Hi,
(Batching a bunch of replies together.)
For some historical context:
* https://trac.torproject.org/projects/tor/ticket/15503
* https://trac.torproject.org/projects/tor/ticket/15918 (Still a low priority, padlock's hash accel isn't exposed in any way from OpenSSL at all.)
On Sun, 5 Jun 2016 17:11:19 +0200 "Fabio Pietrosanti (naif) - lists" lists@infosecurity.ch wrote:
On 6/5/16 5:01 PM, Fabio Pietrosanti (naif) - lists wrote:
Do you get messages about successfully using 'padlock' in /var/log/tor/log?
Yes root@dedi-fr-23644:~# zgrep -i padlock /var/log/tor/log* /var/log/tor/log:Jun 05 16:58:27.000 [notice] Default OpenSSL engine for AES-128-ECB is VIA PadLock (no-RNG, ACE) [padlock]
The important one is AES-128-CTR. Since you're using OpenSSL master, it should be accelerated. Versions prior to the 1.1 series do not.
Quickly skimming engines/e_padlock.c, it appears that GCM accel isn't supported, but I don't feel like looking at if that means "just a slow GHASH" or "slow everything".
I noticed just now that we could *also* enable the hw RNG of the Padlock, to further offload the Via Nano main CPU processing:
The tor process tries really hard to intentionally and explicitly disable support for hardware RNGs, for "we don't trust it" reasons. Eventually this code will change to force the use of a RNG that is shipped with tor.
See: src/common/crypto.c:crypto_force_rand_ssleay()
The best way to use it would be to ensure that your kernel uses entropy from it as part of the system entropy pool.
On Sun, 5 Jun 2016 18:53:50 +0200 Toralf Förster toralf.foerster@gmx.de wrote:
On 06/05/2016 01:28 PM, Fabio Pietrosanti (naif) - lists wrote:
In /etc/tor/torrc: HardwareAccel 1
Reading https://lists.torproject.org/pipermail/tor-relays/2012-March/001260.html I do wonder if setting that option is helpful ?
Padlock support, unlike AES-NI is provided as an engine, so afaik it still matters.
On Sun, 5 Jun 2016 18:20:56 +0200 fatal fatal@mailbox.org wrote:
Hello,
openssl with enabled padlock and tor stable crashes on my via nano servers running linux and freebsd.
How's it crashing, what are the versions of the relevant components? My gut feeling would be an OpenSSL bug of some sort, but please file a ticket on trac.
NB: I don't have anything with Padlock support.