[tor-relays] HW-Accelerated OpenSSL & Tor not playing nicely.
12xBTM
12xbtm at gmail.com
Sat May 2 13:42:42 UTC 2015
Probably (and hopefully) a very obvious fix for those that aren't
newbies to Linux, but I'm trying to get Hardware-Accelerated OpenSSL to
work with Tor on Jessie. I've gotten the Hardware-Accelerated OpenSSL
part done, but the Tor part is giving me problems. I am able to
successfully compile Tor by itself, and I'm able to successfully utilize
OpenSSL by itself, but getting them to work together isn't working. So,
I'll give a run-down of what I've done, and where I'm stuck:
Info:
Linux beaglebone 3.14.39-ti-r61 #1 SMP PREEMPT Fri Apr 24 18:32:15 UTC
2015 armv7l GNU/Linux
Debian 8 Console
Tor 2.6.7
Information Sources:
https://superuser.com/questions/881404/beaglebone-black-openssl-crypto-acceleration
and http://datko.net/2013/10/28/tor_cryptodev/
Step 1: Getting OpenSSL to become Hardware-Accelerated
sudo apt-get install linux-image-3.14.39-ti-r61
sudo apt-get install linux-headers-3.14.39-ti-r61
wget http://download.gna.org/cryptodev-linux/cryptodev-linux-1.7.tar.gz
tar zxf cryptodev-linux-1.7.tar.gz
cd cryptodev-linux-1.7/
sudo make
sudo make install
sudo depmod -a
sudo modprobe cryptodev
lsmod
sudo sh -c 'echo cryptodev>>/etc/modules'
cd ~
wget https://www.openssl.org/source/openssl-1.0.2a.tar.gz
tar zxf openssl-1.0.2a.tar.gz
cd openssl-1.0.2a/
ls
./config -DHAVE_CRYPTODEV -DUSE_CRYPTDEV_DIGESTS shared
sudo make
sudo make install
Step 2: Test OpenSSL:
/usr/local/ssl/bin/openssl speed -evp aes-128-cbc
Results confirm hardware acceleration is functional
Step 3: Making Tor use OpenSSL
Added to /etc/apt/sources.list :
deb http://deb.torproject.org/torproject.org jessie main
deb-src http://deb.torproject.org/torproject.org jessie main
deb http://deb.torproject.org/torproject.org
tor-experimental-0.2.6.x-jessie main
deb-src http://deb.torproject.org/torproject.org
tor-experimental-0.2.6.x-jessie main
Fixed the key nonsense
sudo apt-get update
sudo apt-get install build-essential fakeroot devscripts
sudo apt-get build-dep tor
mkdir ~/debian-packages; cd ~/debian-packages
sudo apt-get source tor
cd tor-*
And it's here where I believe the problem lies:
sudo nano debian/rules
Add the two lines as shown on the "guide" such that mine reads:
override_dh_auto_configure:
! [ -e debian/micro-revision.i ] || cp debian/micro-revision.i
src/or/micro-revision.i
dh_auto_configure -- \
$(confflags) \
--enable-static-openssl \
--with-openssl-dir=/usr/local/ssl \
--prefix=/usr \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
--localstatedir=/var \
--sysconfdir=/etc \
--disable-silent-rules \
--enable-gcc-warnings-advisory
sudo debuild -rfakeroot -uc -us
Error message after 35m:
15/359 TESTS FAILED. (0 skipped)
Makefile:6429: recipe for target 'test' failed
make[1]: *** [test] Error 1
make[1]: Leaving directory '/home/debian/debian-packages/tor-0.2.6.7/build'
dh_auto_test: make -j1 test returned exit code 2
debian/rules:16: recipe for target 'build' failed
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
debuild: fatal error at line 1376:
dpkg-buildpackage -rfakeroot -D -us -uc failed
My thoughts: I noticed on the Tor FAQ here:
https://www.torproject.org/docs/faq.html.en#RelayMemory
That adding the malloc flag it done using the ./configure option, while
I used nano. If that's the problem, how do I use configure for adding
the other flags such as OPenSSL dir and static openssl. Also, I noticed
that the path I add to the configure is not quite the same as the path
used to test openssl's functionality. Also, the tor confflag mentions
static openssl, but the openssl ./configure talked about being shared.
Also, does the ordering other confflags matter? Is it asking for a
static openssl prior to learning the directory of the correct library?
I'm just trying to brainstorm why I'm getting this one error. Looking
at the test log, looks like there's some kind of error in the self-test
of the cryptographic engine, yet it works in OpenSSL by itself? Any help
would be appreciated, thanks.
Super long test log:
onion_handshake: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test.c:84: assert(! onion_skin_TAP_create(pk, &c_dh,
c_buf))
[onion_handshake FAILED]
bad_onion_handshake: cryptodev_digest_update: illegal inputs
cryptodev_digest_update: illegal inputs
cryptodev_digest_update: illegal inputs
cryptodev_digest_update: illegal inputs
FAIL ../src/test/test.c:158: assert(! onion_skin_TAP_create(pk,
&c_dh, c_buf))
[bad_onion_handshake FAILED]
onion_queues: OK
ntor_handshake: OK
circuit_timeout: OK
rend_fns: OK
geoip: OK
geoip_with_pt: [forking] OK
stats: [forking] OK
accounting/bwlimits: [forking] OK
addr/basic: OK
addr/ip6_helpers: OK
addr/parse: OK
addr/virtaddr: OK
addr/localname: OK
addr/dup_ip: OK
addr/sockaddr_to_str: OK
addr/is_loopback: OK
addr/make_null: OK
address/get_if_addrs_ifaddrs: [forking] OK
address/ifaddrs_to_smartlist: OK
address/get_if_addrs_ioctl: [forking] OK
address/ifreq_to_smartlist: OK
buffer/basic: [forking] OK
buffer/copy: [forking] OK
buffer/pullup: [forking] OK
buffer/ext_or_cmd: [forking] OK
buffer/allocation_tracking: [forking] OK
buffer/time_tracking: [forking] OK
buffer/zlib: [forking] OK
buffer/zlib_fin_with_nil: [forking] OK
buffer/zlib_fin_at_chunk_end: [forking] OK
cellfmt/relay_header: OK
cellfmt/begin_cells: OK
cellfmt/connected_cells: OK
cellfmt/create_cells: OK
cellfmt/created_cells: OK
cellfmt/extend_cells: OK
cellfmt/extended_cells: OK
cellfmt/resolved_cells: OK
cellfmt/is_destroy: OK
cellqueue/basic: [forking] OK
cellqueue/circ_n_cells: [forking] OK
channel/dumpstats: [forking] OK
channel/flush: [forking] OK
channel/flushmux: [forking] OK
channel/incoming: [forking] OK
channel/lifecycle: [forking] OK
channel/lifecycle_2: [forking] OK
channel/multi: [forking] OK
channel/queue_impossible: [forking] OK
channel/queue_size: [forking] OK
channel/write: [forking] OK
channeltls/create: [forking] OK
channeltls/num_bytes_queued: [forking] OK
channeltls/overhead_estimate: [forking] OK
checkdir/perms: [forking] OK
circuitlist/maps: [forking] OK
circuitlist/rend_token_maps: [forking] OK
circuitlist/pick_circid: [forking] OK
circuitmux/destroy_cell_queue: [forking] OK
config/resolve_my_address: [forking] OK
config/addressmap: OK
config/parse_bridge_line: OK
config/parse_transport_options_line: OK
config/parse_transport_plugin_line: [forking] OK
config/check_or_create_data_subdir: [forking] OK
config/write_to_data_subdir: [forking] OK
config/fix_my_family: OK
container/smartlist_basic: OK
container/smartlist_strings: OK
container/smartlist_overlap: OK
container/smartlist_digests: OK
container/smartlist_join: OK
container/smartlist_ints_eq: OK
container/bitarray: OK
container/digestset: OK
container/strmap: OK
container/pqueue: OK
container/order_functions: OK
container/di_map: OK
container/fp_pair_map: OK
control/bucket_note_empty: OK
control/bucket_millis_empty: OK
control/sum_up_cell_stats: OK
control/append_cell_stats: OK
control/format_cell_stats: OK
crypto/formats: OK
crypto/rng: OK
crypto/aes_AES: [forking] OK
crypto/aes_EVP: [forking] OK
crypto/sha: OK
crypto/pk: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_crypto.c:427: assert(128 OP_EQ
crypto_pk_public_encrypt(pk2, data1, sizeof(data1), "Hello whirled.",
15, PK_PKCS1_OAEP_PADDING)): 128 vs -1
[pk FAILED]
crypto/pk_fingerprints: [forking] OK
crypto/digests: OK
crypto/dh: OK
crypto/aes_iv_AES: [forking] OK
crypto/aes_iv_EVP: [forking] OK
crypto/base32_decode: OK
crypto/kdf_TAP: OK
crypto/hkdf_sha256: OK
crypto/curve25519_impl: OK
crypto/curve25519_impl_hibit: OK
crypto/curve25519_wrappers: OK
crypto/curve25519_encode: OK
crypto/curve25519_persist: OK
crypto/ed25519_simple: OK
crypto/ed25519_test_vectors: OK
crypto/ed25519_encode: OK
crypto/ed25519_convert: OK
crypto/ed25519_blinding: OK
crypto/ed25519_testvectors: OK
crypto/siphash: OK
dir/nicknames: [forking] OK
dir/formats: [forking] OK
dir/routerparse_bad: OK
dir/extrainfo_parsing: OK
dir/parse_router_list: [forking] OK
dir/load_routers: [forking] OK
dir/load_extrainfo: [forking] OK
dir/versions: [forking] OK
dir/fp_pairs: [forking] OK
dir/split_fps: OK
dir/measured_bw_kb: [forking] OK
dir/measured_bw_kb_cache: [forking] OK
dir/param_voting: [forking] OK
dir/v3_networkstatus: [forking] OK
dir/random_weighted: OK
dir/scale_bw: OK
dir/clip_unmeasured_bw_kb: [forking] OK
dir/clip_unmeasured_bw_kb_alt: [forking] OK
dir/fmt_control_ns: OK
dir/http_handling: OK
dir/purpose_needs_anonymity: OK
dir/fetch_type: OK
dir/packages: OK
dir/md/cache: [forking] OK
dir/md/broken_cache: [forking] OK
dir/md/generate: OK
dir/md/parse: OK
dir/md/reject_cache: [forking] OK
entryconn/rewrite_basic: [forking] OK
entryconn/rewrite_bad_dotexit: [forking] OK
entryconn/rewrite_automap_ipv4: [forking] OK
entryconn/rewrite_automap_ipv6: [forking] OK
entryconn/rewrite_cached_dns_ipv4: [forking] OK
entryconn/rewrite_cached_dns_ipv6: [forking] OK
entryconn/rewrite_unmapped_virtual: [forking] OK
entryconn/rewrite_mapaddress: [forking] OK
entryconn/rewrite_reject_internal_reverse: [forking] OK
entryconn/rewrite_automap_exit: [forking] OK
entryconn/rewrite_mapaddress_exit: [forking] OK
entryconn/rewrite_mapaddress_automap_onion: [forking] OK
entryconn/rewrite_mapaddress_automap_onion2: [forking] OK
entryconn/rewrite_mapaddress_automap_onion3: [forking] OK
entryconn/rewrite_mapaddress_automap_onion4: [forking] OK
entrynodes/entry_is_time_to_retry: [forking] OK
entrynodes/choose_random_entry_no_guards: [forking] OK
entrynodes/choose_random_entry_one_possibleguard: [forking] OK
entrynodes/populate_live_entry_guards_1guard: [forking] OK
entrynodes/populate_live_entry_guards_3guards: [forking] OK
entrynodes/entry_guards_parse_state_simple: [forking] OK
entrynodes/entry_guards_parse_state_pathbias: [forking] OK
entrynodes/entry_guards_set_from_config: [forking] OK
entrynodes/entry_is_live: [forking] OK
guardfraction/parse_guardfraction_file_bad: [forking] OK
guardfraction/parse_guardfraction_file_good: [forking] OK
guardfraction/parse_guardfraction_consensus: [forking] OK
guardfraction/get_guardfraction_bandwidth: [forking] OK
guardfraction/should_apply_guardfraction: [forking] OK
extorport/id_map: [forking] OK
extorport/write_command: [forking] OK
extorport/init_auth: [forking] OK
extorport/cookie_auth: [forking] OK
extorport/cookie_auth_testvec: [forking] OK
extorport/handshake: [forking] OK
hs/hs_desc_event: [forking] OK
hs/pick_tor2web_rendezvous_node: [forking] OK
hs/pick_bad_tor2web_rendezvous_node: [forking] OK
introduce/early_parse_v0: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[early_parse_v0 FAILED]
introduce/early_parse_v1: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[early_parse_v1 FAILED]
introduce/early_parse_v2: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[early_parse_v2 FAILED]
introduce/early_parse_v3: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r >
0)cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[early_parse_v3 FAILED]
introduce/decrypt_v0: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[decrypt_v0 FAILED]
introduce/decrypt_v1: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[decrypt_v1 FAILED]
introduce/decrypt_v2: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[decrypt_v2 FAILED]
introduce/decrypt_v3: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r >
0)cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[decrypt_v3 FAILED]
introduce/late_parse_v0: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[late_parse_v0 FAILED]
introduce/late_parse_v1: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[late_parse_v1 FAILED]
introduce/late_parse_v2: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[late_parse_v2 FAILED]
introduce/late_parse_v3: cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r >
0)cryptodev_digest_update: illegal inputs
FAIL ../src/test/test_introduce.c:381: assert(r >= 0)
FAIL ../src/test/test_introduce.c:305: assert(r > 0)
[late_parse_v3 FAILED]
nodelist/node_get_verbose_nickname_by_id_null_node: [forking] OK
nodelist/node_get_verbose_nickname_not_named: [forking] OK
oom/circbuf: [forking] OK
oom/streambuf: [forking] OK
options/validate: [forking] OK
policy/router_dump_exit_policy_to_string: OK
policy/general: OK
pt/parsing: OK
pt/protocol: OK
pt/get_transport_options: [forking] OK
pt/get_extrainfo_string: [forking] OK
pt/configure_proxy: [forking] OK
pt/get_pt_proxy_uri: [forking] OK
relay/append_cell_to_circuit_queue: [forking] OK
relaycell/resolved: [forking] OK
replaycache/alloc: OK
replaycache/badalloc: OK
replaycache/free_null: OK
replaycache/miss: OK
replaycache/hit: OK
replaycache/age: OK
replaycache/elapsed: OK
replaycache/noexpire: OK
replaycache/scrub: OK
replaycache/future: OK
replaycache/realtime: OK
routerkeys/write_fingerprint: [forking] OK
routerlist/initiate_descriptor_downloads: OK
routerlist/launch_descriptor_downloads: OK
routerset/routerset_new: [forking] OK
routerset/routerset_get_countryname: [forking] OK
routerset/routerset_is_list: [forking] OK
routerset/routerset_needs_geoip: [forking] OK
routerset/routerset_is_empty: [forking] OK
routerset/routerset_contains__null_set_or_null_set_list: [forking] OK
routerset/routerset_contains__set_and_nickname: [forking] OK
routerset/routerset_contains__set_and_null_nickname: [forking] OK
routerset/routerset_contains__set_and_no_nickname: [forking] OK
routerset/routerset_contains__set_and_digest: [forking] OK
routerset/routerset_contains__set_and_no_digest: [forking] OK
routerset/routerset_contains__set_and_null_digest: [forking] OK
routerset/routerset_contains__set_and_addr: [forking] OK
routerset/routerset_contains__set_and_no_addr: [forking] OK
routerset/routerset_contains__set_and_null_addr: [forking] OK
routerset/routerset_contains__countries_no_geoip: [forking] OK
routerset/routerset_contains__countries_geoip: [forking] OK
routerset/routerset_add_unknown_ccs__only_flag_and_no_ccs: [forking] OK
routerset/routerset_add_unknown_ccs__creates_set: [forking] OK
routerset/routerset_add_unknown_ccs__add_unknown: [forking] OK
routerset/routerset_add_unknown_ccs__add_a1: [forking] OK
routerset/routerset_contains_extendinfo: [forking] OK
routerset/routerset_contains_router: [forking] OK
routerset/routerset_contains_routerstatus: [forking] OK
routerset/routerset_contains_node__none: [forking] OK
routerset/routerset_contains_node__routerinfo: [forking] OK
routerset/routerset_contains_node__routerstatus: [forking] OK
routerset/routerset_get_all_nodes__no_routerset: [forking] OK
routerset/routerset_get_all_nodes__list_with_no_nodes: [forking] OK
routerset/routerset_get_all_nodes__list_flag_not_running: [forking] OK
routerset/routerset_get_all_nodes__list: [forking] OK
routerset/routerset_get_all_nodes__nodelist_with_no_nodes: [forking] OK
routerset/routerset_get_all_nodes__nodelist_flag_not_running: [forking] OK
routerset/routerset_refresh_counties__geoip_not_loaded: [forking] OK
routerset/routerset_refresh_counties__no_countries: [forking] OK
routerset/routerset_refresh_counties__one_valid_country: [forking] OK
routerset/routerset_refresh_counties__one_invalid_country: [forking] OK
routerset/routerset_union__source_bad: [forking] OK
routerset/routerset_union__one: [forking] OK
routerset/routerset_parse__malformed: [forking] OK
routerset/routerset_parse__valid_hexdigest: [forking] OK
routerset/routerset_parse__valid_nickname: [forking] OK
routerset/routerset_parse__get_countryname: [forking] OK
routerset/routerset_parse__policy: [forking] OK
routerset/routerset_subtract_nodes: [forking] OK
routerset/routerset_subtract_nodes__null_routerset: [forking] OK
routerset/routerset_to_string: [forking] OK
routerset/routerset_equal__empty_empty: [forking] OK
routerset/routerset_equal__empty_not_empty: [forking] OK
routerset/routerset_equal__differing_lengths: [forking] OK
routerset/routerset_equal__unequal: [forking] OK
routerset/routerset_equal__equal: [forking] OK
routerset/routerset_free__null_routerset: [forking] OK
routerset/routerset_free: [forking] OK
scheduler/channel_states: [forking] OK
scheduler/compare_channels: [forking] OK
scheduler/initfree: [forking] OK
scheduler/loop: [forking] OK
scheduler/queue_heuristic: [forking] OK
socks/4_unsupported_commands: [forking] OK
socks/4_supported_commands: [forking] OK
socks/5_unsupported_commands: [forking] OK
socks/5_supported_commands: [forking] OK
socks/5_no_authenticate: [forking] OK
socks/5_auth_before_negotiation: [forking] OK
socks/5_authenticate: [forking] OK
socks/5_authenticate_with_data: [forking] OK
socks/5_malformed_commands: [forking] OK
status/count_circuits: [forking] OK
status/secs_to_uptime: [forking] OK
status/bytes_to_usage: [forking] OK
status/log_heartbeat__fails: [forking] OK
status/log_heartbeat__simple: [forking] OK
status/log_heartbeat__not_in_consensus: [forking] OK
status/log_heartbeat__calls_log_accounting: [forking] OK
status/log_heartbeat__packaged_cell_fullness: [forking] OK
status/log_heartbeat__tls_write_overhead: [forking] OK
util/time: OK
util/parse_http_time: OK
util/config_line: OK
util/config_line_quotes: OK
util/config_line_comment_character: OK
util/config_line_escaped_content: OK
util/expand_filename: OK
util/escape_string_socks: OK
util/string_is_key_value: OK
util/strmisc: OK
util/pow2: OK
util/gzip: OK
util/datadir: OK
util/memarea: OK
util/control_formats: OK
util/mmap: OK
util/sscanf: OK
util/format_time_interval: OK
util/path_is_relative: OK
util/strtok: OK
util/di_ops: OK
util/round_to_next_multiple_of: OK
util/laplace: OK
util/strclear: OK
util/find_str_at_start_of_line: OK
util/string_is_C_identifier: OK
util/asprintf: OK
util/listdir: OK
util/parent_dir: OK
util/ftruncate: OK
util/exit_status: OK
util/fgets_eagain: OK
util/format_hex_number: OK
util/format_dec_number: OK
util/join_win_cmdline: OK
util/split_lines: OK
util/n_bits_set: OK
util/eat_whitespace: OK
util/sl_new_from_text_lines: OK
util/envnames: OK
util/make_environment: OK
util/set_env_var_in_sl: OK
util/read_file_eof_tiny_limit: OK
util/read_file_eof_one_loop_a: OK
util/read_file_eof_one_loop_b: OK
util/read_file_eof_two_loops: OK
util/read_file_eof_two_loops_b: OK
util/read_file_eof_zero_bytes: OK
util/write_chunks_to_file: OK
util/mathlog: OK
util/weak_random: OK
util/socket: [forking] OK
util/socketpair: [forking] OK
util/socketpair_ersatz: [forking] OK
util/max_mem: OK
util/hostname_validation: OK
util/ipv4_validation: OK
util/logging/sigsafe_err_fds: [forking] OK
util/logging/sigsafe_err: [forking] OK
util/thread/basic: [forking] OK
util/thread/conditionvar: [forking] OK
util/thread/conditionvar_timeout: [forking] OK
More information about the tor-relays
mailing list