ruby-changes:21106
From: nahi <ko1@a...>
Date: Thu, 1 Sep 2011 16:42:44 +0900 (JST)
Subject: [ruby-changes:21106] nahi:r33155 (trunk): * Release GVL while OpenSSL's public key generation.
nahi 2011-09-01 16:42:29 +0900 (Thu, 01 Sep 2011) New Revision: 33155 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33155 Log: * Release GVL while OpenSSL's public key generation. t = Thread.new { print "."; sleep 0.1 } key = OpenSSL::PKey::RSA.new(2048) #=> Thread t works in parallel with public key generation if OS/machine allows it. This works with OpenSSL >= 0.9.8. From this version, it has new public key generation function which allows us to interrupt the execution while pkey generation iterations. * ext/openssl/extconf.rb: Check existence of OpenSSL's new public key generation function. (DH_generate_parameters_ex, DSA_generate_parameters_ex and RSA_generate_key_ex. * ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2, ossl_generate_cb_stop): Added new callback function for OpenSSL pkey generation which handles Thread interruption by Ruby. ossl_generate_cb_stop is the unblock function(ubf) for Ruby which sets a stop flag. New pkey generation callback ossl_generate_cb_2 checks the stop flag at each iterations of OpenSSL and interrupts pkey generation when the flag is set. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call rb_thread_blocking_region with the above unblock function to release GVL while pkey generation. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): ditto. * test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it. Modified files: trunk/ChangeLog trunk/ext/openssl/extconf.rb trunk/ext/openssl/ossl_pkey.c trunk/ext/openssl/ossl_pkey.h trunk/ext/openssl/ossl_pkey_dh.c trunk/ext/openssl/ossl_pkey_dsa.c trunk/ext/openssl/ossl_pkey_rsa.c trunk/test/openssl/test_pkey_dh.rb trunk/test/openssl/test_pkey_dsa.rb trunk/test/openssl/test_pkey_rsa.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 33154) +++ ChangeLog (revision 33155) @@ -1,3 +1,38 @@ +Thu Sep 1 16:18:44 2011 Hiroshi Nakamura <nahi@r...> + + * Release GVL while OpenSSL's public key generation. + + t = Thread.new { print "."; sleep 0.1 } + key = OpenSSL::PKey::RSA.new(2048) + #=> Thread t works in parallel with public key generation if + OS/machine allows it. + + This works with OpenSSL >= 0.9.8. From this version, it has new + public key generation function which allows us to interrupt the + execution while pkey generation iterations. + + * ext/openssl/extconf.rb: Check existence of OpenSSL's new public key + generation function. (DH_generate_parameters_ex, + DSA_generate_parameters_ex and RSA_generate_key_ex. + + * ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2, + ossl_generate_cb_stop): Added new callback function for OpenSSL pkey + generation which handles Thread interruption by Ruby. + ossl_generate_cb_stop is the unblock function(ubf) for Ruby which + sets a stop flag. New pkey generation callback ossl_generate_cb_2 + checks the stop flag at each iterations of OpenSSL and interrupts + pkey generation when the flag is set. + + * ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call + rb_thread_blocking_region with the above unblock function to release + GVL while pkey generation. + + * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. + + * ext/openssl/ossl_pkey_dh.c (dh_generate): ditto. + + * test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it. + Thu Sep 1 14:06:54 2011 NAKAMURA Usaku <usa@r...> * test/ruby/test_thread.rb (TestThread#test_no_valid_cfp): skip when Index: ext/openssl/ossl_pkey_dsa.c =================================================================== --- ext/openssl/ossl_pkey_dsa.c (revision 33154) +++ ext/openssl/ossl_pkey_dsa.c (revision 33155) @@ -75,9 +75,68 @@ /* * Private */ +#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB +struct dsa_blocking_gen_arg { + DSA *dsa; + int size; + unsigned char* seed; + int seed_len; + int *counter; + unsigned long *h; + BN_GENCB *cb; + int result; +}; + +static void +dsa_blocking_gen(void *arg) +{ + struct dsa_blocking_gen_arg *gen = (struct dsa_blocking_gen_arg *)arg; + gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb); +} +#endif + static DSA * dsa_generate(int size) { +#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB + BN_GENCB cb; + struct ossl_generate_cb_arg cb_arg; + struct dsa_blocking_gen_arg gen_arg; + DSA *dsa = DSA_new(); + unsigned char seed[20]; + int seed_len = 20, counter; + unsigned long h; + + if (!dsa) return 0; + if (!RAND_bytes(seed, seed_len)) { + DSA_free(dsa); + return 0; + } + + memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); + if (rb_block_given_p()) + cb_arg.yield = 1; + BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); + gen_arg.dsa = dsa; + gen_arg.size = size; + gen_arg.seed = seed; + gen_arg.seed_len = seed_len; + gen_arg.counter = &counter; + gen_arg.h = &h; + gen_arg.cb = &cb; + if (cb_arg.yield == 1) { + /* we cannot release GVL when callback proc is supplied */ + dsa_blocking_gen(&gen_arg); + } else { + /* there's a chance to unblock */ + rb_thread_blocking_region(dsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); + } + if (!gen_arg.result) { + DSA_free(dsa); + if (cb_arg.state) rb_jump_tag(cb_arg.state); + return 0; + } +#else DSA *dsa; unsigned char seed[20]; int seed_len = 20, counter; @@ -87,9 +146,9 @@ return 0; } dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h, - rb_block_given_p() ? ossl_generate_cb : NULL, - NULL); + rb_block_given_p() ? ossl_generate_cb : NULL, NULL); if(!dsa) return 0; +#endif if (!DSA_generate_key(dsa)) { DSA_free(dsa); Index: ext/openssl/ossl_pkey_rsa.c =================================================================== --- ext/openssl/ossl_pkey_rsa.c (revision 33154) +++ ext/openssl/ossl_pkey_rsa.c (revision 33155) @@ -76,12 +76,76 @@ /* * Private */ +#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB +struct rsa_blocking_gen_arg { + RSA *rsa; + BIGNUM *e; + int size; + BN_GENCB *cb; + int result; +}; + +static void +rsa_blocking_gen(void *arg) +{ + struct rsa_blocking_gen_arg *gen = (struct rsa_blocking_gen_arg *)arg; + gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb); +} +#endif + static RSA * rsa_generate(int size, int exp) { - return RSA_generate_key(size, exp, - rb_block_given_p() ? ossl_generate_cb : NULL, - NULL); +#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB + int i; + BN_GENCB cb; + struct ossl_generate_cb_arg cb_arg; + struct rsa_blocking_gen_arg gen_arg; + RSA *rsa = RSA_new(); + BIGNUM *e = BN_new(); + + if (!rsa || !e) { + if (e) BN_free(e); + if (rsa) RSA_free(rsa); + return 0; + } + for (i = 0; i < (int)sizeof(exp); ++i) { + if (exp & (1 << i)) { + if (BN_set_bit(e, i) == 0) { + BN_free(e); + RSA_free(rsa); + return 0; + } + } + } + + memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); + if (rb_block_given_p()) + cb_arg.yield = 1; + BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); + gen_arg.rsa = rsa; + gen_arg.e = e; + gen_arg.size = size; + gen_arg.cb = &cb; + if (cb_arg.yield == 1) { + /* we cannot release GVL when callback proc is supplied */ + rsa_blocking_gen(&gen_arg); + } else { + /* there's a chance to unblock */ + rb_thread_blocking_region(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); + } + if (!gen_arg.result) { + BN_free(e); + RSA_free(rsa); + if (cb_arg.state) rb_jump_tag(cb_arg.state); + return 0; + } + + BN_free(e); + return rsa; +#else + return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL); +#endif } /* Index: ext/openssl/ossl_pkey.c =================================================================== --- ext/openssl/ossl_pkey.c (revision 33154) +++ ext/openssl/ossl_pkey.c (revision 33155) @@ -33,6 +33,42 @@ rb_yield(ary); } +#if HAVE_BN_GENCB +/* OpenSSL 2nd version of GN generation callback */ +int +ossl_generate_cb_2(int p, int n, BN_GENCB *cb) +{ + VALUE ary, ret; + struct ossl_generate_cb_arg *arg; + int state; + + arg = (struct ossl_generate_cb_arg *)cb->arg; + if (arg->yield) { + ary = rb_ary_new2(2); + rb_ary_store(ary, 0, INT2NUM(p)); + rb_ary_store(ary, 1, INT2NUM(n)); + + /* + * can be break by raising exception or 'break' + */ + ret = rb_protect(rb_yield, ary, &state); + if (state) { + arg->stop = 1; + arg->state = state; + } + } + if (arg->stop) return 0; + return 1; +} + +void +ossl_generate_cb_stop(void *ptr) +{ + struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr; + arg->stop = 1; +} +#endif + /* * Public */ Index: ext/openssl/ossl_pkey.h =================================================================== --- ext/openssl/ossl_pkey.h (revision 33154) +++ ext/openssl/ossl_pkey.h (revision 33155) @@ -39,6 +39,16 @@ } while (0) void ossl_generate_cb(int, int, void *); +#define HAVE_BN_GENCB defined(HAVE_RSA_GENERATE_KEY_EX) || defined(HAVE_DH_GENERATE_PARAMETERS_EX) || defined(HAVE_DSA_GENERATE_PARAMETERS_EX) +#if HAVE_BN_GENCB +struct ossl_generate_cb_arg { + int yield; + int stop; + int state; +}; +int ossl_generate_cb_2(int p, int n, BN_GENCB *cb); +void ossl_generate_cb_stop(void *ptr); +#endif VALUE ossl_pkey_new(EVP_PKEY *); VALUE ossl_pkey_new_from_file(VALUE); Index: ext/openssl/ossl_pkey_dh.c =================================================================== --- ext/openssl/ossl_pkey_dh.c (revision 33154) +++ ext/openssl/ossl_pkey_dh.c (revision 33155) @@ -81,21 +81,67 @@ /* * Private */ +#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB +struct dh_blocking_gen_arg { + DH *dh; + int size; + int gen; + BN_GENCB *cb; + int result; +}; + +static void +dh_blocking_gen(void *arg) +{ + struct dh_blocking_gen_arg *gen = (struct dh_blocking_gen_arg *)arg; + gen->result = DH_generate_parameters_ex(gen->dh, gen->size, gen->gen, gen->cb); +} +#endif + static DH * dh_generate(int size, int gen) { - DH *dh; +#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB + BN_GENCB cb; + struct ossl_generate_cb_arg cb_arg; + struct dh_blocking_gen_arg gen_arg; + DH *dh = DH_new(); - dh = DH_generate_parameters(size, gen, - rb_block_given_p() ? ossl_generate_cb : NULL, - NULL); if (!dh) return 0; - if (!DH_generate_key(dh)) { + memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); + if (rb_block_given_p()) + cb_arg.yield = 1; + BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); + gen_arg.dh = dh; + gen_arg.size = size; + gen_arg.gen = gen; + gen_arg.cb = &cb; + if (cb_arg.yield == 1) { + /* we cannot release GVL when callback proc is supplied */ + dh_blocking_gen(&gen_arg); + } else { + /* there's a chance to unblock */ + rb_thread_blocking_region(dh_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); + } + + if (!gen_arg.result) { DH_free(dh); + if (cb_arg.state) rb_jump_tag(cb_arg.state); return 0; } +#else + DH *dh; + dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL); + if (!dh) return 0; +#endif + + if (!DH_generate_key(dh)) { + DH_free(dh); + return 0; + } + return dh; } Index: ext/openssl/extconf.rb =================================================================== --- ext/openssl/extconf.rb (revision 33154) +++ ext/openssl/extconf.rb (revision 33155) @@ -124,6 +124,9 @@ have_func("ENGINE_load_sureware") have_func("ENGINE_load_ubsec") end +have_func("DH_generate_parameters_ex") +have_func("DSA_generate_parameters_ex") +have_func("RSA_generate_key_ex") if checking_for('OpenSSL version is 0.9.7 or later') { try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h') } Index: test/openssl/test_pkey_dh.rb =================================================================== --- test/openssl/test_pkey_dh.rb (revision 33154) +++ test/openssl/test_pkey_dh.rb (revision 33155) @@ -8,6 +8,13 @@ assert_key(dh) end + def test_new_break + assert_nil(OpenSSL::PKey::DH.new(256) { break }) + assert_raises(RuntimeError) do + OpenSSL::PKey::DH.new(256) { raise } + end + end + def test_to_der dh = OpenSSL::PKey::DH.new(256) der = dh.to_der Index: test/openssl/test_pkey_dsa.rb =================================================================== --- test/openssl/test_pkey_dsa.rb (revision 33154) +++ test/openssl/test_pkey_dsa.rb (revision 33155) @@ -22,6 +22,13 @@ assert_equal([], OpenSSL.errors) end + def test_new_break + assert_nil(OpenSSL::PKey::DSA.new(512) { break }) + assert_raise(RuntimeError) do + OpenSSL::PKey::DSA.new(512) { raise } + end + end + def test_sys_sign_verify key = OpenSSL::TestUtils::TEST_KEY_DSA256 data = 'Sign me!' Index: test/openssl/test_pkey_rsa.rb =================================================================== --- test/openssl/test_pkey_rsa.rb (revision 33154) +++ test/openssl/test_pkey_rsa.rb (revision 33155) @@ -48,6 +48,13 @@ assert_equal([], OpenSSL.errors) end + def test_new_break + assert_nil(OpenSSL::PKey::RSA.new(1024) { break }) + assert_raise(RuntimeError) do + OpenSSL::PKey::RSA.new(1024) { raise } + end + end + def test_sign_verify key = OpenSSL::TestUtils::TEST_KEY_RSA1024 digest = OpenSSL::Digest::SHA1.new -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/