Fix for #937 - support dynamic crypto acceleration engines

coderman coderman at
Sat May 30 22:29:17 UTC 2009

Branch hardware_accel_improvements at
git:// contains a fix for
dynamic crypto acceleration engines in OpenSSL and includes
documentation for two new options:

HardwareAccel 0|1
If non-zero, try to use built-in (static) crypto hardware acceleration
when available. (Default: 0)

AccelName NAME
When using OpenSSL hardware crypto acceleration attempt to load the
dynamic engine of this name. This must be used for any dynamic
hardware engine. Names can be verified with the openssl engine

AccelDir DIR
Specify this option if using dynamic hardware acceleration and the
engine implementation library resides somewhere other than the OpenSSL

This has been tested on openssl 0.9.7d through 0.9.8k and under load
by router 'badbits' for the past week or so.

For example, a padlock accelerated Tor would set the following in torrc:
HardwareAccel 1
AccelName padlock

And notices.log should show:
[notice] Using OpenSSL engine VIA PadLock: RNG (not used) ACE2
PHE(8192) PMM  [padlock] for SHA1
[notice] Using OpenSSL engine VIA PadLock: RNG (not used) ACE2
PHE(8192) PMM  [padlock] for AES
(info log level provides additional detail)

Additional testing with other dynamic engines and performance
improvement profiles would be useful.

Best regards,

More information about the tor-dev mailing list