[tor-dev] Hogging of second_elapsed_callback()

teor teor2345 at gmail.com
Sat Apr 14 22:48:01 UTC 2018


> On 15 Apr 2018, at 07:38, Linus Nordberg <linus at torproject.org> wrote:
> 
> Hi,
> 
> How long time can we spend signing status documents before tor gets sad?
> 
> I ask because I'm planning on putting dirauth signing keys on a
> sloooooow HSM and would like to understand if I'd have to make
> format_networkstatus_vote() and networkstatus_compute_consensus() (and
> their callers) be "restartable", much like dirvote_act() is
> "restartable".
> 
> Current measurements indicate a worst case figure of 6.5 seconds for a
> hashing and signing operation. This may even increase some over
> time. (It may also shrink considerably with some optimisations but this
> is where we are today.)

Connections and circuits might timeout over that 6.5 seconds.

Can you shift the signing to its own thread?
Or make it asynchronous?

Tor has cpuworkers, which could be used to do signing work.

T


More information about the tor-dev mailing list