Fix thread safety issue in RSA operations The race was due to mpi_exp_mod storing a Montgomery coefficient in the context (RM, RP, RQ). The fix was verified with -fsanitize-thread using ssl_pthread_server and two concurrent clients. A more fine-grained fix should be possible, locking just enough time to check if those values are OK and set them if not, rather than locking for the whole mpi_exp_mod() operation, but it will be for later.

commit: 88fca3ef0e497a64d39ee40766e8b780beaba914 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Mar 27 15:06:07 2015 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Mar 27 15:12:05 2015 +0100
tree: 91b2dd78f031816f964956654e6ba96bf53b40cb
parent: 39ead3ef2f7513352c415136737c2c8a00ccb4ac [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index c9f2e10..2c68696 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -25,6 +25,7 @@
      errors on use of deprecated functions.
 
 Bugfix
+   * Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
    * Fix hardclock() (only used in the benchmarking program) with some
      versions of mingw64 (found by kxjhlele).
    * Fix warnings from mingw64 in timing.c (found by kxjklele).
commit	88fca3ef0e497a64d39ee40766e8b780beaba914	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Mar 27 15:06:07 2015 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Mar 27 15:12:05 2015 +0100
tree	91b2dd78f031816f964956654e6ba96bf53b40cb
parent	39ead3ef2f7513352c415136737c2c8a00ccb4ac [diff] [blame]