[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Fix for #937 - support dynamic crypto acceleration engines
- To: or-dev@xxxxxxxxxxxxx
- Subject: Fix for #937 - support dynamic crypto acceleration engines
- From: coderman <coderman@xxxxxxxxx>
- Date: Sat, 30 May 2009 15:29:17 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-dev-outgoing@xxxxxxxx
- Delivered-to: or-dev@xxxxxxxx
- Delivery-date: Sat, 30 May 2009 18:29:19 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=RexNq9aeqhX2Qh95UN7F56VqAx5zbBV1SQIj1rvhmQk=; b=OFjK2DMeJI7RJQfbrmDsBZo/M9oHkvmY9wfuPnvPfmiuNfYW07qUPWzSWkrsStZmdn Wihx2qXRUiT1qhchyf9Rho+IvZ5u4B9c11Wz4E7PRF/Wz8uzGH471TexPdgkruc+D0BJ 7/wsEr/xQ8vzpkMg17XwSUXBZutlal64SpFdg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=d/3uzYwVDYVvfL/6DqG2nt3DqflX9DJFe9sPMQisQTukhLWtjGEmFNWTuVf1RBuCBn k0/KTyiMZK2ypjvR1cJNm1iQ6zT6l8EGy7r4Ci2En+cBYoJmEJPDalbSX1wGyvWWWJLs Zi2QpLIb9bkzwZ7ftsdNI48xsRJFXrs2f1iMw=
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-dev@xxxxxxxxxxxxx
Branch hardware_accel_improvements at
git://git.torproject.org/~coderman/git/tor.git contains a fix for
dynamic crypto acceleration engines in OpenSSL and includes
documentation for two new options:
HardwareAccel 0|1
If non-zero, try to use built-in (static) crypto hardware acceleration
when available. (Default: 0)
AccelName NAME
When using OpenSSL hardware crypto acceleration attempt to load the
dynamic engine of this name. This must be used for any dynamic
hardware engine. Names can be verified with the openssl engine
command.
AccelDir DIR
Specify this option if using dynamic hardware acceleration and the
engine implementation library resides somewhere other than the OpenSSL
default.
This has been tested on openssl 0.9.7d through 0.9.8k and under load
by router 'badbits' for the past week or so.
For example, a padlock accelerated Tor would set the following in torrc:
HardwareAccel 1
AccelName padlock
And notices.log should show:
[notice] Using OpenSSL engine VIA PadLock: RNG (not used) ACE2
PHE(8192) PMM [padlock] for SHA1
[notice] Using OpenSSL engine VIA PadLock: RNG (not used) ACE2
PHE(8192) PMM [padlock] for AES
(info log level provides additional detail)
Additional testing with other dynamic engines and performance
improvement profiles would be useful.
Best regards,