Feature #19553
openDocument thread-safety of OpenSSL related classes such as OpenSSL::PKey::RSA or OpenSSL::Cipher etc
Description
From the ruby documentation it is not clear if these objects can be used (i.e. when assigned to a constant) by multiple threads.
Especially for the respective encrypting/decrypting method after those objects are fully initialized with keys etc.
If you look at what OpenSSL::PKey::RSA#private_encrypt does, it uses RSA_private_encrypt method from openssl: https://www.openssl.org/docs/man1.1.1/man3/RSA_private_encrypt.html . Which also is not documented in relation to thread-safety.
The only thing that I found so far about this subject is:
OpenSSL can generally be used safely in multi-threaded applications provided that at least two callback functions are set, the locking_function and threadid_func. Note that OpenSSL is not completely thread-safe, and unfortunately not all global resources have the necessary locks. Further, the thread-safety does not extend to things like multiple threads using the same SSL object at the same time.
from https://www.openssl.org/docs/man1.0.2/man3/threads.html
which on itself does not help much because:
- it is vague (not clear what's the meaning of both "SSL object" and "at the same time")
- I do not know if Ruby provides locking_function and threadid_func, perhaps it does https://github.com/ruby/ruby/blob/99d0a257af54aa819c6ced5f1ff8ff37e3d5342b/ext/openssl/ossl.c#L616 ?
- I am not sure what's the impact of GIL on all this
Looking at how Rails uses OpenSSL related objects, it seems that creating a new instance every time is the recommended approach. Can you confirm?
No data to display