they're considered safe. I like abiding by
OpenBSD's crypto best practices when possible.

Is there any reason why they're disabled by default?

On another note, I was skeptical about this being the cause because even
OpenBSD Tor relays using only <=12% of their CPU capacity have the
characteristic underperformance. Unless there's a latency issue caused
by this, I feel like it's probably something else.

On another note, I'm looking into system call statistics and other ways
to find the problem here. I'm very new to this, so suggestions on tools
and techniques are appreciated.

On 12/31/2014 06:47 PM, Carlin Bingham wrote:
> On Thu, 1 Jan 2015, at 11:49 AM, Libertas wrote:
>> I also completely forgot to mention the below warning, which Tor
>> 0.2.5.10 (the current release) gives when run on OpenBSD 5.6-stable
>> amd64:
>>
>>> We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later,
>>> but with a version of OpenSSL that apparently lacks accelerated
>>> support for the NIST P-224 and P-256 groups. Building openssl with
>>> such support (using the enable-ec_nistp_64_gcc_128 option when
>>> configuring it) would make ECDH much faster.
>>
>> Were the mentioned SSL features removed from LibreSSL, or have they not
>> yet been introduced? Could this be the culprit?
>>
> 
> It appears the code is still there, just isn't enabled by default. Some
> searching suggests that OpenSSL doesn't enable it by default either as
> the config script can't automatically work out if the platform supports
> it.
> 
> As a test I edited /usr/include/openssl/opensslfeatures.h to remove the
> OPENSSL_NO_EC_NISTP_64_GCC_128 define, and rebuilt libcrypto.
> 
> 
> running `openssl speed ecdhp224 ecdhp256`
> 
> without acceleration:
> 
>                               op      op/s
>  224 bit ecdh (nistp224)   0.0003s   3113.0
>  256 bit ecdh (nistp256)   0.0004s   2779.1
> 
> 
> with acceleration:
> 
>                               op      op/s
>  224 bit ecdh (nistp224)   0.0001s  10556.8
>  256 bit ecdh (nistp256)   0.0002s   4232.4
> 
> 
> --
> Carlin
>

More information about the Tor-BSD mailing list