[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #4008 [Tor Relay]: Identify safe, common, useful openssl engines to enable by default



#4008: Identify safe, common, useful openssl engines to enable by default
-----------------------------+----------------------------------------------
 Reporter:  nickm            |          Owner:                  
     Type:  enhancement      |         Status:  new             
 Priority:  normal           |      Milestone:  Tor: unspecified
Component:  Tor Relay        |        Version:                  
 Keywords:  crypto, openssl  |         Parent:                  
   Points:                   |   Actualpoints:                  
-----------------------------+----------------------------------------------
 Ever since f0d4b3d1 (svn revision r5829) , all of our crypto acceleration
 is off by default, since we can't trust any given openssl engine to be
 secure, stable, and to run without crashing.

 We should identify engines which it would be safe and useful to turn on by
 default, and have them be on-by-default.  IMO the criteria should be:
   * It needs to be pretty common for a user to have the requisite hardware
 but not know about it.  IOW, anybody who has bought a special-purpose
 board can configure it themselves, but people with CPU or chipset support
 for acceleration are likely not to have thought about it.
   * It needs to be really stable.
   * It needs to be pretty well distributed.
   * It needs to be using a recent version of openssl.
   * It needs to make an actual improvement to Tor's performance or
 security.
   * We need to be able to test it.

 Good candidates to look at for a start IMO are aes-ni instructions.

 We'll also maybe need a UI change to let people disable default engines
 and add extra ones.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4008>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs