Great work! A few questions:
Where does the entropy initialization occur?
It seems that according to OpenSSL wiki, you might want to seed the entropy on startup using getrandom or something, see https://wiki.openssl.org/index.php/Random_Numbers#Initialization
On OSX 10.10, using botan/cryptopp from brew, mbed from our tree, system 'openssl' ('0.9.8'), for ECDSA 13 signing, I see mbed at ~5000 usec, botan at ~2000 usec, openssl and cryptopp at ~1000
Ubuntu 14.04, digitalocean VM: mbed 7000, botan 2000, cryptopp 1000 (consistent with osx so far), openssl at 150. Wow.
After discussion on IRC, suggestion: remove ,true from the ::report call on OpenSSL, add it to all the others (although I'd like a deeper preference scheme, the performance differences between -every- pair of libs is tremendous); probably just get rid of the second commit then. I put WIP in the title for this question and for the entropy question.
add ECDSA support to DNSSEC infra via OpenSSL
change ECDSA signer priority