[tor-relays] HW-Accelerated OpenSSL & Tor not playing nicely.

12xBTM 12xbtm at gmail.com
Sat May 2 15:09:38 UTC 2015


Thanks for your help. I left it out of my email, but I actually did do 
it. Except for the ls bit. I originally ran the config without "shared", 
encountered an error later down the road, deleted the extracted 
directory, and redid the config correctly, and then just simply did 
"sudo make" and then "sudo made install" without doing anything about 
the original library, which i assume was overwritten. But maybe I just 
corrupted it? Do I just delete the library's directory and retry, or is 
there something more?

  The "DUSE_CRYPTODEV_DIGESTS" is seen in the Tor error log because 
cryptodev digests are giving errors. I also don't see an entry about the 
"running the test suite" in the README. I see mention of a patch for 
Crytodev for OPENSSL, but, when on the site it links, I have no idea how 
to apply the patch for it says nothing patching it. (Sorry, I'm a total 
linux newb) Also, on the cryptodev-linux page: 
https://github.com/cryptodev-linux/cryptodev-linux/blob/master/NEWS , it 
says 1.7 was released in 07 Feb, 2015, which is long after the release 
of the patch that is talked about in the readme. Likewise, the patch 
linked is a whole year older than the version of OpenSSL I'm using, but 
it may not be part of the standard distribution of OpenSSL.

Also, I see the mention of GnuTLS in Crypodev, if there's a better way 
to go about having HW-accelerated crypto for Tor (excluding Intel 
aes-ni), please let me know.

On 2.5.15 10:46, Yawning Angel wrote:
> On Sat, 02 May 2015 09:42:42 -0400
> 12xBTM <12xbtm at gmail.com> wrote:
>
>> Step 1: Getting OpenSSL to become Hardware-Accelerated
>>
>> sudo apt-get install linux-image-3.14.39-ti-r61
>> sudo apt-get install linux-headers-3.14.39-ti-r61
>> wget
>> http://download.gna.org/cryptodev-linux/cryptodev-linux-1.7.tar.gz
>> tar zxf cryptodev-linux-1.7.tar.gz cd cryptodev-linux-1.7/
>> sudo make
>> sudo make install
>> sudo depmod -a
>> sudo modprobe cryptodev
>> lsmod
>> sudo sh -c 'echo cryptodev>>/etc/modules'
>> cd ~
>> wget https://www.openssl.org/source/openssl-1.0.2a.tar.gz
>> tar zxf openssl-1.0.2a.tar.gz
>> cd openssl-1.0.2a/
> You left out, patching OpenSSL's cryptodev support to function.
>
>> ls
>> ./config -DHAVE_CRYPTODEV -DUSE_CRYPTDEV_DIGESTS shared
>> sudo make
>> sudo make install
> And you left out "running the test suite, which according to the bug in
> OpenSSL's bugtracker, would have failed".
>
> Both of these dastardly details are hidden in the depths of the file
> misleadingly titled "README" in cryptodev-linux-1.7.tar.gz, under the
> heading "* OpenSSL:".
>
> Regards,
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150502/8648ae37/attachment.html>


More information about the tor-relays mailing list