From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 2/4] Tor: Use crypto hardware acceleration if available
Date: Mon, 04 Oct 2021 10:49:33 +0000
Message-ID: <32b28612-0d1b-40f2-6ec7-585b49c186d2@ipfire.org>
In-Reply-To: <5438800B-3D00-4F77-9359-99332D90E85B@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7772654179481896002=="
List-Id: <development.lists.ipfire.org>

--===============7772654179481896002==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Michael,

thanks for your reply.

To quote from Tor's manpage (see https://2019.www.torproject.org/docs/tor-man=
ual.html.en#HardwareAccel
for an online version of it):

>        HardwareAccel 0|1
>            If non-zero, try to use built-in (static) crypto hardware
>            acceleration when available. Can not be changed while tor is
>            running. (Default: 0)

Even if it is available, Tor does not use hardware crypto acceleration by def=
ault. While I consider
this a reasonable default for Tor users not trusting their hardware, we agree=
d on doing so a while
ago (https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommit;h=3D13eab1060d0474=
ddf413386de0361e32113f8cb7).

Therefore, this needs to be enabled explicitly, which is what this patch is g=
ood for. :-)

I hope to have your question answered.

Thanks, and best regards,
Peter M=C3=BCller


> Hello,
>=20
> Can you elaborate a little bit more on this?
>=20
> Tor is using OpenSSL which by default should use RDRAND, AES-NI (if applica=
ble) and so on.
>=20
> What does this option change?
>=20
> -Michael
>=20
>> On 25 Sep 2021, at 08:08, Peter M=C3=BCller <peter.mueller(a)ipfire.org> w=
rote:
>>
>> Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
>> ---
>> html/cgi-bin/tor.cgi | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
>> index ce579aec1..2b0d93336 100644
>> --- a/html/cgi-bin/tor.cgi
>> +++ b/html/cgi-bin/tor.cgi
>> @@ -731,6 +731,7 @@ sub BuildConfiguration() {
>>
>> 	# Global settings.
>> 	print FILE "Sandbox 1\n";
>> +	print FILE "HardwareAccel 1\n";
>> 	print FILE "ControlPort $TOR_CONTROL_PORT\n";
>>
>> 	if ($settings{'TOR_ENABLED'} eq 'on') {
>> --=20
>> 2.26.2
>=20

--===============7772654179481896002==--