From 43e6654784f092370247e6d0510c5b5d71fecf41 Mon Sep 17 00:00:00 2001 From: INADA Naoki Date: Sun, 21 Aug 2011 20:32:42 +0900 Subject: Allow thread while generating key. --- OpenSSL/crypto/pkey.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c index 1f78682..debc043 100644 --- a/OpenSSL/crypto/pkey.c +++ b/OpenSSL/crypto/pkey.c @@ -52,14 +52,20 @@ crypto_PKey_generate_key(crypto_PKeyObj *self, PyObject *args) PyErr_SetString(PyExc_ValueError, "Invalid number of bits"); return NULL; } - if ((rsa = RSA_generate_key(bits, 0x10001, NULL, NULL)) == NULL) + Py_BEGIN_ALLOW_THREADS; + rsa = RSA_generate_key(bits, 0x10001, NULL, NULL); + Py_END_ALLOW_THREADS; + if (rsa == NULL) FAIL(); if (!EVP_PKEY_assign_RSA(self->pkey, rsa)) FAIL(); break; case crypto_TYPE_DSA: - if ((dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL)) == NULL) + Py_BEGIN_ALLOW_THREADS; + dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); + Py_END_ALLOW_THREADS; + if (dsa == NULL) FAIL(); if (!DSA_generate_key(dsa)) FAIL(); -- cgit v1.2.1 From e4582b0bba49f8958d0f39621427361a2e0121f7 Mon Sep 17 00:00:00 2001 From: INADA Naoki Date: Fri, 26 Aug 2011 01:17:51 +0900 Subject: Fix didn't release while DSA key generation. --- OpenSSL/crypto/pkey.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c index debc043..cb60211 100644 --- a/OpenSSL/crypto/pkey.c +++ b/OpenSSL/crypto/pkey.c @@ -64,11 +64,15 @@ crypto_PKey_generate_key(crypto_PKeyObj *self, PyObject *args) case crypto_TYPE_DSA: Py_BEGIN_ALLOW_THREADS; dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); - Py_END_ALLOW_THREADS; - if (dsa == NULL) + if (dsa == NULL) { + Py_END_ALLOW_THREADS; FAIL(); - if (!DSA_generate_key(dsa)) + } + if (!DSA_generate_key(dsa)) { + Py_END_ALLOW_THREADS; FAIL(); + } + Py_END_ALLOW_THREADS; if (!EVP_PKEY_assign_DSA(self->pkey, dsa)) FAIL(); break; -- cgit v1.2.1 From 6d1f20c13705a40b0e4bb335fdf7228c3b4dfa0f Mon Sep 17 00:00:00 2001 From: INADA Naoki Date: Fri, 26 Aug 2011 02:38:18 +0900 Subject: Fix compile error --- OpenSSL/crypto/pkey.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c index cb60211..0c76f34 100644 --- a/OpenSSL/crypto/pkey.c +++ b/OpenSSL/crypto/pkey.c @@ -65,11 +65,11 @@ crypto_PKey_generate_key(crypto_PKeyObj *self, PyObject *args) Py_BEGIN_ALLOW_THREADS; dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); if (dsa == NULL) { - Py_END_ALLOW_THREADS; + Py_BLOCK_THREADS; FAIL(); } if (!DSA_generate_key(dsa)) { - Py_END_ALLOW_THREADS; + Py_BLOCK_THREADS; FAIL(); } Py_END_ALLOW_THREADS; -- cgit v1.2.1 From cf141b18925da8889bd19c88fb39a3e705d3ae56 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Tue, 3 Apr 2012 14:50:30 -0400 Subject: Use braces for all code blocks, even short ones. Also, simplify the thread management around the DSA generation. --- OpenSSL/crypto/pkey.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c index 0c76f34..fc1cce5 100644 --- a/OpenSSL/crypto/pkey.c +++ b/OpenSSL/crypto/pkey.c @@ -55,26 +55,27 @@ crypto_PKey_generate_key(crypto_PKeyObj *self, PyObject *args) Py_BEGIN_ALLOW_THREADS; rsa = RSA_generate_key(bits, 0x10001, NULL, NULL); Py_END_ALLOW_THREADS; - if (rsa == NULL) + if (rsa == NULL) { FAIL(); - if (!EVP_PKEY_assign_RSA(self->pkey, rsa)) + } + if (!EVP_PKEY_assign_RSA(self->pkey, rsa)) { FAIL(); + } break; case crypto_TYPE_DSA: Py_BEGIN_ALLOW_THREADS; dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); + Py_END_ALLOW_THREADS; if (dsa == NULL) { - Py_BLOCK_THREADS; FAIL(); } if (!DSA_generate_key(dsa)) { - Py_BLOCK_THREADS; FAIL(); } - Py_END_ALLOW_THREADS; - if (!EVP_PKEY_assign_DSA(self->pkey, dsa)) + if (!EVP_PKEY_assign_DSA(self->pkey, dsa)) { FAIL(); + } break; default: -- cgit v1.2.1 From 5f2cd26054adff5a1fbf9ba5d56766b972f46670 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Tue, 3 Apr 2012 15:04:55 -0400 Subject: Add a multithreaded stress tester for key generation. Hopefully provides additional confidence that that code is correct with respect to threading. --- leakcheck/thread-key-gen.py | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 leakcheck/thread-key-gen.py diff --git a/leakcheck/thread-key-gen.py b/leakcheck/thread-key-gen.py new file mode 100644 index 0000000..62e1a58 --- /dev/null +++ b/leakcheck/thread-key-gen.py @@ -0,0 +1,38 @@ +# Copyright (C) Jean-Paul Calderone +# See LICENSE for details. +# +# Stress tester for thread-related bugs in RSA and DSA key generation. 0.12 and +# older held the GIL during these operations. Subsequent versions release it +# during them. + +from threading import Thread + +from OpenSSL.crypto import TYPE_RSA, TYPE_DSA, PKey + +def generate_rsa(): + keys = [] + for i in range(100): + key = PKey() + key.generate_key(TYPE_RSA, 1024) + keys.append(key) + +def generate_dsa(): + keys = [] + for i in range(100): + key = PKey() + key.generate_key(TYPE_DSA, 512) + keys.append(key) + + +def main(): + threads = [] + for i in range(3): + t = Thread(target=generate_rsa, args=()) + threads.append(t) + t = Thread(target=generate_dsa, args=()) + threads.append(t) + + for t in threads: + t.start() + +main() -- cgit v1.2.1