Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #937

Closed (moved)
Open
Opened Mar 08, 2009 by coderman@coderman

Tor does not support OpenSSL dynamic hardware engines

NOTE: fix due in 0.2.2.x. branch hardware_accel_improvements at git://git.torproject.org/~coderman/git/tor.git

The existing support for crypto acceleration in Tor via the HardwareAccel 1 option is not able to load dynamic engines.

For example, padlock acceleration with Via processors. See also http://archives.seul.org/or/talk/Dec-2008/msg00314.html

To fix this the src/common/crypto.c should be extended to attempt dynamic engine loading. NOTE: I have fixed the engine name to "padlock"; robust support for this feature will require a config option like "HardwareEngineName" or such.

In crypto_global_init(): if (useAccel > 0) { ENGINE *e = NULL; log_info(LD_CRYPTO, "Initializing OpenSSL engine support."); ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); e = ENGINE_by_id ("padlock"); if (!e) { log_info(LD_CRYPTO, "Trying to load dynamic Padlock OpenSSL engine."); e = try_load_engine ("padlock"); if (!e) { log_info(LD_CRYPTO, "Unable to load Padlock OpenSSL engine."); } } if (e) { log_info(LD_CRYPTO, "Loaded Padlock OpenSSL engine, setting default ciphers."); ENGINE_set_default (e, ENGINE_METHOD_ALL); } }

Where the try_load_engine for dynamic libs is:

/* Try to load a dynamic engine library. */ static ENGINE * try_load_engine(const char *engine) { ENGINE *e = ENGINE_by_id ("dynamic"); if (e) { if (!ENGINE_ctrl_cmd_string (e, "SO_PATH", engine, 0) || !ENGINE_ctrl_cmd_string (e, "LOAD", NULL, 0)) { ENGINE_free (e); e = NULL; } } return e; }

Depending on VIA processor/stepping this results in: Mar 08 06:32:00.473 [info] crypto_global_init(): Initializing OpenSSL engine support. Mar 08 06:32:00.473 [info] crypto_global_init(): Loaded Padlock OpenSSL engine, setting default ciphers. Mar 08 06:32:00.473 [info] Using default implementation for RSA Mar 08 06:32:00.473 [info] Using default implementation for DH Mar 08 06:32:00.473 [info] Using default implementation for RAND Mar 08 06:32:00.473 [notice] Using OpenSSL engine VIA PadLock: RNG (not used) ACE2 PHE(8192) PMM [padlock] for SHA1 Mar 08 06:32:00.473 [info] Using default implementation for 3DES Mar 08 06:32:00.473 [notice] Using OpenSSL engine VIA PadLock: RNG (not used) ACE2 PHE(8192) PMM [padlock] for AES ...

[Automatically added by flyspray2trac: Operating System: All]

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
post 0.2.1.x
Milestone
post 0.2.1.x
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#937