Commit e84ddead authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Merge branch 'hardware_accel_improvements'

parents 3db64b50 3ca10bb6
Loading
Loading
Loading
Loading
+5 −1
Original line number Diff line number Diff line
Changes in version 0.2.2.1-alpha - 2009-??-??
  o Minor features
  o Major features:
    - Add support for dynamic OpenSSL hardware crypto acceleration engines
      via new AccelName and AccelDir options.

  o Minor features:
    - New --digests command-line switch to output the digests of the
      source files Tor was built with.
    - The "torify" script now uses torsocks where available.
+13 −2
Original line number Diff line number Diff line
@@ -350,8 +350,19 @@ On startup, setuid to this user and setgid to their primary group.
.LP
.TP
\fBHardwareAccel \fR\fB0\fR|\fB1\fP
If non-zero, try to use crypto hardware acceleration when
available. This is untested and probably buggy. (Default: 0)
If non-zero, try to use built-in (static) crypto hardware acceleration when
available. (Default: 0)
.LP
.TP
\fBAccelName \fR\fINAME\fP
When using OpenSSL hardware crypto acceleration attempt to load the dynamic
engine of this name. This must be used for any dynamic hardware engine. Names
can be verified with the openssl engine command.
.LP
.TP
\fBAccelDir \fR\fIDIR\fP
Specify this option if using dynamic hardware acceleration and the engine
implementation library resides somewhere other than the OpenSSL default.
.LP
.TP
\fBAvoidDiskWrites \fR\fB0\fR|\fB1\fP
+47 −12
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
#include <openssl/opensslv.h>
#include <openssl/bn.h>
@@ -166,36 +167,70 @@ log_engine(const char *fn, ENGINE *e)
  }
}

/** Try to load an engine in a shared library via fully qualified path.
 */
static ENGINE *
try_load_engine(const char *path, const char *engine)
{
  ENGINE *e = ENGINE_by_id("dynamic");
  if (e) {
    if (!ENGINE_ctrl_cmd_string(e, "ID", engine, 0) ||
        !ENGINE_ctrl_cmd_string(e, "DIR_LOAD", "2", 0) ||
        !ENGINE_ctrl_cmd_string(e, "DIR_ADD", path, 0) ||
        !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
      ENGINE_free(e);
      e = NULL;
    }
  }
  return e;
}

/** Initialize the crypto library.  Return 0 on success, -1 on failure.
 */
int
crypto_global_init(int useAccel)
crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
{
  if (!_crypto_global_initialized) {
    ERR_load_crypto_strings();
    OpenSSL_add_all_algorithms();
    _crypto_global_initialized = 1;
    setup_openssl_threading();
    /* XXX the below is a bug, since we can't know if we're supposed
     * to be using hardware acceleration or not. we should arrange
     * for this function to be called before init_keys. But make it
     * not complain loudly, at least until we make acceleration work. */
    if (useAccel < 0) {
      log_info(LD_CRYPTO, "Initializing OpenSSL via tor_tls_init().");
    }
    if (useAccel > 0) {
      ENGINE *e = NULL;
      log_info(LD_CRYPTO, "Initializing OpenSSL engine support.");
      ENGINE_load_builtin_engines();
      if (!ENGINE_register_all_complete())
        return -1;

      /* XXXX make sure this isn't leaking. */
      ENGINE_register_all_complete();
      if (accelName) {
        if (accelDir) {
          log_info(LD_CRYPTO, "Trying to load dynamic OpenSSL engine \"%s\""
                   " via path \"%s\".", accelName, accelDir);
          e = try_load_engine(accelName, accelDir);
        } else {
          log_info(LD_CRYPTO, "Initializing dynamic OpenSSL engine \"%s\""
                   " acceleration support.", accelName);
          e = ENGINE_by_id(accelName);
        }
        if (!e) {
          log_warn(LD_CRYPTO, "Unable to load dynamic OpenSSL engine \"%s\".",
                   accelName);
        } else {
          log_info(LD_CRYPTO, "Loaded dynamic OpenSSL engine \"%s\".",
                   accelName);
        }
      }
      if (e) {
        log_info(LD_CRYPTO, "Loaded OpenSSL hardware acceleration engine,"
                 " setting default ciphers.");
        ENGINE_set_default(e, ENGINE_METHOD_ALL);
      }
      log_engine("RSA", ENGINE_get_default_RSA());
      log_engine("DH", ENGINE_get_default_DH());
      log_engine("RAND", ENGINE_get_default_RAND());
      log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
      log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb));
      log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb));
    } else {
      log_info(LD_CRYPTO, "NOT using OpenSSL engine support.");
    }
    return crypto_seed_rng(1);
  }
+3 −1
Original line number Diff line number Diff line
@@ -55,7 +55,9 @@ typedef struct crypto_digest_env_t crypto_digest_env_t;
typedef struct crypto_dh_env_t crypto_dh_env_t;

/* global state */
int crypto_global_init(int hardwareAccel);
int crypto_global_init(int hardwareAccel,
                       const char *accelName,
                       const char *accelPath);
void crypto_thread_cleanup(void);
int crypto_global_cleanup(void);

+0 −1
Original line number Diff line number Diff line
@@ -308,7 +308,6 @@ tor_tls_init(void)
  if (!tls_library_is_initialized) {
    SSL_library_init();
    SSL_load_error_strings();
    crypto_global_init(-1);
    tls_library_is_initialized = 1;
  }
}
Loading