summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-09-01 07:42:29 +0000
committernahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2011-09-01 07:42:29 +0000
commitd3507e3ea697be7aab4e9344c379d6b277cf81cf (patch)
treea904f68bf5e20831cf6717663f887b5de702d321
parentca3b4133fd011b0077ea99b92bbd92c4e5cb7797 (diff)
* Release GVL while OpenSSL's public key generation.
t = Thread.new { print "."; sleep 0.1 } key = OpenSSL::PKey::RSA.new(2048) #=> Thread t works in parallel with public key generation if OS/machine allows it. This works with OpenSSL >= 0.9.8. From this version, it has new public key generation function which allows us to interrupt the execution while pkey generation iterations. * ext/openssl/extconf.rb: Check existence of OpenSSL's new public key generation function. (DH_generate_parameters_ex, DSA_generate_parameters_ex and RSA_generate_key_ex. * ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2, ossl_generate_cb_stop): Added new callback function for OpenSSL pkey generation which handles Thread interruption by Ruby. ossl_generate_cb_stop is the unblock function(ubf) for Ruby which sets a stop flag. New pkey generation callback ossl_generate_cb_2 checks the stop flag at each iterations of OpenSSL and interrupts pkey generation when the flag is set. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call rb_thread_blocking_region with the above unblock function to release GVL while pkey generation. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): ditto. * test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog35
-rw-r--r--ext/openssl/extconf.rb3
-rw-r--r--ext/openssl/ossl_pkey.c36
-rw-r--r--ext/openssl/ossl_pkey.h10
-rw-r--r--ext/openssl/ossl_pkey_dh.c56
-rw-r--r--ext/openssl/ossl_pkey_dsa.c63
-rw-r--r--ext/openssl/ossl_pkey_rsa.c70
-rw-r--r--test/openssl/test_pkey_dh.rb7
-rw-r--r--test/openssl/test_pkey_dsa.rb7
-rw-r--r--test/openssl/test_pkey_rsa.rb7
10 files changed, 284 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 2d8d2781b1d..c5c3b62c058 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,38 @@
+Thu Sep 1 16:18:44 2011 Hiroshi Nakamura <nahi@ruby-lang.org>
+
+ * Release GVL while OpenSSL's public key generation.
+
+ t = Thread.new { print "."; sleep 0.1 }
+ key = OpenSSL::PKey::RSA.new(2048)
+ #=> Thread t works in parallel with public key generation if
+ OS/machine allows it.
+
+ This works with OpenSSL >= 0.9.8. From this version, it has new
+ public key generation function which allows us to interrupt the
+ execution while pkey generation iterations.
+
+ * ext/openssl/extconf.rb: Check existence of OpenSSL's new public key
+ generation function. (DH_generate_parameters_ex,
+ DSA_generate_parameters_ex and RSA_generate_key_ex.
+
+ * ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2,
+ ossl_generate_cb_stop): Added new callback function for OpenSSL pkey
+ generation which handles Thread interruption by Ruby.
+ ossl_generate_cb_stop is the unblock function(ubf) for Ruby which
+ sets a stop flag. New pkey generation callback ossl_generate_cb_2
+ checks the stop flag at each iterations of OpenSSL and interrupts
+ pkey generation when the flag is set.
+
+ * ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call
+ rb_thread_blocking_region with the above unblock function to release
+ GVL while pkey generation.
+
+ * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
+
+ * ext/openssl/ossl_pkey_dh.c (dh_generate): ditto.
+
+ * test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it.
+
Thu Sep 1 14:06:54 2011 NAKAMURA Usaku <usa@ruby-lang.org>
* test/ruby/test_thread.rb (TestThread#test_no_valid_cfp): skip when
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 920caa641d3..114f8058a80 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -124,6 +124,9 @@ if have_header("openssl/engine.h")
have_func("ENGINE_load_sureware")
have_func("ENGINE_load_ubsec")
end
+have_func("DH_generate_parameters_ex")
+have_func("DSA_generate_parameters_ex")
+have_func("RSA_generate_key_ex")
if checking_for('OpenSSL version is 0.9.7 or later') {
try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h')
}
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index f785e66c007..e07e6593199 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -33,6 +33,42 @@ ossl_generate_cb(int p, int n, void *arg)
rb_yield(ary);
}
+#if HAVE_BN_GENCB
+/* OpenSSL 2nd version of GN generation callback */
+int
+ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
+{
+ VALUE ary, ret;
+ struct ossl_generate_cb_arg *arg;
+ int state;
+
+ arg = (struct ossl_generate_cb_arg *)cb->arg;
+ if (arg->yield) {
+ ary = rb_ary_new2(2);
+ rb_ary_store(ary, 0, INT2NUM(p));
+ rb_ary_store(ary, 1, INT2NUM(n));
+
+ /*
+ * can be break by raising exception or 'break'
+ */
+ ret = rb_protect(rb_yield, ary, &state);
+ if (state) {
+ arg->stop = 1;
+ arg->state = state;
+ }
+ }
+ if (arg->stop) return 0;
+ return 1;
+}
+
+void
+ossl_generate_cb_stop(void *ptr)
+{
+ struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
+ arg->stop = 1;
+}
+#endif
+
/*
* Public
*/
diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h
index 5e3329d3264..fa426a584ec 100644
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@@ -39,6 +39,16 @@ extern ID id_private_q;
} while (0)
void ossl_generate_cb(int, int, void *);
+#define HAVE_BN_GENCB defined(HAVE_RSA_GENERATE_KEY_EX) || defined(HAVE_DH_GENERATE_PARAMETERS_EX) || defined(HAVE_DSA_GENERATE_PARAMETERS_EX)
+#if HAVE_BN_GENCB
+struct ossl_generate_cb_arg {
+ int yield;
+ int stop;
+ int state;
+};
+int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
+void ossl_generate_cb_stop(void *ptr);
+#endif
VALUE ossl_pkey_new(EVP_PKEY *);
VALUE ossl_pkey_new_from_file(VALUE);
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 748d9c82fd0..7f62db48d8c 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -81,20 +81,66 @@ ossl_dh_new(EVP_PKEY *pkey)
/*
* Private
*/
+#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
+struct dh_blocking_gen_arg {
+ DH *dh;
+ int size;
+ int gen;
+ BN_GENCB *cb;
+ int result;
+};
+
+static void
+dh_blocking_gen(void *arg)
+{
+ struct dh_blocking_gen_arg *gen = (struct dh_blocking_gen_arg *)arg;
+ gen->result = DH_generate_parameters_ex(gen->dh, gen->size, gen->gen, gen->cb);
+}
+#endif
+
static DH *
dh_generate(int size, int gen)
{
- DH *dh;
+#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
+ BN_GENCB cb;
+ struct ossl_generate_cb_arg cb_arg;
+ struct dh_blocking_gen_arg gen_arg;
+ DH *dh = DH_new();
- dh = DH_generate_parameters(size, gen,
- rb_block_given_p() ? ossl_generate_cb : NULL,
- NULL);
if (!dh) return 0;
- if (!DH_generate_key(dh)) {
+ memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
+ if (rb_block_given_p())
+ cb_arg.yield = 1;
+ BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+ gen_arg.dh = dh;
+ gen_arg.size = size;
+ gen_arg.gen = gen;
+ gen_arg.cb = &cb;
+ if (cb_arg.yield == 1) {
+ /* we cannot release GVL when callback proc is supplied */
+ dh_blocking_gen(&gen_arg);
+ } else {
+ /* there's a chance to unblock */
+ rb_thread_blocking_region(dh_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
+ }
+
+ if (!gen_arg.result) {
DH_free(dh);
+ if (cb_arg.state) rb_jump_tag(cb_arg.state);
return 0;
}
+#else
+ DH *dh;
+
+ dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
+ if (!dh) return 0;
+#endif
+
+ if (!DH_generate_key(dh)) {
+ DH_free(dh);
+ return 0;
+ }
return dh;
}
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index 6b10e8fdf85..3339c1dfc60 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -75,9 +75,68 @@ ossl_dsa_new(EVP_PKEY *pkey)
/*
* Private
*/
+#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
+struct dsa_blocking_gen_arg {
+ DSA *dsa;
+ int size;
+ unsigned char* seed;
+ int seed_len;
+ int *counter;
+ unsigned long *h;
+ BN_GENCB *cb;
+ int result;
+};
+
+static void
+dsa_blocking_gen(void *arg)
+{
+ struct dsa_blocking_gen_arg *gen = (struct dsa_blocking_gen_arg *)arg;
+ gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb);
+}
+#endif
+
static DSA *
dsa_generate(int size)
{
+#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
+ BN_GENCB cb;
+ struct ossl_generate_cb_arg cb_arg;
+ struct dsa_blocking_gen_arg gen_arg;
+ DSA *dsa = DSA_new();
+ unsigned char seed[20];
+ int seed_len = 20, counter;
+ unsigned long h;
+
+ if (!dsa) return 0;
+ if (!RAND_bytes(seed, seed_len)) {
+ DSA_free(dsa);
+ return 0;
+ }
+
+ memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
+ if (rb_block_given_p())
+ cb_arg.yield = 1;
+ BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+ gen_arg.dsa = dsa;
+ gen_arg.size = size;
+ gen_arg.seed = seed;
+ gen_arg.seed_len = seed_len;
+ gen_arg.counter = &counter;
+ gen_arg.h = &h;
+ gen_arg.cb = &cb;
+ if (cb_arg.yield == 1) {
+ /* we cannot release GVL when callback proc is supplied */
+ dsa_blocking_gen(&gen_arg);
+ } else {
+ /* there's a chance to unblock */
+ rb_thread_blocking_region(dsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
+ }
+ if (!gen_arg.result) {
+ DSA_free(dsa);
+ if (cb_arg.state) rb_jump_tag(cb_arg.state);
+ return 0;
+ }
+#else
DSA *dsa;
unsigned char seed[20];
int seed_len = 20, counter;
@@ -87,9 +146,9 @@ dsa_generate(int size)
return 0;
}
dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h,
- rb_block_given_p() ? ossl_generate_cb : NULL,
- NULL);
+ rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
if(!dsa) return 0;
+#endif
if (!DSA_generate_key(dsa)) {
DSA_free(dsa);
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index eba693b057a..d6ae8d22bb5 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -76,12 +76,76 @@ ossl_rsa_new(EVP_PKEY *pkey)
/*
* Private
*/
+#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
+struct rsa_blocking_gen_arg {
+ RSA *rsa;
+ BIGNUM *e;
+ int size;
+ BN_GENCB *cb;
+ int result;
+};
+
+static void
+rsa_blocking_gen(void *arg)
+{
+ struct rsa_blocking_gen_arg *gen = (struct rsa_blocking_gen_arg *)arg;
+ gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb);
+}
+#endif
+
static RSA *
rsa_generate(int size, int exp)
{
- return RSA_generate_key(size, exp,
- rb_block_given_p() ? ossl_generate_cb : NULL,
- NULL);
+#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
+ int i;
+ BN_GENCB cb;
+ struct ossl_generate_cb_arg cb_arg;
+ struct rsa_blocking_gen_arg gen_arg;
+ RSA *rsa = RSA_new();
+ BIGNUM *e = BN_new();
+
+ if (!rsa || !e) {
+ if (e) BN_free(e);
+ if (rsa) RSA_free(rsa);
+ return 0;
+ }
+ for (i = 0; i < (int)sizeof(exp); ++i) {
+ if (exp & (1 << i)) {
+ if (BN_set_bit(e, i) == 0) {
+ BN_free(e);
+ RSA_free(rsa);
+ return 0;
+ }
+ }
+ }
+
+ memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
+ if (rb_block_given_p())
+ cb_arg.yield = 1;
+ BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+ gen_arg.rsa = rsa;
+ gen_arg.e = e;
+ gen_arg.size = size;
+ gen_arg.cb = &cb;
+ if (cb_arg.yield == 1) {
+ /* we cannot release GVL when callback proc is supplied */
+ rsa_blocking_gen(&gen_arg);
+ } else {
+ /* there's a chance to unblock */
+ rb_thread_blocking_region(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
+ }
+ if (!gen_arg.result) {
+ BN_free(e);
+ RSA_free(rsa);
+ if (cb_arg.state) rb_jump_tag(cb_arg.state);
+ return 0;
+ }
+
+ BN_free(e);
+ return rsa;
+#else
+ return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
+#endif
}
/*
diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
index bcba400efe4..79a3e0a92c0 100644
--- a/test/openssl/test_pkey_dh.rb
+++ b/test/openssl/test_pkey_dh.rb
@@ -8,6 +8,13 @@ class OpenSSL::TestPKeyDH < Test::Unit::TestCase
assert_key(dh)
end
+ def test_new_break
+ assert_nil(OpenSSL::PKey::DH.new(256) { break })
+ assert_raises(RuntimeError) do
+ OpenSSL::PKey::DH.new(256) { raise }
+ end
+ end
+
def test_to_der
dh = OpenSSL::PKey::DH.new(256)
der = dh.to_der
diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb
index e498e3c03a7..4bf64a51beb 100644
--- a/test/openssl/test_pkey_dsa.rb
+++ b/test/openssl/test_pkey_dsa.rb
@@ -22,6 +22,13 @@ class OpenSSL::TestPKeyDSA < Test::Unit::TestCase
assert_equal([], OpenSSL.errors)
end
+ def test_new_break
+ assert_nil(OpenSSL::PKey::DSA.new(512) { break })
+ assert_raise(RuntimeError) do
+ OpenSSL::PKey::DSA.new(512) { raise }
+ end
+ end
+
def test_sys_sign_verify
key = OpenSSL::TestUtils::TEST_KEY_DSA256
data = 'Sign me!'
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index 5ba14229af8..a7e8e229d11 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -48,6 +48,13 @@ class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
assert_equal([], OpenSSL.errors)
end
+ def test_new_break
+ assert_nil(OpenSSL::PKey::RSA.new(1024) { break })
+ assert_raise(RuntimeError) do
+ OpenSSL::PKey::RSA.new(1024) { raise }
+ end
+ end
+
def test_sign_verify
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
digest = OpenSSL::Digest::SHA1.new