Fix thread safety issue in RSA operations
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).
The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.
A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
diff --git a/ChangeLog b/ChangeLog
index c9f2e10..2c68696 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,7 @@
errors on use of deprecated functions.
Bugfix
+ * Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
* Fix hardclock() (only used in the benchmarking program) with some
versions of mingw64 (found by kxjhlele).
* Fix warnings from mingw64 in timing.c (found by kxjklele).