Merged threading-layer into development

ChangeLog

@@ -12,6 +12,7 @@ Features
    * PSK and DHE-PSK based ciphersuites added
    * Memory allocation abstraction layer added
    * Buffer-based memory allocator added (no malloc() / free() / HEAP usage)
+   * Threading abstraction layer added (dummy / pthread / alternate)
    * Public Key abstraction layer added
    * Parsing Elliptic Curve keys
    * Parsing Elliptic Curve certificates

include/polarssl/config.h

@@ -659,6 +659,41 @@
  */
 #define POLARSSL_SSL_TRUNCATED_HMAC
 
+/**
+ * \def POLARSSL_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: POLARSSL_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+#define POLARSSL_THREADING_ALT
+ */
+
+/**
+ * \def POLARSSL_THREADING_DUMMY
+ *
+ * Provide a dummy threading implementation.
+ * Warning: If you use this, all claims of thread-safety in the documentation
+ *          are void!
+ *
+ * Requires: POLARSSL_THREADING_C
+ *
+ * Uncomment this to enable code to compile like with threading enabled
+#define POLARSSL_THREADING_DUMMY
+ */
+
+/**
+ * \def POLARSSL_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: POLARSSL_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+#define POLARSSL_THREADING_PTHREAD
+ */
+
 /**
  * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
  *
@@ -1435,6 +1470,27 @@
  */
 #define POLARSSL_SSL_TLS_C
 
+/**
+ * \def POLARSSL_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default PolarSSL assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions.
+ *
+ * Module:  library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either POLARSSL_THREADING_ALT,
+ * POLARSSL_THREADING_PTHREAD or POLARSSL_THREADING_DUMMY.
+ *
+ * Enable this layer to allow use of mutexes within PolarSSL
+#define POLARSSL_THREADING_C
+ */
+
 /**
  * \def POLARSSL_TIMING_C
  *
@@ -1784,6 +1840,32 @@
 #error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites"
 #endif
 
+#if defined(POLARSSL_THREADING_DUMMY)
+#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
+#error "POLARSSL_THREADING_DUMMY defined, but not all prerequisites"
+#endif
+#define POLARSSL_THREADING_IMPL
+#endif
+
+#if defined(POLARSSL_THREADING_PTHREAD)
+#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
+#error "POLARSSL_THREADING_PTHREAD defined, but not all prerequisites"
+#endif
+#define POLARSSL_THREADING_IMPL
+#endif
+
+#if defined(POLARSSL_THREADING_ALT)
+#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
+#error "POLARSSL_THREADING_ALT defined, but not all prerequisites"
+#endif
+#define POLARSSL_THREADING_IMPL
+#endif
+
+#if defined(POLARSSL_THREADING_C) && !defined(POLARSSL_THREADING_IMPL)
+#error "POLARSSL_THREADING_C defined, single threading implementation required"
+#endif
+#undef POLARSSL_THREADING_IMPL
+
 #if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) ||  \
     !defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) ||      \
     !defined(POLARSSL_PK_PARSE_C) )

include/polarssl/ecdsa.h

@@ -88,6 +88,7 @@ int ecdsa_verify( ecp_group *grp,
 /**
  * \brief           Compute ECDSA signature and write it to buffer,
  *                  serialized as defined in RFC 4492 page 20.
+ *                  (Not thread-safe to use same context in multiple threads)
  *
  * \param ctx       ECDSA context
  * \param hash      Message hash

include/polarssl/ecp.h

@@ -450,6 +450,7 @@ int ecp_sub( const ecp_group *grp, ecp_point *R,
 
 /**
  * \brief           Multiplication by an integer: R = m * P
+ *                  (Not thread-safe to use same group in multiple threads)
  *
  * \param grp       ECP group
  * \param R         Destination point

include/polarssl/entropy.h

@@ -41,6 +41,10 @@
 #endif
 #endif
 
+#if defined(POLARSSL_THREADING_C)
+#include "threading.h"
+#endif
+
 #if defined(POLARSSL_HAVEGE_C)
 #include "havege.h"
 #endif
@@ -106,6 +110,9 @@ typedef struct
 #if defined(POLARSSL_HAVEGE_C)
     havege_state    havege_data;
 #endif
+#if defined(POLARSSL_THREADING_C)
+    threading_mutex_t mutex;    /*!< mutex                  */
+#endif
 }
 entropy_context;
 
@@ -116,6 +123,13 @@ entropy_context;
  */
 void entropy_init( entropy_context *ctx );
 
+/**
+ * \brief           Free the data in the context
+ *
+ * \param ctx       Entropy context to free
+ */
+void entropy_free( entropy_context *ctx );
+
 /**
  * \brief           Adds an entropy source to poll
  *
@@ -142,6 +156,7 @@ int entropy_gather( entropy_context *ctx );
 
 /**
  * \brief           Retrieve entropy from the accumulator (Max ENTROPY_BLOCK_SIZE)
+ *                  (Thread-safe if POLARSSL_THREADING_C is enabled)
  *
  * \param data      Entropy context
  * \param output    Buffer to fill

include/polarssl/error.h

@@ -53,6 +53,7 @@
  * MPI       7  0x0002-0x0010
  * GCM       2  0x0012-0x0014
  * BLOWFISH  2  0x0016-0x0018
+ * THREADING 3  0x001A-0x001E
  * AES       2  0x0020-0x0022
  * CAMELLIA  2  0x0024-0x0026
  * XTEA      1  0x0028-0x0028

include/polarssl/memory.h

@@ -71,6 +71,8 @@ int memory_set_own( void * (*malloc_func)( size_t ),
  *          presented buffer and does not call malloc() and free().
  *          It sets the global polarssl_malloc() and polarssl_free() pointers
  *          to its own functions.
+ *          (Provided polarssl_malloc() and polarssl_free() are thread-safe if
+ *           POLARSSL_THREADING_C is defined)
  *
  * \note    This code is not optimized and provides a straight-forward
  *          implementation of a stack-based memory allocator.
@@ -82,6 +84,11 @@ int memory_set_own( void * (*malloc_func)( size_t ),
  */
 int memory_buffer_alloc_init( unsigned char *buf, size_t len );
 
+/**
+ * \brief   Free the mutex for thread-safety and clear remaining memory
+ */
+void memory_buffer_alloc_free();
+
 /**
  * \brief   Determine when the allocator should automatically verify the state
  *          of the entire chain of headers / meta-data.

include/polarssl/rsa.h

@@ -32,6 +32,10 @@
 #include "bignum.h"
 #include "md.h"
 
+#if defined(POLARSSL_THREADING_C)
+#include "threading.h"
+#endif
+
 /*
  * RSA Error codes
  */
@@ -100,6 +104,9 @@ typedef struct
                                       specified in the md.h header file
                                       for the EME-OAEP and EMSA-PSS
                                       encoding                          */
+#if defined(POLARSSL_THREADING_C)
+    threading_mutex_t mutex;    /*!<  Thread-safety mutex       */
+#endif
 }
 rsa_context;
 

include/polarssl/ssl.h

@@ -789,6 +789,7 @@ int ssl_get_ciphersuite_id( const char *ciphersuite_name );
 
 /**
  * \brief          Initialize an SSL context
+ *                 (An individual SSL context is not thread-safe)
  *
  * \param ssl      SSL context
  *

include/polarssl/ssl_cache.h

@@ -29,6 +29,10 @@
 
 #include "ssl.h"
 
+#if defined(POLARSSL_THREADING_C)
+#include "threading.h"
+#endif
+
 #if !defined(POLARSSL_CONFIG_OPTIONS)
 #define SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
 #define SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
@@ -64,6 +68,9 @@ struct _ssl_cache_context
     ssl_cache_entry *chain;     /*!< start of the chain     */
     int timeout;                /*!< cache entry timeout    */
     int max_entries;            /*!< maximum entries        */
+#if defined(POLARSSL_THREADING_C)
+    threading_mutex_t mutex;    /*!< mutex                  */
+#endif
 };
 
 /**
@@ -75,6 +82,7 @@ void ssl_cache_init( ssl_cache_context *cache );
 
 /**
  * \brief          Cache get callback implementation
+ *                 (Thread-safe if POLARSSL_THREADING_C is enabled)
  *
  * \param data     SSL cache context
  * \param session  session to retrieve entry for
@@ -83,6 +91,7 @@ int ssl_cache_get( void *data, ssl_session *session );
 
 /**
  * \brief          Cache set callback implementation
+ *                 (Thread-safe if POLARSSL_THREADING_C is enabled)
  *
  * \param data     SSL cache context
  * \param session  session to store entry for

include/polarssl/threading.h

@@ -0,0 +1,86 @@
+/**
+ * \file threading.h
+ *
+ * \brief Threading abstraction layer
+ *
+ *  Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_THREADING_H
+#define POLARSSL_THREADING_H
+
+#include "config.h"
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE         -0x001A  /**< The selected feature is not available. */
+#define POLARSSL_ERR_THREADING_BAD_INPUT_DATA              -0x001C  /**< Bad input parameters to function. */
+#define POLARSSL_ERR_THREADING_MUTEX_ERROR                 -0x001E  /**< Locking / unlocking / free failed with error code. */
+
+#if defined(POLARSSL_THREADING_DUMMY)
+typedef void threading_mutex_t;
+#endif
+
+#if defined(POLARSSL_THREADING_PTHREAD)
+#include <pthread.h>
+typedef pthread_mutex_t threading_mutex_t;
+#endif
+
+#if defined(POLARSSL_THREADING_ALT)
+/* You should define the threading_mutex_t type in your header */
+#include "threading_alt.h"
+
+/**
+ * \brief           Set your alternate threading implementation function
+ *                  pointers
+ *
+ * \param mutex_init    the init function implementation
+ * \param mutex_free    the free function implementation
+ * \param mutex_lock    the lock function implementation
+ * \param mutex_unlock  the unlock function implementation
+ *
+ * \return              0 if successful
+ */
+int threading_set_alt( int (*mutex_init)( threading_mutex_t * ),
+                       int (*mutex_free)( threading_mutex_t * ),
+                       int (*mutex_lock)( threading_mutex_t * ),
+                       int (*mutex_unlock)( threading_mutex_t * ) );
+#endif /* POLARSSL_THREADING_ALT_C */
+
+/*
+ * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
+ *
+ * All these functions are expected to work or the result will be undefined.
+ */
+extern int (*polarssl_mutex_init)( threading_mutex_t *mutex );
+extern int (*polarssl_mutex_free)( threading_mutex_t *mutex );
+extern int (*polarssl_mutex_lock)( threading_mutex_t *mutex );
+extern int (*polarssl_mutex_unlock)( threading_mutex_t *mutex );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* threading.h */

library/CMakeLists.txt

@@ -52,6 +52,7 @@ set(src
      ssl_cli.c
      ssl_srv.c
      ssl_tls.c
+     threading.c
      timing.c
      version.c
      x509.c

library/Makefile

@@ -54,7 +54,8 @@ OBJS=	aes.o		arc4.o		asn1parse.o		\
 		rsa.o		sha1.o		sha256.o		\
 		sha512.o	ssl_cache.o	ssl_cli.o		\
 		ssl_srv.o   ssl_ciphersuites.o			\
-		ssl_tls.o	timing.o	version.o		\
+		ssl_tls.o	threading.o	timing.o		\
+		version.o								\
 		x509.o		x509_create.o				\
 		x509_crl.o	x509_crt.o	x509_csr.o		\
 		x509write_crt.o			x509write_csr.o	\

library/entropy.c

@@ -40,6 +40,10 @@ void entropy_init( entropy_context *ctx )
 {
     memset( ctx, 0, sizeof(entropy_context) );
 
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_init( &ctx->mutex );
+#endif
+
 #if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
     sha512_starts( &ctx->accumulator, 0 );
 #else
@@ -64,6 +68,14 @@ void entropy_init( entropy_context *ctx )
 #endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
 }
 
+void entropy_free( entropy_context *ctx )
+{
+    ((void) ctx);
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_free( &ctx->mutex );
+#endif
+}
+
 int entropy_add_source( entropy_context *ctx,
                         f_source_ptr f_source, void *p_source,
                         size_t threshold )
@@ -170,16 +182,24 @@ int entropy_func( void *data, unsigned char *output, size_t len )
     if( len > ENTROPY_BLOCK_SIZE )
         return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
 
+#if defined(POLARSSL_THREADING_C)
+    if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
     /*
      * Always gather extra entropy before a call
      */
     do
     {
         if( count++ > ENTROPY_MAX_LOOP )
-            return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
+        {
+            ret = POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
+            goto exit;
+        }
 
         if( ( ret = entropy_gather( ctx ) ) != 0 )
-            return( ret );
+            goto exit;
 
         reached = 0;
 
@@ -226,7 +246,15 @@ int entropy_func( void *data, unsigned char *output, size_t len )
 
     memcpy( output, buf, len );
 
-    return( 0 );
+    ret = 0;
+
+exit:
+#if defined(POLARSSL_THREADING_C)
+    if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
+        return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
 }
 
 #endif

library/error.c

@@ -145,6 +145,10 @@
 #include "polarssl/ssl.h"
 #endif
 
+#if defined(POLARSSL_THREADING_C)
+#include "polarssl/threading.h"
+#endif
+
 #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
 #include "polarssl/x509.h"
 #endif
@@ -647,6 +651,15 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
         snprintf( buf, buflen, "SHA512 - Read/write error in file" );
 #endif /* POLARSSL_SHA512_C */
 
+#if defined(POLARSSL_THREADING_C)
+    if( use_ret == -(POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE) )
+        snprintf( buf, buflen, "THREADING - The selected feature is not available" );
+    if( use_ret == -(POLARSSL_ERR_THREADING_BAD_INPUT_DATA) )
+        snprintf( buf, buflen, "THREADING - Bad input parameters to function" );
+    if( use_ret == -(POLARSSL_ERR_THREADING_MUTEX_ERROR) )
+        snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" );
+#endif /* POLARSSL_THREADING_C */
+
 #if defined(POLARSSL_XTEA_C)
     if( use_ret == -(POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH) )
         snprintf( buf, buflen, "XTEA - The data input has an invalid length" );

library/memory_buffer_alloc.c

@@ -38,6 +38,10 @@
 #endif
 #endif
 
+#if defined(POLARSSL_THREADING_C)
+#include "polarssl/threading.h"
+#endif
+
 #define MAGIC1       0xFF00AA55
 #define MAGIC2       0xEE119966
 #define MAX_BT 20
@@ -74,6 +78,9 @@ typedef struct
     size_t          maximum_used;
     size_t          header_count;
 #endif
+#if defined(POLARSSL_THREADING_C)
+    threading_mutex_t   mutex;
+#endif
 }
 buffer_alloc_ctx;
 
@@ -349,7 +356,6 @@ static void buffer_alloc_free( void *ptr )
     memory_header *hdr, *old = NULL;
     unsigned char *p = (unsigned char *) ptr;
 
-
     if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
         return;
 
@@ -492,14 +498,38 @@ void memory_buffer_alloc_status()
 }
 #endif /* POLARSSL_MEMORY_BUFFER_ALLOC_DEBUG */
 
+#if defined(POLARSSL_THREADING_C)
+static void *buffer_alloc_malloc_mutexed( size_t len )
+{
+    void *buf;
+    polarssl_mutex_lock( &heap.mutex );
+    buf = buffer_alloc_malloc( len );
+    polarssl_mutex_unlock( &heap.mutex );
+    return( buf );
+}
+
+static void buffer_alloc_free_mutexed( void *ptr )
+{
+    polarssl_mutex_lock( &heap.mutex );
+    buffer_alloc_free( ptr );
+    polarssl_mutex_unlock( &heap.mutex );
+}
+#endif
+
 int memory_buffer_alloc_init( unsigned char *buf, size_t len )
 {
-    polarssl_malloc = buffer_alloc_malloc;
-    polarssl_free = buffer_alloc_free;
-
     memset( &heap, 0, sizeof(buffer_alloc_ctx) );
     memset( buf, 0, len );
 
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_init( &heap.mutex );
+    polarssl_malloc = buffer_alloc_malloc_mutexed;
+    polarssl_free = buffer_alloc_free_mutexed;
+#else
+    polarssl_malloc = buffer_alloc_malloc;
+    polarssl_free = buffer_alloc_free;
+#endif
+
     heap.buf = buf;
     heap.len = len;
 
@@ -511,4 +541,12 @@ int memory_buffer_alloc_init( unsigned char *buf, size_t len )
     return( 0 );
 }
 
+void memory_buffer_alloc_free()
+{
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_free( &heap.mutex );
+#endif
+    memset( &heap, 0, sizeof(buffer_alloc_ctx) );
+}
+
 #endif /* POLARSSL_MEMORY_C && POLARSSL_MEMORY_BUFFER_ALLOC_C */

library/rsa.c

@@ -54,6 +54,10 @@ void rsa_init( rsa_context *ctx,
 
     ctx->padding = padding;
     ctx->hash_id = hash_id;
+
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_init( &ctx->mutex );
+#endif
 }
 
 #if defined(POLARSSL_GENPRIME)
@@ -298,6 +302,9 @@ int rsa_private( rsa_context *ctx,
                  unsigned char *output )
 {
     int ret;
+#if defined(POLARSSL_THREADING_C)
+    int locked = 0;
+#endif
     size_t olen;
     mpi T, T1, T2;
 
@@ -315,6 +322,10 @@ int rsa_private( rsa_context *ctx,
 #else
     if( f_rng != NULL )
     {
+#if defined(POLARSSL_THREADING_C)
+        polarssl_mutex_lock( &ctx->mutex );
+        locked = 1;
+#endif
         /*
          * Blinding
          * T = T * Vi mod N
@@ -361,7 +372,10 @@ int rsa_private( rsa_context *ctx,
     MPI_CHK( mpi_write_binary( &T, output, olen ) );
 
 cleanup:
-
+#if defined(POLARSSL_THREADING_C)
+    if( locked )
+        polarssl_mutex_unlock( &ctx->mutex );
+#endif
     mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
 
     if( ret != 0 )
@@ -1330,6 +1344,10 @@ void rsa_free( rsa_context *ctx )
     mpi_free( &ctx->QP ); mpi_free( &ctx->DQ ); mpi_free( &ctx->DP );
     mpi_free( &ctx->Q  ); mpi_free( &ctx->P  ); mpi_free( &ctx->D );
     mpi_free( &ctx->E  ); mpi_free( &ctx->N  );
+
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_free( &ctx->mutex );
+#endif
 }
 
 #if defined(POLARSSL_SELF_TEST)

library/ssl_cache.c

@@ -48,16 +48,26 @@ void ssl_cache_init( ssl_cache_context *cache )
 
     cache->timeout = SSL_CACHE_DEFAULT_TIMEOUT;
     cache->max_entries = SSL_CACHE_DEFAULT_MAX_ENTRIES;
+
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_init( &cache->mutex );
+#endif
 }
 
 int ssl_cache_get( void *data, ssl_session *session )
 {
+    int ret = 1;
 #if defined(POLARSSL_HAVE_TIME)
     time_t t = time( NULL );
 #endif
     ssl_cache_context *cache = (ssl_cache_context *) data;
     ssl_cache_entry *cur, *entry;
 
+#if defined(POLARSSL_THREADING_C)
+    if( polarssl_mutex_lock( &cache->mutex ) != 0 )
+        return( 1 );
+#endif
+
     cur = cache->chain;
     entry = NULL;
 
@@ -93,7 +103,10 @@ int ssl_cache_get( void *data, ssl_session *session )
         {
             session->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) );
             if( session->peer_cert == NULL )
-                return( 1 );
+            {
+                ret = 1;
+                goto exit;
+            }
 
             x509_crt_init( session->peer_cert );
             if( x509_crt_parse( session->peer_cert, entry->peer_cert.p,
@@ -101,19 +114,28 @@ int ssl_cache_get( void *data, ssl_session *session )
             {
                 polarssl_free( session->peer_cert );
                 session->peer_cert = NULL;
-                return( 1 );
+                ret = 1;
+                goto exit;
             }
         }
 #endif /* POLARSSL_X509_CRT_PARSE_C */
 
-        return( 0 );
+        ret = 0;
+        goto exit;
     }
 
-    return( 1 );
+exit:
+#if defined(POLARSSL_THREADING_C)
+    if( polarssl_mutex_unlock( &cache->mutex ) != 0 )
+        ret = 1;
+#endif
+
+    return( ret );
 }
 
 int ssl_cache_set( void *data, const ssl_session *session )
 {
+    int ret = 1;
 #if defined(POLARSSL_HAVE_TIME)
     time_t t = time( NULL ), oldest = 0;
     ssl_cache_entry *old = NULL;
@@ -122,6 +144,11 @@ int ssl_cache_set( void *data, const ssl_session *session )
     ssl_cache_entry *cur, *prv;
     int count = 0;
 
+#if defined(POLARSSL_THREADING_C)
+    if( ( ret = polarssl_mutex_lock( &cache->mutex ) ) != 0 )
+        return( ret );
+#endif
+
     cur = cache->chain;
     prv = NULL;
 
@@ -179,7 +206,10 @@ int ssl_cache_set( void *data, const ssl_session *session )
         if( count >= cache->max_entries )
         {
             if( cache->chain == NULL )
-                return( 1 );
+            {
+                ret = 1;
+                goto exit;
+            }
 
             cur = cache->chain;
             cache->chain = cur->next;
@@ -200,7 +230,10 @@ int ssl_cache_set( void *data, const ssl_session *session )
         {
             cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) );
             if( cur == NULL )
-                return( 1 );
+            {
+                ret = 1;
+                goto exit;
+            }
 
             memset( cur, 0, sizeof(ssl_cache_entry) );
 
@@ -225,7 +258,10 @@ int ssl_cache_set( void *data, const ssl_session *session )
     {
         cur->peer_cert.p = (unsigned char *) polarssl_malloc( session->peer_cert->raw.len );
         if( cur->peer_cert.p == NULL )
-            return( 1 );
+        {
+            ret = 1;
+            goto exit;
+        }
 
         memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
                 session->peer_cert->raw.len );
@@ -235,7 +271,15 @@ int ssl_cache_set( void *data, const ssl_session *session )
     }
 #endif /* POLARSSL_X509_CRT_PARSE_C */
 
-    return( 0 );
+    ret = 0;
+
+exit:
+#if defined(POLARSSL_THREADING_C)
+    if( polarssl_mutex_unlock( &cache->mutex ) != 0 )
+        ret = 1;
+#endif
+
+    return( ret );
 }
 
 #if defined(POLARSSL_HAVE_TIME)
@@ -274,6 +318,10 @@ void ssl_cache_free( ssl_cache_context *cache )
 
         polarssl_free( prv );
     }
+
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_free( &cache->mutex );
+#endif
 }
 
 #endif /* POLARSSL_SSL_CACHE_C */

library/threading.c

@@ -0,0 +1,134 @@
+/*
+ *  Threading abstraction layer
+ *
+ *  Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_THREADING_C)
+
+#include "polarssl/threading.h"
+
+#if defined(POLARSSL_THREADING_DUMMY)
+static int threading_mutex_init_dummy( threading_mutex_t *mutex )
+{
+    ((void) mutex );
+    return( 0 );
+}
+
+static int threading_mutex_free_dummy( threading_mutex_t *mutex )
+{
+    ((void) mutex );
+    return( 0 );
+}
+
+static int threading_mutex_lock_dummy( threading_mutex_t *mutex )
+{
+    ((void) mutex );
+    return( 0 );
+}
+
+static int threading_mutex_unlock_dummy( threading_mutex_t *mutex )
+{
+    ((void) mutex );
+    return( 0 );
+}
+
+int (*polarssl_mutex_init)( threading_mutex_t * ) = threading_mutex_init_dummy;
+int (*polarssl_mutex_free)( threading_mutex_t * ) = threading_mutex_free_dummy;
+int (*polarssl_mutex_lock)( threading_mutex_t * ) = threading_mutex_lock_dummy;
+int (*polarssl_mutex_unlock)( threading_mutex_t * ) = threading_mutex_unlock_dummy;
+#endif /* POLARSSL_THREADING_DUMMY */
+
+#if defined(POLARSSL_THREADING_PTHREAD)
+static int threading_mutex_init_pthread( threading_mutex_t *mutex )
+{
+    if( mutex == NULL )
+        return( POLARSSL_ERR_THREADING_BAD_INPUT_DATA );
+
+    if( pthread_mutex_init( mutex, NULL ) != 0 )
+        return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+
+    return( 0 );
+}
+
+static int threading_mutex_free_pthread( threading_mutex_t *mutex )
+{
+    if( mutex == NULL )
+        return( POLARSSL_ERR_THREADING_BAD_INPUT_DATA );
+
+    if( pthread_mutex_destroy( mutex ) != 0 )
+        return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+
+    return( 0 );
+}
+
+static int threading_mutex_lock_pthread( threading_mutex_t *mutex )
+{
+    if( mutex == NULL )
+        return( POLARSSL_ERR_THREADING_BAD_INPUT_DATA );
+
+    if( pthread_mutex_lock( mutex ) != 0 )
+        return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+
+    return( 0 );
+}
+
+static int threading_mutex_unlock_pthread( threading_mutex_t *mutex )
+{
+    if( mutex == NULL )
+        return( POLARSSL_ERR_THREADING_BAD_INPUT_DATA );
+
+    if( pthread_mutex_unlock( mutex ) != 0 )
+        return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
+
+    return( 0 );
+}
+
+int (*polarssl_mutex_init)( threading_mutex_t * ) = threading_mutex_init_pthread;
+int (*polarssl_mutex_free)( threading_mutex_t * ) = threading_mutex_free_pthread;
+int (*polarssl_mutex_lock)( threading_mutex_t * ) = threading_mutex_lock_pthread;
+int (*polarssl_mutex_unlock)( threading_mutex_t * ) = threading_mutex_unlock_pthread;
+#endif /* POLARSSL_THREADING_PTHREAD */
+
+#if defined(POLARSSL_THREADING_ALT)
+int (*polarssl_mutex_init)( threading_mutex_t * ) = NULL;
+int (*polarssl_mutex_free)( threading_mutex_t * ) = NULL;
+int (*polarssl_mutex_lock)( threading_mutex_t * ) = NULL;
+int (*polarssl_mutex_unlock)( threading_mutex_t * ) = NULL;
+
+int threading_set_own( int (*mutex_init)( threading_mutex_t * ),
+                       int (*mutex_free)( threading_mutex_t * ),
+                       int (*mutex_lock)( threading_mutex_t * ),
+                       int (*mutex_unlock)( threading_mutex_t * ) )
+{
+    polarssl_mutex_init = mutex_init;
+    polarssl_mutex_free = mutex_free;
+    polarssl_mutex_lock = mutex_lock;
+    polarssl_mutex_unlock = mutex_unlock;
+
+    return( 0 );
+}
+#endif /* POLARSSL_THREADING_ALT_C */
+
+#endif /* POLARSSL_THREADING_C */

programs/pkey/dh_client.c

@@ -275,6 +275,7 @@ exit:
     net_close( server_fd );
     rsa_free( &rsa );
     dhm_free( &dhm );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/pkey/dh_genprime.c

@@ -143,6 +143,7 @@ int main( int argc, char *argv[] )
 exit:
 
     mpi_free( &G ); mpi_free( &P ); mpi_free( &Q );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  Press Enter to exit this program.\n" );

programs/pkey/dh_server.c

@@ -276,6 +276,7 @@ exit:
     net_close( client_fd );
     rsa_free( &rsa );
     dhm_free( &dhm );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/pkey/ecdsa.c

@@ -179,6 +179,7 @@ exit:
 
     ecdsa_free( &ctx_verify );
     ecdsa_free( &ctx_sign );
+    entropy_free( &entropy );
 
     return( ret );
 }

programs/pkey/gen_key.c

@@ -269,6 +269,7 @@ exit:
     }
 
     pk_free( &key );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/pkey/pk_decrypt.c

@@ -136,6 +136,7 @@ int main( int argc, char *argv[] )
     ret = 0;
 
 exit:
+    entropy_free( &entropy );
 
 #if defined(POLARSSL_ERROR_C)
     polarssl_strerror( ret, (char *) buf, sizeof(buf) );

programs/pkey/pk_encrypt.c

@@ -136,6 +136,7 @@ int main( int argc, char *argv[] )
     printf( "\n  . Done (created \"%s\")\n\n", "result-enc.txt" );
 
 exit:
+    entropy_free( &entropy );
 
 #if defined(POLARSSL_ERROR_C)
     polarssl_strerror( ret, (char *) buf, sizeof(buf) );

programs/pkey/pk_sign.c

@@ -149,6 +149,7 @@ int main( int argc, char *argv[] )
 
 exit:
     pk_free( &pk );
+    entropy_free( &entropy );
 
 #if defined(POLARSSL_ERROR_C)
     polarssl_strerror( ret, (char *) buf, sizeof(buf) );

programs/pkey/rsa_decrypt.c

@@ -160,6 +160,7 @@ int main( int argc, char *argv[] )
     ret = 0;
 
 exit:
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/pkey/rsa_encrypt.c

@@ -148,6 +148,7 @@ int main( int argc, char *argv[] )
     printf( "\n  . Done (created \"%s\")\n\n", "result-enc.txt" );
 
 exit:
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/pkey/rsa_genkey.c

@@ -150,6 +150,7 @@ exit:
         fclose( fpriv );
 
     rsa_free( &rsa );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  Press Enter to exit this program.\n" );

programs/pkey/rsa_sign_pss.c

@@ -156,6 +156,7 @@ int main( int argc, char *argv[] )
 
 exit:
     pk_free( &pk );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/random/gen_entropy.c

@@ -81,6 +81,7 @@ int main( int argc, char *argv[] )
 cleanup:
 
     fclose( f );
+    entropy_free( &entropy );
 
     return( ret );
 }

programs/random/gen_random_ctr_drbg.c

@@ -111,6 +111,7 @@ cleanup:
     printf("\n");
 
     fclose( f );
+    entropy_free( &entropy );
 
     return( ret );
 }

programs/ssl/ssl_client1.c

@@ -277,6 +277,7 @@ exit:
     x509_crt_free( &cacert );
     net_close( server_fd );
     ssl_free( &ssl );
+    entropy_free( &entropy );
 
     memset( &ssl, 0, sizeof( ssl ) );
 

programs/ssl/ssl_client2.c

@@ -913,6 +913,7 @@ exit:
 #endif
     ssl_session_free( &saved_session );
     ssl_free( &ssl );
+    entropy_free( &entropy );
 
     memset( &ssl, 0, sizeof( ssl ) );
 

programs/ssl/ssl_fork_server.c

@@ -361,6 +361,7 @@ exit:
     x509_crt_free( &srvcert );
     pk_free( &pkey );
     ssl_free( &ssl );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  Press Enter to exit this program.\n" );

programs/ssl/ssl_mail_client.c

@@ -791,6 +791,7 @@ exit:
     x509_crt_free( &cacert );
     pk_free( &pkey );
     ssl_free( &ssl );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/ssl/ssl_server.c

@@ -367,6 +367,7 @@ exit:
 #if defined(POLARSSL_SSL_CACHE_C)
     ssl_cache_free( &cache );
 #endif
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  Press Enter to exit this program.\n" );

programs/ssl/ssl_server2.c

@@ -963,14 +963,18 @@ exit:
 #endif
 
     ssl_free( &ssl );
+    entropy_free( &entropy );
 
 #if defined(POLARSSL_SSL_CACHE_C)
     ssl_cache_free( &cache );
 #endif
 
-#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && defined(POLARSSL_MEMORY_DEBUG)
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+#if defined(POLARSSL_MEMORY_DEBUG)
     memory_buffer_alloc_status();
 #endif
+    memory_buffer_alloc_free();
+#endif
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/test/o_p_test.c

@@ -252,6 +252,7 @@ int main( int argc, char *argv[] )
     printf( "String value (PolarSSL Private Encrypt, OpenSSL Public Decrypt): '%s'\n", o_priv_decrypted );
 
 exit:
+    entropy_free( &entropy );
 
 #ifdef WIN32
     printf( "  + Press Enter to exit this program.\n" );

programs/test/selftest.c

@@ -190,6 +190,9 @@ int main( int argc, char *argv[] )
         fflush( stdout ); getchar();
 #endif
     }
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+    memory_buffer_alloc_free();
+#endif
 
     return( ret );
 }

programs/test/ssl_test.c

@@ -401,6 +401,7 @@ exit:
     x509_crt_free( &srvcert );
     pk_free( &pkey );
     ssl_free( &ssl );
+    entropy_free( &entropy );
     net_close( client_fd );
 
     return( ret );

programs/x509/cert_app.c

@@ -449,6 +449,7 @@ exit:
     x509_crt_free( &cacert );
     x509_crt_free( &clicert );
     pk_free( &pkey );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/x509/cert_req.c

@@ -329,6 +329,7 @@ exit:
 
     x509write_csr_free( &req );
     pk_free( &key );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

programs/x509/cert_write.c

@@ -650,6 +650,7 @@ exit:
     pk_free( &loaded_subject_key );
     pk_free( &loaded_issuer_key );
     mpi_free( &serial );
+    entropy_free( &entropy );
 
 #if defined(_WIN32)
     printf( "  + Press Enter to exit this program.\n" );

scripts/generate_errors.pl

@@ -11,7 +11,8 @@ my $error_format_file = $data_dir.'/error.fmt';
 my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM",
                           "BASE64", "XTEA", "PBKDF2", "OID",
                           "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY",
-                          "MD2", "MD4", "MD5", "SHA1", "SHA256", "SHA512", "GCM" );
+                          "MD2", "MD4", "MD5", "SHA1", "SHA256", "SHA512",
+                          "GCM", "THREADING" );
 my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL",
                            "PK", "PKCS12", "PKCS5" );
 

tests/suites/main_test.function

@@ -202,8 +202,8 @@ int main()
     char *params[50];
 
 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
-    unsigned char buf[1000000];
+    unsigned char alloc_buf[1000000];
-    memory_buffer_alloc_init( buf, sizeof(buf) );
+    memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
 #endif
 
     file = fopen( filename, "r" );
@@ -288,9 +288,12 @@ int main()
     fprintf( stdout, " (%d / %d tests (%d skipped))\n",
              total_tests - total_errors, total_tests, total_skipped );
 
-#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && defined(POLARSSL_MEMORY_DEBUG)
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+#if defined(POLARSSL_MEMORY_DEBUG)
     memory_buffer_alloc_status();
 #endif
+    memory_buffer_alloc_free();
+#endif
 
     return( total_errors != 0 );
 }

tests/suites/test_suite_rsa.function

@@ -528,6 +528,7 @@ void rsa_gen_key( int nrbits, int exponent, int result)
     }
 
     rsa_free( &ctx );
+    entropy_free( &entropy );
 }
 /* END_CASE */