diff options
author | Nick Mathewson <nickm@torproject.org> | 2005-06-20 18:56:35 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2005-06-20 18:56:35 +0000 |
commit | 2aff87caae0055a4767e60356f44612db20ad5c1 (patch) | |
tree | 99dab8d7e82e8650c07e5c5fc40336e5ecbcb7cc /src | |
parent | 5eef9177c57ccac03b6676e039c56bf7a6705198 (diff) | |
download | tor-2aff87caae0055a4767e60356f44612db20ad5c1.tar.gz tor-2aff87caae0055a4767e60356f44612db20ad5c1.zip |
Load hardware acceleration options when/where available. Can anybody test this?
svn:r4467
Diffstat (limited to 'src')
-rw-r--r-- | src/common/crypto.c | 42 | ||||
-rw-r--r-- | src/common/crypto.h | 2 | ||||
-rw-r--r-- | src/common/tortls.c | 5 | ||||
-rw-r--r-- | src/or/config.c | 6 | ||||
-rw-r--r-- | src/or/main.c | 2 | ||||
-rw-r--r-- | src/or/or.h | 2 |
6 files changed, 50 insertions, 9 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 549735b38d..c84c675397 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -22,6 +22,7 @@ const char crypto_c_id[] = "$Id$"; #include <string.h> +#include <openssl/engine.h> #include <openssl/err.h> #include <openssl/rsa.h> #include <openssl/pem.h> @@ -159,14 +160,46 @@ crypto_log_errors(int severity, const char *doing) } } +static void +log_engine(const char *fn, ENGINE *e) +{ + if (e) { + const char *name, *id; + name = ENGINE_get_name(e); + id = ENGINE_get_id(e); + log(LOG_NOTICE, "Using OpenSSL engine %s [%s] for %s", + name?name:"?", id?id:"?", fn); + } else { + log(LOG_INFO, "Using default implementation for %s", fn); + } +} + /** Initialize the crypto library. Return 0 on success, -1 on failure. */ -int crypto_global_init() +int +crypto_global_init(int useAccel) { if (!_crypto_global_initialized) { - ERR_load_crypto_strings(); - _crypto_global_initialized = 1; - setup_openssl_threading(); + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + _crypto_global_initialized = 1; + setup_openssl_threading(); + if (useAccel) { + if (useAccel < 0) + log_fn(LOG_WARN, "Initializing OpenSSL via tor_tls_init()."); + log_fn(LOG_INFO, "Initializing OpenSSL engine support."); + ENGINE_load_builtin_engines(); + if (!ENGINE_register_all_complete()) + return -1; + + /* XXXX make sure this isn't leaking. */ + log_engine("RSA", ENGINE_get_default_RSA()); + log_engine("DH", ENGINE_get_default_DH()); + log_engine("RAND", ENGINE_get_default_RAND()); + log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1)); + log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb)); + log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb)); + } } return 0; } @@ -176,6 +209,7 @@ int crypto_global_init() int crypto_global_cleanup() { ERR_free_strings(); + ENGINE_cleanup(); #ifdef TOR_IS_MULTITHREADED if (_n_openssl_mutexes) { int n = _n_openssl_mutexes; diff --git a/src/common/crypto.h b/src/common/crypto.h index 66c859b65e..903fe72ea0 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -48,7 +48,7 @@ typedef struct crypto_digest_env_t crypto_digest_env_t; typedef struct crypto_dh_env_t crypto_dh_env_t; /* global state */ -int crypto_global_init(void); +int crypto_global_init(int hardwareAccel); int crypto_global_cleanup(void); /* environment setup */ diff --git a/src/common/tortls.c b/src/common/tortls.c index 974d22afa7..09f95f925f 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -148,12 +148,11 @@ tor_tls_get_error(tor_tls *tls, int r, int extra, /** Initialize OpenSSL, unless it has already been initialized. */ static void -tor_tls_init(void) { +tor_tls_init() { if (!tls_library_is_initialized) { SSL_library_init(); SSL_load_error_strings(); - crypto_global_init(); - OpenSSL_add_all_algorithms(); + crypto_global_init(-1); tls_library_is_initialized = 1; } } diff --git a/src/or/config.c b/src/or/config.c index 1a12eb89b6..619a90b8af 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -135,6 +135,7 @@ static config_var_t config_vars[] = { VAR("HttpProxyAuthenticator",STRING, HttpProxyAuthenticator,NULL), VAR("HttpsProxy", STRING, HttpsProxy, NULL), VAR("HttpsProxyAuthenticator",STRING,HttpsProxyAuthenticator,NULL), + VAR("HardwareAccel", BOOL, HardwareAccel, "1"), VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL), VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL), @@ -1662,6 +1663,11 @@ options_transition_allowed(or_options_t *old, or_options_t *new_val) return -1; } + if (old->HardwareAccel != new_val->HardwareAccel) { + log_fn(LOG_WARN,"During reload, changing HardwareAccel is not allowed. Failing."); + return -1; + } + return 0; } diff --git a/src/or/main.c b/src/or/main.c index e3649501f1..a454fbebcf 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1320,7 +1320,7 @@ tor_init(int argc, char *argv[]) log_fn(LOG_WARN,"You are running Tor as root. You don't need to, and you probably shouldn't."); #endif - crypto_global_init(); + crypto_global_init(get_options()->HardwareAccel); if (crypto_seed_rng()) { log_fn(LOG_ERR, "Unable to seed random number generator. Exiting."); return -1; diff --git a/src/or/or.h b/src/or/or.h index f66ad82646..1a278ab7ea 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1137,6 +1137,8 @@ typedef struct { * long do we wait before exiting? */ int SafeLogging; /**< Boolean: are we allowed to log sensitive strings * such as addresses (0), or do we scrub them first (1)? */ + int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware + * acceleration where available? */ } or_options_t; #define MAX_SOCKS_REPLY_LEN 1024 |