Probably (and hopefully) a very obvious fix for those that aren't newbies to Linux, but I'm trying to get Hardware-Accelerated OpenSSL to work with Tor on Jessie. I've gotten the Hardware-Accelerated OpenSSL part done, but the Tor part is giving me problems. I am able to successfully compile Tor by itself, and I'm able to successfully utilize OpenSSL by itself, but getting them to work together isn't working. So, I'll give a run-down of what I've done, and where I'm stuck:
Info: Linux beaglebone 3.14.39-ti-r61 #1 SMP PREEMPT Fri Apr 24 18:32:15 UTC 2015 armv7l GNU/Linux Debian 8 Console Tor 2.6.7 Information Sources: https://superuser.com/questions/881404/beaglebone-black-openssl-crypto-accel... and http://datko.net/2013/10/28/tor_cryptodev/
Step 1: Getting OpenSSL to become Hardware-Accelerated
sudo apt-get install linux-image-3.14.39-ti-r61 sudo apt-get install linux-headers-3.14.39-ti-r61 wget http://download.gna.org/cryptodev-linux/cryptodev-linux-1.7.tar.gz tar zxf cryptodev-linux-1.7.tar.gz cd cryptodev-linux-1.7/ sudo make sudo make install sudo depmod -a sudo modprobe cryptodev lsmod sudo sh -c 'echo cryptodev>>/etc/modules' cd ~ wget https://www.openssl.org/source/openssl-1.0.2a.tar.gz tar zxf openssl-1.0.2a.tar.gz cd openssl-1.0.2a/ ls ./config -DHAVE_CRYPTODEV -DUSE_CRYPTDEV_DIGESTS shared sudo make sudo make install
Step 2: Test OpenSSL: /usr/local/ssl/bin/openssl speed -evp aes-128-cbc
Results confirm hardware acceleration is functional
Step 3: Making Tor use OpenSSL Added to /etc/apt/sources.list : deb http://deb.torproject.org/torproject.org jessie main deb-src http://deb.torproject.org/torproject.org jessie main deb http://deb.torproject.org/torproject.org tor-experimental-0.2.6.x-jessie main deb-src http://deb.torproject.org/torproject.org tor-experimental-0.2.6.x-jessie main
Fixed the key nonsense
sudo apt-get update sudo apt-get install build-essential fakeroot devscripts sudo apt-get build-dep tor mkdir ~/debian-packages; cd ~/debian-packages sudo apt-get source tor cd tor-*
And it's here where I believe the problem lies:
sudo nano debian/rules Add the two lines as shown on the "guide" such that mine reads:
override_dh_auto_configure: ! [ -e debian/micro-revision.i ] || cp debian/micro-revision.i src/or/micro-revision.i dh_auto_configure -- \ $(confflags) \ --enable-static-openssl \ --with-openssl-dir=/usr/local/ssl \ --prefix=/usr \ --mandir=$${prefix}/share/man \ --infodir=$${prefix}/share/info \ --localstatedir=/var \ --sysconfdir=/etc \ --disable-silent-rules \ --enable-gcc-warnings-advisory
sudo debuild -rfakeroot -uc -us
Error message after 35m: 15/359 TESTS FAILED. (0 skipped) Makefile:6429: recipe for target 'test' failed make[1]: *** [test] Error 1 make[1]: Leaving directory '/home/debian/debian-packages/tor-0.2.6.7/build' dh_auto_test: make -j1 test returned exit code 2 debian/rules:16: recipe for target 'build' failed make: *** [build] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 debuild: fatal error at line 1376: dpkg-buildpackage -rfakeroot -D -us -uc failed
My thoughts: I noticed on the Tor FAQ here: https://www.torproject.org/docs/faq.html.en#RelayMemory
That adding the malloc flag it done using the ./configure option, while I used nano. If that's the problem, how do I use configure for adding the other flags such as OPenSSL dir and static openssl. Also, I noticed that the path I add to the configure is not quite the same as the path used to test openssl's functionality. Also, the tor confflag mentions static openssl, but the openssl ./configure talked about being shared. Also, does the ordering other confflags matter? Is it asking for a static openssl prior to learning the directory of the correct library? I'm just trying to brainstorm why I'm getting this one error. Looking at the test log, looks like there's some kind of error in the self-test of the cryptographic engine, yet it works in OpenSSL by itself? Any help would be appreciated, thanks.
Super long test log:
onion_handshake: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test.c:84: assert(! onion_skin_TAP_create(pk, &c_dh, c_buf)) [onion_handshake FAILED] bad_onion_handshake: cryptodev_digest_update: illegal inputs cryptodev_digest_update: illegal inputs cryptodev_digest_update: illegal inputs cryptodev_digest_update: illegal inputs
FAIL ../src/test/test.c:158: assert(! onion_skin_TAP_create(pk, &c_dh, c_buf)) [bad_onion_handshake FAILED] onion_queues: OK ntor_handshake: OK circuit_timeout: OK rend_fns: OK geoip: OK geoip_with_pt: [forking] OK stats: [forking] OK accounting/bwlimits: [forking] OK addr/basic: OK addr/ip6_helpers: OK addr/parse: OK addr/virtaddr: OK addr/localname: OK addr/dup_ip: OK addr/sockaddr_to_str: OK addr/is_loopback: OK addr/make_null: OK address/get_if_addrs_ifaddrs: [forking] OK address/ifaddrs_to_smartlist: OK address/get_if_addrs_ioctl: [forking] OK address/ifreq_to_smartlist: OK buffer/basic: [forking] OK buffer/copy: [forking] OK buffer/pullup: [forking] OK buffer/ext_or_cmd: [forking] OK buffer/allocation_tracking: [forking] OK buffer/time_tracking: [forking] OK buffer/zlib: [forking] OK buffer/zlib_fin_with_nil: [forking] OK buffer/zlib_fin_at_chunk_end: [forking] OK cellfmt/relay_header: OK cellfmt/begin_cells: OK cellfmt/connected_cells: OK cellfmt/create_cells: OK cellfmt/created_cells: OK cellfmt/extend_cells: OK cellfmt/extended_cells: OK cellfmt/resolved_cells: OK cellfmt/is_destroy: OK cellqueue/basic: [forking] OK cellqueue/circ_n_cells: [forking] OK channel/dumpstats: [forking] OK channel/flush: [forking] OK channel/flushmux: [forking] OK channel/incoming: [forking] OK channel/lifecycle: [forking] OK channel/lifecycle_2: [forking] OK channel/multi: [forking] OK channel/queue_impossible: [forking] OK channel/queue_size: [forking] OK channel/write: [forking] OK channeltls/create: [forking] OK channeltls/num_bytes_queued: [forking] OK channeltls/overhead_estimate: [forking] OK checkdir/perms: [forking] OK circuitlist/maps: [forking] OK circuitlist/rend_token_maps: [forking] OK circuitlist/pick_circid: [forking] OK circuitmux/destroy_cell_queue: [forking] OK config/resolve_my_address: [forking] OK config/addressmap: OK config/parse_bridge_line: OK config/parse_transport_options_line: OK config/parse_transport_plugin_line: [forking] OK config/check_or_create_data_subdir: [forking] OK config/write_to_data_subdir: [forking] OK config/fix_my_family: OK container/smartlist_basic: OK container/smartlist_strings: OK container/smartlist_overlap: OK container/smartlist_digests: OK container/smartlist_join: OK container/smartlist_ints_eq: OK container/bitarray: OK container/digestset: OK container/strmap: OK container/pqueue: OK container/order_functions: OK container/di_map: OK container/fp_pair_map: OK control/bucket_note_empty: OK control/bucket_millis_empty: OK control/sum_up_cell_stats: OK control/append_cell_stats: OK control/format_cell_stats: OK crypto/formats: OK crypto/rng: OK crypto/aes_AES: [forking] OK crypto/aes_EVP: [forking] OK crypto/sha: OK crypto/pk: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_crypto.c:427: assert(128 OP_EQ crypto_pk_public_encrypt(pk2, data1, sizeof(data1), "Hello whirled.", 15, PK_PKCS1_OAEP_PADDING)): 128 vs -1 [pk FAILED] crypto/pk_fingerprints: [forking] OK crypto/digests: OK crypto/dh: OK crypto/aes_iv_AES: [forking] OK crypto/aes_iv_EVP: [forking] OK crypto/base32_decode: OK crypto/kdf_TAP: OK crypto/hkdf_sha256: OK crypto/curve25519_impl: OK crypto/curve25519_impl_hibit: OK crypto/curve25519_wrappers: OK crypto/curve25519_encode: OK crypto/curve25519_persist: OK crypto/ed25519_simple: OK crypto/ed25519_test_vectors: OK crypto/ed25519_encode: OK crypto/ed25519_convert: OK crypto/ed25519_blinding: OK crypto/ed25519_testvectors: OK crypto/siphash: OK dir/nicknames: [forking] OK dir/formats: [forking] OK dir/routerparse_bad: OK dir/extrainfo_parsing: OK dir/parse_router_list: [forking] OK dir/load_routers: [forking] OK dir/load_extrainfo: [forking] OK dir/versions: [forking] OK dir/fp_pairs: [forking] OK dir/split_fps: OK dir/measured_bw_kb: [forking] OK dir/measured_bw_kb_cache: [forking] OK dir/param_voting: [forking] OK dir/v3_networkstatus: [forking] OK dir/random_weighted: OK dir/scale_bw: OK dir/clip_unmeasured_bw_kb: [forking] OK dir/clip_unmeasured_bw_kb_alt: [forking] OK dir/fmt_control_ns: OK dir/http_handling: OK dir/purpose_needs_anonymity: OK dir/fetch_type: OK dir/packages: OK dir/md/cache: [forking] OK dir/md/broken_cache: [forking] OK dir/md/generate: OK dir/md/parse: OK dir/md/reject_cache: [forking] OK entryconn/rewrite_basic: [forking] OK entryconn/rewrite_bad_dotexit: [forking] OK entryconn/rewrite_automap_ipv4: [forking] OK entryconn/rewrite_automap_ipv6: [forking] OK entryconn/rewrite_cached_dns_ipv4: [forking] OK entryconn/rewrite_cached_dns_ipv6: [forking] OK entryconn/rewrite_unmapped_virtual: [forking] OK entryconn/rewrite_mapaddress: [forking] OK entryconn/rewrite_reject_internal_reverse: [forking] OK entryconn/rewrite_automap_exit: [forking] OK entryconn/rewrite_mapaddress_exit: [forking] OK entryconn/rewrite_mapaddress_automap_onion: [forking] OK entryconn/rewrite_mapaddress_automap_onion2: [forking] OK entryconn/rewrite_mapaddress_automap_onion3: [forking] OK entryconn/rewrite_mapaddress_automap_onion4: [forking] OK entrynodes/entry_is_time_to_retry: [forking] OK entrynodes/choose_random_entry_no_guards: [forking] OK entrynodes/choose_random_entry_one_possibleguard: [forking] OK entrynodes/populate_live_entry_guards_1guard: [forking] OK entrynodes/populate_live_entry_guards_3guards: [forking] OK entrynodes/entry_guards_parse_state_simple: [forking] OK entrynodes/entry_guards_parse_state_pathbias: [forking] OK entrynodes/entry_guards_set_from_config: [forking] OK entrynodes/entry_is_live: [forking] OK guardfraction/parse_guardfraction_file_bad: [forking] OK guardfraction/parse_guardfraction_file_good: [forking] OK guardfraction/parse_guardfraction_consensus: [forking] OK guardfraction/get_guardfraction_bandwidth: [forking] OK guardfraction/should_apply_guardfraction: [forking] OK extorport/id_map: [forking] OK extorport/write_command: [forking] OK extorport/init_auth: [forking] OK extorport/cookie_auth: [forking] OK extorport/cookie_auth_testvec: [forking] OK extorport/handshake: [forking] OK hs/hs_desc_event: [forking] OK hs/pick_tor2web_rendezvous_node: [forking] OK hs/pick_bad_tor2web_rendezvous_node: [forking] OK introduce/early_parse_v0: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [early_parse_v0 FAILED] introduce/early_parse_v1: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [early_parse_v1 FAILED] introduce/early_parse_v2: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [early_parse_v2 FAILED] introduce/early_parse_v3: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0)cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [early_parse_v3 FAILED] introduce/decrypt_v0: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [decrypt_v0 FAILED] introduce/decrypt_v1: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [decrypt_v1 FAILED] introduce/decrypt_v2: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [decrypt_v2 FAILED] introduce/decrypt_v3: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0)cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [decrypt_v3 FAILED] introduce/late_parse_v0: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [late_parse_v0 FAILED] introduce/late_parse_v1: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [late_parse_v1 FAILED] introduce/late_parse_v2: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [late_parse_v2 FAILED] introduce/late_parse_v3: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0)cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0) FAIL ../src/test/test_introduce.c:305: assert(r > 0) [late_parse_v3 FAILED] nodelist/node_get_verbose_nickname_by_id_null_node: [forking] OK nodelist/node_get_verbose_nickname_not_named: [forking] OK oom/circbuf: [forking] OK oom/streambuf: [forking] OK options/validate: [forking] OK policy/router_dump_exit_policy_to_string: OK policy/general: OK pt/parsing: OK pt/protocol: OK pt/get_transport_options: [forking] OK pt/get_extrainfo_string: [forking] OK pt/configure_proxy: [forking] OK pt/get_pt_proxy_uri: [forking] OK relay/append_cell_to_circuit_queue: [forking] OK relaycell/resolved: [forking] OK replaycache/alloc: OK replaycache/badalloc: OK replaycache/free_null: OK replaycache/miss: OK replaycache/hit: OK replaycache/age: OK replaycache/elapsed: OK replaycache/noexpire: OK replaycache/scrub: OK replaycache/future: OK replaycache/realtime: OK routerkeys/write_fingerprint: [forking] OK routerlist/initiate_descriptor_downloads: OK routerlist/launch_descriptor_downloads: OK routerset/routerset_new: [forking] OK routerset/routerset_get_countryname: [forking] OK routerset/routerset_is_list: [forking] OK routerset/routerset_needs_geoip: [forking] OK routerset/routerset_is_empty: [forking] OK routerset/routerset_contains__null_set_or_null_set_list: [forking] OK routerset/routerset_contains__set_and_nickname: [forking] OK routerset/routerset_contains__set_and_null_nickname: [forking] OK routerset/routerset_contains__set_and_no_nickname: [forking] OK routerset/routerset_contains__set_and_digest: [forking] OK routerset/routerset_contains__set_and_no_digest: [forking] OK routerset/routerset_contains__set_and_null_digest: [forking] OK routerset/routerset_contains__set_and_addr: [forking] OK routerset/routerset_contains__set_and_no_addr: [forking] OK routerset/routerset_contains__set_and_null_addr: [forking] OK routerset/routerset_contains__countries_no_geoip: [forking] OK routerset/routerset_contains__countries_geoip: [forking] OK routerset/routerset_add_unknown_ccs__only_flag_and_no_ccs: [forking] OK routerset/routerset_add_unknown_ccs__creates_set: [forking] OK routerset/routerset_add_unknown_ccs__add_unknown: [forking] OK routerset/routerset_add_unknown_ccs__add_a1: [forking] OK routerset/routerset_contains_extendinfo: [forking] OK routerset/routerset_contains_router: [forking] OK routerset/routerset_contains_routerstatus: [forking] OK routerset/routerset_contains_node__none: [forking] OK routerset/routerset_contains_node__routerinfo: [forking] OK routerset/routerset_contains_node__routerstatus: [forking] OK routerset/routerset_get_all_nodes__no_routerset: [forking] OK routerset/routerset_get_all_nodes__list_with_no_nodes: [forking] OK routerset/routerset_get_all_nodes__list_flag_not_running: [forking] OK routerset/routerset_get_all_nodes__list: [forking] OK routerset/routerset_get_all_nodes__nodelist_with_no_nodes: [forking] OK routerset/routerset_get_all_nodes__nodelist_flag_not_running: [forking] OK routerset/routerset_refresh_counties__geoip_not_loaded: [forking] OK routerset/routerset_refresh_counties__no_countries: [forking] OK routerset/routerset_refresh_counties__one_valid_country: [forking] OK routerset/routerset_refresh_counties__one_invalid_country: [forking] OK routerset/routerset_union__source_bad: [forking] OK routerset/routerset_union__one: [forking] OK routerset/routerset_parse__malformed: [forking] OK routerset/routerset_parse__valid_hexdigest: [forking] OK routerset/routerset_parse__valid_nickname: [forking] OK routerset/routerset_parse__get_countryname: [forking] OK routerset/routerset_parse__policy: [forking] OK routerset/routerset_subtract_nodes: [forking] OK routerset/routerset_subtract_nodes__null_routerset: [forking] OK routerset/routerset_to_string: [forking] OK routerset/routerset_equal__empty_empty: [forking] OK routerset/routerset_equal__empty_not_empty: [forking] OK routerset/routerset_equal__differing_lengths: [forking] OK routerset/routerset_equal__unequal: [forking] OK routerset/routerset_equal__equal: [forking] OK routerset/routerset_free__null_routerset: [forking] OK routerset/routerset_free: [forking] OK scheduler/channel_states: [forking] OK scheduler/compare_channels: [forking] OK scheduler/initfree: [forking] OK scheduler/loop: [forking] OK scheduler/queue_heuristic: [forking] OK socks/4_unsupported_commands: [forking] OK socks/4_supported_commands: [forking] OK socks/5_unsupported_commands: [forking] OK socks/5_supported_commands: [forking] OK socks/5_no_authenticate: [forking] OK socks/5_auth_before_negotiation: [forking] OK socks/5_authenticate: [forking] OK socks/5_authenticate_with_data: [forking] OK socks/5_malformed_commands: [forking] OK status/count_circuits: [forking] OK status/secs_to_uptime: [forking] OK status/bytes_to_usage: [forking] OK status/log_heartbeat__fails: [forking] OK status/log_heartbeat__simple: [forking] OK status/log_heartbeat__not_in_consensus: [forking] OK status/log_heartbeat__calls_log_accounting: [forking] OK status/log_heartbeat__packaged_cell_fullness: [forking] OK status/log_heartbeat__tls_write_overhead: [forking] OK util/time: OK util/parse_http_time: OK util/config_line: OK util/config_line_quotes: OK util/config_line_comment_character: OK util/config_line_escaped_content: OK util/expand_filename: OK util/escape_string_socks: OK util/string_is_key_value: OK util/strmisc: OK util/pow2: OK util/gzip: OK util/datadir: OK util/memarea: OK util/control_formats: OK util/mmap: OK util/sscanf: OK util/format_time_interval: OK util/path_is_relative: OK util/strtok: OK util/di_ops: OK util/round_to_next_multiple_of: OK util/laplace: OK util/strclear: OK util/find_str_at_start_of_line: OK util/string_is_C_identifier: OK util/asprintf: OK util/listdir: OK util/parent_dir: OK util/ftruncate: OK util/exit_status: OK util/fgets_eagain: OK util/format_hex_number: OK util/format_dec_number: OK util/join_win_cmdline: OK util/split_lines: OK util/n_bits_set: OK util/eat_whitespace: OK util/sl_new_from_text_lines: OK util/envnames: OK util/make_environment: OK util/set_env_var_in_sl: OK util/read_file_eof_tiny_limit: OK util/read_file_eof_one_loop_a: OK util/read_file_eof_one_loop_b: OK util/read_file_eof_two_loops: OK util/read_file_eof_two_loops_b: OK util/read_file_eof_zero_bytes: OK util/write_chunks_to_file: OK util/mathlog: OK util/weak_random: OK util/socket: [forking] OK util/socketpair: [forking] OK util/socketpair_ersatz: [forking] OK util/max_mem: OK util/hostname_validation: OK util/ipv4_validation: OK util/logging/sigsafe_err_fds: [forking] OK util/logging/sigsafe_err: [forking] OK util/thread/basic: [forking] OK util/thread/conditionvar: [forking] OK util/thread/conditionvar_timeout: [forking] OK