[Tor-BSD] Recognizing Randomness Exhaustion

[Carlin Bingham]

On Thu, 1 Jan 2015, at 11:49 AM, Libertas wrote:
> I also completely forgot to mention the below warning, which Tor
> 0.2.5.10 (the current release) gives when run on OpenBSD 5.6-stable
> amd64:
> 
> > We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later,
> > but with a version of OpenSSL that apparently lacks accelerated
> > support for the NIST P-224 and P-256 groups. Building openssl with
> > such support (using the enable-ec_nistp_64_gcc_128 option when
> > configuring it) would make ECDH much faster.
> 
> Were the mentioned SSL features removed from LibreSSL, or have they not
> yet been introduced? Could this be the culprit?
> 

It appears the code is still there, just isn't enabled by default. Some
searching suggests that OpenSSL doesn't enable it by default either as
the config script can't automatically work out if the platform supports
it.

As a test I edited /usr/include/openssl/opensslfeatures.h to remove the
OPENSSL_NO_EC_NISTP_64_GCC_128 define, and rebuilt libcrypto.


running `openssl speed ecdhp224 ecdhp256`

without acceleration:

                              op      op/s
 224 bit ecdh (nistp224)   0.0003s   3113.0
 256 bit ecdh (nistp256)   0.0004s   2779.1


with acceleration:

                              op      op/s
 224 bit ecdh (nistp224)   0.0001s  10556.8
 256 bit ecdh (nistp256)   0.0002s   4232.4


--
Carlin