From d3507e3ea697be7aab4e9344c379d6b277cf81cf Mon Sep 17 00:00:00 2001 From: nahi Date: Thu, 1 Sep 2011 07:42:29 +0000 Subject: * Release GVL while OpenSSL's public key generation. t = Thread.new { print "."; sleep 0.1 } key = OpenSSL::PKey::RSA.new(2048) #=> Thread t works in parallel with public key generation if OS/machine allows it. This works with OpenSSL >= 0.9.8. From this version, it has new public key generation function which allows us to interrupt the execution while pkey generation iterations. * ext/openssl/extconf.rb: Check existence of OpenSSL's new public key generation function. (DH_generate_parameters_ex, DSA_generate_parameters_ex and RSA_generate_key_ex. * ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2, ossl_generate_cb_stop): Added new callback function for OpenSSL pkey generation which handles Thread interruption by Ruby. ossl_generate_cb_stop is the unblock function(ubf) for Ruby which sets a stop flag. New pkey generation callback ossl_generate_cb_2 checks the stop flag at each iterations of OpenSSL and interrupts pkey generation when the flag is set. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call rb_thread_blocking_region with the above unblock function to release GVL while pkey generation. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): ditto. * test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/extconf.rb | 3 ++ ext/openssl/ossl_pkey.c | 36 +++++++++++++++++++++++ ext/openssl/ossl_pkey.h | 10 +++++++ ext/openssl/ossl_pkey_dh.c | 56 ++++++++++++++++++++++++++++++++---- ext/openssl/ossl_pkey_dsa.c | 63 ++++++++++++++++++++++++++++++++++++++-- ext/openssl/ossl_pkey_rsa.c | 70 +++++++++++++++++++++++++++++++++++++++++++-- 6 files changed, 228 insertions(+), 10 deletions(-) (limited to 'ext') diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 920caa641d..114f8058a8 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -124,6 +124,9 @@ if have_header("openssl/engine.h") have_func("ENGINE_load_sureware") have_func("ENGINE_load_ubsec") end +have_func("DH_generate_parameters_ex") +have_func("DSA_generate_parameters_ex") +have_func("RSA_generate_key_ex") if checking_for('OpenSSL version is 0.9.7 or later') { try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h') } diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index f785e66c00..e07e659319 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -33,6 +33,42 @@ ossl_generate_cb(int p, int n, void *arg) rb_yield(ary); } +#if HAVE_BN_GENCB +/* OpenSSL 2nd version of GN generation callback */ +int +ossl_generate_cb_2(int p, int n, BN_GENCB *cb) +{ + VALUE ary, ret; + struct ossl_generate_cb_arg *arg; + int state; + + arg = (struct ossl_generate_cb_arg *)cb->arg; + if (arg->yield) { + ary = rb_ary_new2(2); + rb_ary_store(ary, 0, INT2NUM(p)); + rb_ary_store(ary, 1, INT2NUM(n)); + + /* + * can be break by raising exception or 'break' + */ + ret = rb_protect(rb_yield, ary, &state); + if (state) { + arg->stop = 1; + arg->state = state; + } + } + if (arg->stop) return 0; + return 1; +} + +void +ossl_generate_cb_stop(void *ptr) +{ + struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr; + arg->stop = 1; +} +#endif + /* * Public */ diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h index 5e3329d326..fa426a584e 100644 --- a/ext/openssl/ossl_pkey.h +++ b/ext/openssl/ossl_pkey.h @@ -39,6 +39,16 @@ extern ID id_private_q; } while (0) void ossl_generate_cb(int, int, void *); +#define HAVE_BN_GENCB defined(HAVE_RSA_GENERATE_KEY_EX) || defined(HAVE_DH_GENERATE_PARAMETERS_EX) || defined(HAVE_DSA_GENERATE_PARAMETERS_EX) +#if HAVE_BN_GENCB +struct ossl_generate_cb_arg { + int yield; + int stop; + int state; +}; +int ossl_generate_cb_2(int p, int n, BN_GENCB *cb); +void ossl_generate_cb_stop(void *ptr); +#endif VALUE ossl_pkey_new(EVP_PKEY *); VALUE ossl_pkey_new_from_file(VALUE); diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 748d9c82fd..7f62db48d8 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -81,20 +81,66 @@ ossl_dh_new(EVP_PKEY *pkey) /* * Private */ +#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB +struct dh_blocking_gen_arg { + DH *dh; + int size; + int gen; + BN_GENCB *cb; + int result; +}; + +static void +dh_blocking_gen(void *arg) +{ + struct dh_blocking_gen_arg *gen = (struct dh_blocking_gen_arg *)arg; + gen->result = DH_generate_parameters_ex(gen->dh, gen->size, gen->gen, gen->cb); +} +#endif + static DH * dh_generate(int size, int gen) { - DH *dh; +#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB + BN_GENCB cb; + struct ossl_generate_cb_arg cb_arg; + struct dh_blocking_gen_arg gen_arg; + DH *dh = DH_new(); - dh = DH_generate_parameters(size, gen, - rb_block_given_p() ? ossl_generate_cb : NULL, - NULL); if (!dh) return 0; - if (!DH_generate_key(dh)) { + memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); + if (rb_block_given_p()) + cb_arg.yield = 1; + BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); + gen_arg.dh = dh; + gen_arg.size = size; + gen_arg.gen = gen; + gen_arg.cb = &cb; + if (cb_arg.yield == 1) { + /* we cannot release GVL when callback proc is supplied */ + dh_blocking_gen(&gen_arg); + } else { + /* there's a chance to unblock */ + rb_thread_blocking_region(dh_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); + } + + if (!gen_arg.result) { DH_free(dh); + if (cb_arg.state) rb_jump_tag(cb_arg.state); return 0; } +#else + DH *dh; + + dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL); + if (!dh) return 0; +#endif + + if (!DH_generate_key(dh)) { + DH_free(dh); + return 0; + } return dh; } diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 6b10e8fdf8..3339c1dfc6 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -75,9 +75,68 @@ ossl_dsa_new(EVP_PKEY *pkey) /* * Private */ +#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB +struct dsa_blocking_gen_arg { + DSA *dsa; + int size; + unsigned char* seed; + int seed_len; + int *counter; + unsigned long *h; + BN_GENCB *cb; + int result; +}; + +static void +dsa_blocking_gen(void *arg) +{ + struct dsa_blocking_gen_arg *gen = (struct dsa_blocking_gen_arg *)arg; + gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb); +} +#endif + static DSA * dsa_generate(int size) { +#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB + BN_GENCB cb; + struct ossl_generate_cb_arg cb_arg; + struct dsa_blocking_gen_arg gen_arg; + DSA *dsa = DSA_new(); + unsigned char seed[20]; + int seed_len = 20, counter; + unsigned long h; + + if (!dsa) return 0; + if (!RAND_bytes(seed, seed_len)) { + DSA_free(dsa); + return 0; + } + + memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); + if (rb_block_given_p()) + cb_arg.yield = 1; + BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); + gen_arg.dsa = dsa; + gen_arg.size = size; + gen_arg.seed = seed; + gen_arg.seed_len = seed_len; + gen_arg.counter = &counter; + gen_arg.h = &h; + gen_arg.cb = &cb; + if (cb_arg.yield == 1) { + /* we cannot release GVL when callback proc is supplied */ + dsa_blocking_gen(&gen_arg); + } else { + /* there's a chance to unblock */ + rb_thread_blocking_region(dsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); + } + if (!gen_arg.result) { + DSA_free(dsa); + if (cb_arg.state) rb_jump_tag(cb_arg.state); + return 0; + } +#else DSA *dsa; unsigned char seed[20]; int seed_len = 20, counter; @@ -87,9 +146,9 @@ dsa_generate(int size) return 0; } dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h, - rb_block_given_p() ? ossl_generate_cb : NULL, - NULL); + rb_block_given_p() ? ossl_generate_cb : NULL, NULL); if(!dsa) return 0; +#endif if (!DSA_generate_key(dsa)) { DSA_free(dsa); diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index eba693b057..d6ae8d22bb 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -76,12 +76,76 @@ ossl_rsa_new(EVP_PKEY *pkey) /* * Private */ +#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB +struct rsa_blocking_gen_arg { + RSA *rsa; + BIGNUM *e; + int size; + BN_GENCB *cb; + int result; +}; + +static void +rsa_blocking_gen(void *arg) +{ + struct rsa_blocking_gen_arg *gen = (struct rsa_blocking_gen_arg *)arg; + gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb); +} +#endif + static RSA * rsa_generate(int size, int exp) { - return RSA_generate_key(size, exp, - rb_block_given_p() ? ossl_generate_cb : NULL, - NULL); +#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB + int i; + BN_GENCB cb; + struct ossl_generate_cb_arg cb_arg; + struct rsa_blocking_gen_arg gen_arg; + RSA *rsa = RSA_new(); + BIGNUM *e = BN_new(); + + if (!rsa || !e) { + if (e) BN_free(e); + if (rsa) RSA_free(rsa); + return 0; + } + for (i = 0; i < (int)sizeof(exp); ++i) { + if (exp & (1 << i)) { + if (BN_set_bit(e, i) == 0) { + BN_free(e); + RSA_free(rsa); + return 0; + } + } + } + + memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); + if (rb_block_given_p()) + cb_arg.yield = 1; + BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); + gen_arg.rsa = rsa; + gen_arg.e = e; + gen_arg.size = size; + gen_arg.cb = &cb; + if (cb_arg.yield == 1) { + /* we cannot release GVL when callback proc is supplied */ + rsa_blocking_gen(&gen_arg); + } else { + /* there's a chance to unblock */ + rb_thread_blocking_region(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); + } + if (!gen_arg.result) { + BN_free(e); + RSA_free(rsa); + if (cb_arg.state) rb_jump_tag(cb_arg.state); + return 0; + } + + BN_free(e); + return rsa; +#else + return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL); +#endif } /* -- cgit v1.2.3