diff options
author | Jack Lloyd <[email protected]> | 2019-01-28 19:08:08 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-01-28 19:08:08 -0500 |
commit | 93e9c8ffed8b2eee294b7e8140935c7e7dd43641 (patch) | |
tree | d1641e5c5828af628c05d49146da30e6a6731732 /src/lib/pubkey | |
parent | e1b305fc482cec42e156adda59e6448c74fa99ab (diff) |
Avoid a harmless data race in RSA decryption
Both threads called Modular_Reducer::reduce on m, which caused the
significant words result to be written twice in an unsynchronized way.
By calling it once beforehand it is computed and cached and so no
additional writes occur.
Found with helgrind.
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r-- | src/lib/pubkey/rsa/rsa.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 441127984..0cd8bbdf4 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -249,6 +249,13 @@ class RSA_Private_Operation #endif #if defined(BOTAN_RSA_USE_ASYNC) + /* + * Precompute m.sig_words in the main thread before calling async. Otherwise + * the two threads race (during Modular_Reducer::reduce) and while the output + * is correct in both threads, helgrind warns. + */ + m.sig_words(); + auto future_j1 = std::async(std::launch::async, [this, &m, &d1_mask, powm_window]() { #endif const BigInt masked_d1 = m_key.get_d1() + (d1_mask * (m_key.get_p() - 1)); |