Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #937
Closed (moved) (moved)
Open
Created Mar 08, 2009 by coderman@coderman

Tor does not support OpenSSL dynamic hardware engines

NOTE: fix due in 0.2.2.x. branch hardware_accel_improvements at git://git.torproject.org/~coderman/git/tor.git

The existing support for crypto acceleration in Tor via the HardwareAccel 1 option is not able to load dynamic engines.

For example, padlock acceleration with Via processors. See also http://archives.seul.org/or/talk/Dec-2008/msg00314.html

To fix this the src/common/crypto.c should be extended to attempt dynamic engine loading. NOTE: I have fixed the engine name to "padlock"; robust support for this feature will require a config option like "HardwareEngineName" or such.

In crypto_global_init(): if (useAccel > 0) { ENGINE *e = NULL; log_info(LD_CRYPTO, "Initializing OpenSSL engine support."); ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); e = ENGINE_by_id ("padlock"); if (!e) { log_info(LD_CRYPTO, "Trying to load dynamic Padlock OpenSSL engine."); e = try_load_engine ("padlock"); if (!e) { log_info(LD_CRYPTO, "Unable to load Padlock OpenSSL engine."); } } if (e) { log_info(LD_CRYPTO, "Loaded Padlock OpenSSL engine, setting default ciphers."); ENGINE_set_default (e, ENGINE_METHOD_ALL); } }

Where the try_load_engine for dynamic libs is:

/* Try to load a dynamic engine library. */ static ENGINE * try_load_engine(const char *engine) { ENGINE *e = ENGINE_by_id ("dynamic"); if (e) { if (!ENGINE_ctrl_cmd_string (e, "SO_PATH", engine, 0) || !ENGINE_ctrl_cmd_string (e, "LOAD", NULL, 0)) { ENGINE_free (e); e = NULL; } } return e; }

Depending on VIA processor/stepping this results in: Mar 08 06:32:00.473 [info] crypto_global_init(): Initializing OpenSSL engine support. Mar 08 06:32:00.473 [info] crypto_global_init(): Loaded Padlock OpenSSL engine, setting default ciphers. Mar 08 06:32:00.473 [info] Using default implementation for RSA Mar 08 06:32:00.473 [info] Using default implementation for DH Mar 08 06:32:00.473 [info] Using default implementation for RAND Mar 08 06:32:00.473 [notice] Using OpenSSL engine VIA PadLock: RNG (not used) ACE2 PHE(8192) PMM [padlock] for SHA1 Mar 08 06:32:00.473 [info] Using default implementation for 3DES Mar 08 06:32:00.473 [notice] Using OpenSSL engine VIA PadLock: RNG (not used) ACE2 PHE(8192) PMM [padlock] for AES ...

[Automatically added by flyspray2trac: Operating System: All]

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking