Merge pull request #7473 from douzzer/20240425-fixes

20240425-fixes

src/quic.c

@@ -1013,7 +1013,8 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
  return evp_cipher;
 }
 
-static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
+/* currently only used if HAVE_CHACHA && HAVE_POLY1305. */
+WC_MAYBE_UNUSED static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
  const WOLFSSL_EVP_CIPHER* c2)
 {
  /* We could check on nid equality, but we seem to have singulars */

src/ssl.c

@@ -289,7 +289,7 @@ int wc_OBJ_sn2nid(const char *sn)
 
 #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
 static WC_RNG globalRNG;
-static int initGlobalRNG = 0;
+static volatile int initGlobalRNG = 0;
 
 static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex
  WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex);
@@ -5758,11 +5758,13 @@ int wolfSSL_Init(void)
  if (ret == WOLFSSL_SUCCESS) {
  initRefCount++;
  }
+ else {
+ initRefCount = 1; /* Force cleanup */
+ }
 
  wc_UnLockMutex(&inits_count_mutex);
 
  if (ret != WOLFSSL_SUCCESS) {
- initRefCount = 1; /* Force cleanup */
  (void)wolfSSL_Cleanup(); /* Ignore any error from cleanup */
  }
 
@@ -23928,11 +23930,19 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
  WOLFSSL_MSG("Bad Lock Mutex rng");
  return ret;
  }
-
- rng = &globalRNG;
- used_global = 1;
+ /* the above access to initGlobalRNG is racey -- recheck it now that we
+ * have the lock.
+ */
+ if (initGlobalRNG) {
+ rng = &globalRNG;
+ used_global = 1;
+ }
+ else {
+ wc_UnLockMutex(&globalRNGMutex);
+ }
  }
- else
+
+ if (used_global == 0)
 #endif
  {
  #ifdef WOLFSSL_SMALL_STACK

wolfcrypt/test/test.c

@@ -38878,7 +38878,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
  }
 
  if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
- printf("error: LMS pub len %d, expected %d\n", pub_len,
+ printf("error: LMS pub len %u, expected %d\n", pub_len,
  HSS_MAX_PUBLIC_KEY_LEN);
  return WC_TEST_RET_ENC_EC(pub_len);
  }