big: DivMod and Mod should not edit their arguments #1907
Description
divLarge (called from DivMod (called from Mod)) assumes that it can temporarily shift
the divisor left and then shift it back down. This is not okay if there are multiple
parallel calls to DivMod (or Mod) using the same divisor. Since the divisor is
logically a value parameter to the operation, I believe such parallel calls should be
safe, so the code is buggy.
This manifests itself in crypto code which often does Mod by large constants shared
among goroutines (for example key parameters). The particular example posted on
golang-nuts involved elliptic.P521().P but really any operation could trigger it. Test
program below.
package main
import (
"crypto/elliptic"
"crypto/rand"
"log"
"runtime"
)
func run() {
curve := elliptic.P521()
for i := 0;; i++ {
curve.GenerateKey(rand.Reader)
if i%1000 == 0 {
log.Println(i)
}
}
}
func main() {
runtime.GOMAXPROCS(2)
go run()
run()
}