OpenSSL dynamic hardware engines in 0.2.2.1-alpha

coderman coderman at gmail.com
Sun Aug 30 22:14:23 UTC 2009


The new 0.2.2.1-alpha release includes support for dynamic crypto
offload engines in OpenSSL. Two new config options are added to the
existing HardwareAccel boolean:

HardwareAccel 0|1 : If non-zero, try to use built-in (static) crypto
hardware acceleration when available. (Default: 0)

AccelName NAME : When using OpenSSL hardware crypto acceleration
attempt to load the dynamic engine of this name. This must be used for
any dynamic hardware engine. Names can be verified with the openssl
engine command.

AccelDir DIR : Specify this option if using dynamic hardware
acceleration and the engine implementation library resides somewhere
other than the OpenSSL default.

In most cases OpenSSL will know where to find its dynamic engine
shared library files and only "AccelName" needs to be set.

For example, to enable the padlock engine add:
HardwareAccel 1
AccelName padlock

to your torrc.

If the engine is successfully loaded you should see confirmation in
the notices.log similar to:
Aug 30 15:04:17.844 [notice] Tor 0.2.2.1-alpha (git-1092fdca53ec0110)
opening new log file.
Aug 30 15:04:17.864 [notice] Parsing GEOIP file.
Aug 30 15:04:18.374 [notice] Using OpenSSL engine VIA PadLock: RNG
(not used) ACE2 PHE(8192) PMM  [padlock] for SHA1
Aug 30 15:04:18.374 [notice] Using OpenSSL engine VIA PadLock: RNG
(not used) ACE2 PHE(8192) PMM  [padlock] for AES
...

Best regards,



More information about the tor-talk mailing list