The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).
The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.
A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
* md_hmac: (21 commits)
Add more tests for MD utility functions
Rework documentation of MD layer
Check return value of the TLS PRF
Make tls1_prf and tls12_prf more efficient
Factor tls_prf_sha{256,384} together
Reintroduce md_init_ctx compatibility wrapper
Rename md_init_ctx() to md_setup()
Update doxygen documentation on HMAC
Clean up unneeded things
Make hmac_ctx optional
Make ipad/opad dynamic and more opaque
Remove ipad and opad from specific md contexts
Remove specific xxx_hmac functions
Remove use of xxx_hmac() in program
Remove calls to xxx_hmac() from SSL modules
Remove references to xxx_hmac() from MD layer
Remove tests for xxx_hmac()
Implement hmac in the MD layer
Add generic HMAC tests from mdx.data
Fix tests and programs to use md_get_xxx()
...
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
In preparation of moving HMAC to the MD layer, this ensures all tests that are
present in a specific MDx/SHAx suite are now present in the MD suite too.
- more freedom for us to change it in the future
- enforces hygiene
- performance impact of making accessors no longer inline should really be
negligible
* mbedtls-1.3:
Update generated file
Update Changelog for deprecation config flags
Fix tests to work with DEPRECATED_REMOVED
Add POLARSSL_DEPRECATED_{WARNING,REMOVED}
Suppress clang warning we don't want
