aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2019-01-28 19:08:08 -0500
committerJack Lloyd <[email protected]>2019-01-28 19:08:08 -0500
commit93e9c8ffed8b2eee294b7e8140935c7e7dd43641 (patch)
treed1641e5c5828af628c05d49146da30e6a6731732 /src/lib/pubkey
parente1b305fc482cec42e156adda59e6448c74fa99ab (diff)
Avoid a harmless data race in RSA decryption
Both threads called Modular_Reducer::reduce on m, which caused the significant words result to be written twice in an unsynchronized way. By calling it once beforehand it is computed and cached and so no additional writes occur. Found with helgrind.
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r--src/lib/pubkey/rsa/rsa.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index 441127984..0cd8bbdf4 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -249,6 +249,13 @@ class RSA_Private_Operation
#endif
#if defined(BOTAN_RSA_USE_ASYNC)
+ /*
+ * Precompute m.sig_words in the main thread before calling async. Otherwise
+ * the two threads race (during Modular_Reducer::reduce) and while the output
+ * is correct in both threads, helgrind warns.
+ */
+ m.sig_words();
+
auto future_j1 = std::async(std::launch::async, [this, &m, &d1_mask, powm_window]() {
#endif
const BigInt masked_d1 = m_key.get_d1() + (d1_mask * (m_key.get_p() - 1));