diff options
| author | Martin Peck <coder@peertech.org> | 2009-05-23 16:42:44 -0700 |
|---|---|---|
| committer | Martin Peck <coder@peertech.org> | 2009-05-23 16:42:44 -0700 |
| commit | 7703b887f5db0d8d62e9eb87305bb8e2113276f1 (patch) | |
| tree | 4cf6f080b0f3ac0f70ff2f4e6e35097c41fcecd0 /src/or | |
| parent | 75f963e9517ba8702fe1ed1d470e28b0462fb3d2 (diff) | |
| download | tor-7703b887f5db0d8d62e9eb87305bb8e2113276f1.tar.gz tor-7703b887f5db0d8d62e9eb87305bb8e2113276f1.zip | |
Add support for dynamic OpenSSL hardware crypto acceleration engines.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/config.c | 19 | ||||
| -rw-r--r-- | src/or/main.c | 4 | ||||
| -rw-r--r-- | src/or/or.h | 2 | ||||
| -rw-r--r-- | src/or/router.c | 4 | ||||
| -rw-r--r-- | src/or/test.c | 2 |
5 files changed, 25 insertions, 6 deletions
diff --git a/src/or/config.c b/src/or/config.c index a4461a6fe7..0d176670e4 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -222,6 +222,8 @@ static config_var_t _option_vars[] = { #endif OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), + V(AccelName, STRING, NULL), + V(AccelDir, FILENAME, NULL), V(HashedControlPassword, LINELIST, NULL), V(HidServDirectoryV2, BOOL, "1"), VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL), @@ -444,6 +446,10 @@ static config_var_description_t options_description[] = { * FetchUselessDescriptors */ { "HardwareAccel", "If set, Tor tries to use hardware crypto accelerators " "when it can." }, + { "AccelName", "If set, try to use hardware crypto accelerator with this " + "specific ID." }, + { "AccelDir", "If set, look in this directory for the dynamic hardware " + "engine in addition to OpenSSL default path." }, /* HashedControlPassword */ { "HTTPProxy", "Force Tor to make all HTTP directory requests through this " "host:port (or host:80 if port is not set)." }, @@ -3602,6 +3608,11 @@ options_validate(or_options_t *old_options, or_options_t *options, "testing Tor network!"); } + if (options->AccelName && !options->HardwareAccel) + options->HardwareAccel = 1; + if (options->AccelDir && !options->AccelName) + REJECT("Can't use hardware crypto accelerator dir without engine name."); + return 0; #undef REJECT #undef COMPLAIN @@ -3659,9 +3670,11 @@ options_transition_allowed(or_options_t *old, or_options_t *new_val, return -1; } - if (old->HardwareAccel != new_val->HardwareAccel) { - *msg = tor_strdup("While Tor is running, changing HardwareAccel is " - "not allowed."); + if ((old->HardwareAccel != new_val->HardwareAccel) + || (old->AccelName != new_val->AccelName) + || (old->AccelDir != new_val->AccelDir)) { + *msg = tor_strdup("While Tor is running, changing OpenSSL hardware " + "acceleration engine is not allowed."); return -1; } diff --git a/src/or/main.c b/src/or/main.c index b151b1f666..456d9fab16 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1818,7 +1818,9 @@ tor_init(int argc, char *argv[]) "and you probably shouldn't."); #endif - if (crypto_global_init(get_options()->HardwareAccel)) { + if (crypto_global_init(get_options()->HardwareAccel, + get_options()->AccelName, + get_options()->AccelDir)) { log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); return -1; } diff --git a/src/or/or.h b/src/or/or.h index d5b36c85a6..77582309e9 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2422,6 +2422,8 @@ typedef struct { * log whether it was DNS-leaking or not? */ int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware * acceleration where available? */ + char *AccelName; /**< Optional hardware acceleration engine name. */ + char *AccelDir; /**< Optional hardware acceleration engine search dir. */ int UseEntryGuards; /**< Boolean: Do we try to enter from a smallish number * of fixed nodes? */ int NumEntryGuards; /**< How many entry guards do we try to establish? */ diff --git a/src/or/router.c b/src/or/router.c index da922b7508..7a567be30d 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -442,7 +442,9 @@ init_keys(void) key_lock = tor_mutex_new(); /* There are a couple of paths that put us here before */ - if (crypto_global_init(get_options()->HardwareAccel)) { + if (crypto_global_init(get_options()->HardwareAccel, + get_options()->AccelName, + get_options()->AccelDir)) { log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); return -1; } diff --git a/src/or/test.c b/src/or/test.c index 6ce0aaeb47..ef61e62ee1 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -4793,7 +4793,7 @@ main(int c, char**v) } options->command = CMD_RUN_UNITTESTS; - crypto_global_init(0); + crypto_global_init(0, NULL, NULL); rep_hist_init(); network_init(); setup_directory(); |