plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

Enable hardware acceleration in TOR

Open haarp opened this issue 3 years ago • 1 comments

On suitable hardware platforms, FreeBSD/OPNsense supports hardware acceleration for crypto. Verified with https://stackoverflow.com/a/28614159/5424487

TOR however is not set up to make use of this. This change should enable it. Especially useful on those weak CPUs commonly used in router boxes. From https://www.freebsd.org/cgi/man.cgi?tor(1):

       HardwareAccel 0|1
	   If non-zero,	try to use built-in (static) crypto hardware
	   acceleration	when available.	Can not	be changed while tor is
	   running. (Default: 0)

Because TOR (or rather OpenSSL) will fall back to software crypto when hardware crypto is not available, I see no need to make this flag configurable in the web UI, making this a very trivial PR :)

haarp avatar Oct 11 '22 11:10 haarp

And if anyone is worried about compromised hardware instructions, Tor already took precautions: https://gitlab.torproject.org/tpo/core/tor/-/issues/10402

haarp avatar Oct 11 '22 12:10 haarp

Sure, why not. Thanks!

fichtner avatar Oct 18 '22 12:10 fichtner