[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

OpenSSL dynamic hardware engines in 0.2.2.1-alpha

To: or-talk@xxxxxxxxxxxxx
Subject: OpenSSL dynamic hardware engines in 0.2.2.1-alpha
From: coderman <coderman@xxxxxxxxx>
Date: Sun, 30 Aug 2009 15:14:23 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 30 Aug 2009 18:14:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=S1k73LtCa+rf6j/TpBnxHAIR5Bv/I4pkefQTdLFrKBw=; b=ItnYd4NommQxnBXb4ZaMk86uWQb6qcNForFca4MCEbaD5TCD968lqlkWwWXnGXsQhg 60Ci4otu+XDoEdRXh2JUW8mtUBpFPxvlFgCb6HeduQN1T05BskZcC8Tg6sIIyWqv0rvG lvG3u+zY/jUWfIz3Mft5QC8XMnczMbTDnwnPk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=RcG2m/yT8P2Jmjm49ahp6XQAYQ+u0U8FAaxdBNJJdxeLLo1BkMEyHEgEKqcEi6E/dc ZSFnDnooxJ/YAputD2LkE0tpSx2JYPO9deO2JMJbKN9NF6tVRYuL6J5smmtVy86cJtMA NU5rEN4lICGN09bj+XKUH8pMS9kFyL6bu45JI=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

The new 0.2.2.1-alpha release includes support for dynamic crypto
offload engines in OpenSSL. Two new config options are added to the
existing HardwareAccel boolean:

HardwareAccel 0|1 : If non-zero, try to use built-in (static) crypto
hardware acceleration when available. (Default: 0)

AccelName NAME : When using OpenSSL hardware crypto acceleration
attempt to load the dynamic engine of this name. This must be used for
any dynamic hardware engine. Names can be verified with the openssl
engine command.

AccelDir DIR : Specify this option if using dynamic hardware
acceleration and the engine implementation library resides somewhere
other than the OpenSSL default.

In most cases OpenSSL will know where to find its dynamic engine
shared library files and only "AccelName" needs to be set.

For example, to enable the padlock engine add:
HardwareAccel 1
AccelName padlock

to your torrc.

If the engine is successfully loaded you should see confirmation in
the notices.log similar to:
Aug 30 15:04:17.844 [notice] Tor 0.2.2.1-alpha (git-1092fdca53ec0110)
opening new log file.
Aug 30 15:04:17.864 [notice] Parsing GEOIP file.
Aug 30 15:04:18.374 [notice] Using OpenSSL engine VIA PadLock: RNG
(not used) ACE2 PHE(8192) PMM  [padlock] for SHA1
Aug 30 15:04:18.374 [notice] Using OpenSSL engine VIA PadLock: RNG
(not used) ACE2 PHE(8192) PMM  [padlock] for AES
...

Best regards,

Prev by Author: Re: More Secure Tor Browsing Through A Virtual Machine in Ubuntu
Next by Author: Re: The dh small subgroup confinement attack and Tor
Previous by thread: Snow Leopard
Index(es):
- Author
- Thread