From 460991a6f0f8165054be2a63386a8d11c38a8485 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 25 Apr 2024 15:48:58 -0500
Subject: [PATCH 1/5] wolfcrypt/test/test.c: fix invalidPrintfArgType_sint in
 lms_test_verify_only().

---
 wolfcrypt/test/test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 4a32aaf3c..88e1f94fc 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -38878,7 +38878,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     }
 
     if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
-        printf("error: LMS pub len %d, expected %d\n", pub_len,
+        printf("error: LMS pub len %u, expected %d\n", pub_len,
                HSS_MAX_PUBLIC_KEY_LEN);
         return WC_TEST_RET_ENC_EC(pub_len);
     }

From 8e8e9bd0eb2870c0d4c8409f9e0b433db4cc0fee Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 25 Apr 2024 15:49:27 -0500
Subject: [PATCH 2/5] src/ssl.c: fix races in wolfSSL_Init() and
 wolfSSL_RAND_bytes().

---
 src/ssl.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 098e2fba9..16b1e49e4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5757,12 +5757,13 @@ int wolfSSL_Init(void)
 
     if (ret == WOLFSSL_SUCCESS) {
         initRefCount++;
+    } else {
+        initRefCount = 1; /* Force cleanup */
     }
 
     wc_UnLockMutex(&inits_count_mutex);
 
     if (ret != WOLFSSL_SUCCESS) {
-        initRefCount = 1; /* Force cleanup */
         (void)wolfSSL_Cleanup(); /* Ignore any error from cleanup */
     }
 
@@ -23923,18 +23924,22 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
     }
 #endif
 #ifdef HAVE_GLOBAL_RNG
-    if (initGlobalRNG) {
-        if (wc_LockMutex(&globalRNGMutex) != 0) {
-            WOLFSSL_MSG("Bad Lock Mutex rng");
-            return ret;
-        }
+    if (wc_LockMutex(&globalRNGMutex) != 0) {
+        WOLFSSL_MSG("Bad Lock Mutex rng");
+        return ret;
+    }
 
+    if (initGlobalRNG) {
         rng = &globalRNG;
         used_global = 1;
     }
     else
 #endif
     {
+    #ifdef HAVE_GLOBAL_RNG
+        wc_UnLockMutex(&globalRNGMutex);
+    #endif
+
     #ifdef WOLFSSL_SMALL_STACK
         tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (tmpRNG == NULL)

From 963e14a1fef066899d5f7b3644f4deb8d4900a58 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 25 Apr 2024 21:13:41 -0500
Subject: [PATCH 3/5] src/ssl.c: code style tweak from peer review.

---
 src/ssl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 16b1e49e4..2c339860c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5757,7 +5757,8 @@ int wolfSSL_Init(void)
 
     if (ret == WOLFSSL_SUCCESS) {
         initRefCount++;
-    } else {
+    }
+    else {
         initRefCount = 1; /* Force cleanup */
     }
 

From 59290cd066f648435faa40cc6f88b3fef630f963 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 25 Apr 2024 22:08:58 -0500
Subject: [PATCH 4/5] src/quic.c: fix -Wunused-function for evp_cipher_eq().

---
 src/quic.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/quic.c b/src/quic.c
index b1af7f176..0c902f422 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -1013,7 +1013,8 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
     return evp_cipher;
 }
 
-static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
+/* currently only used if HAVE_CHACHA && HAVE_POLY1305. */
+WC_MAYBE_UNUSED static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
                          const WOLFSSL_EVP_CIPHER* c2)
 {
     /* We could check on nid equality, but we seem to have singulars */

From 442d3f30cc0f2d478a11583cf6d257bd4f969fff Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 25 Apr 2024 23:47:39 -0500
Subject: [PATCH 5/5] src/ssl.c: refactor fix in wolfSSL_RAND_bytes() for race
 on initGlobalRNG to retain the initial check on initGlobalRNG, and just
 recheck it, to avoid possible access to uninitialized globalRNGMutex.

---
 src/ssl.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 2c339860c..594445014 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -289,7 +289,7 @@ int wc_OBJ_sn2nid(const char *sn)
 
 #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
 static WC_RNG globalRNG;
-static int initGlobalRNG = 0;
+static volatile int initGlobalRNG = 0;
 
 static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex
     WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex);
@@ -23925,22 +23925,26 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
     }
 #endif
 #ifdef HAVE_GLOBAL_RNG
-    if (wc_LockMutex(&globalRNGMutex) != 0) {
-        WOLFSSL_MSG("Bad Lock Mutex rng");
-        return ret;
+    if (initGlobalRNG) {
+        if (wc_LockMutex(&globalRNGMutex) != 0) {
+            WOLFSSL_MSG("Bad Lock Mutex rng");
+            return ret;
+        }
+        /* the above access to initGlobalRNG is racey -- recheck it now that we
+         * have the lock.
+         */
+        if (initGlobalRNG) {
+            rng = &globalRNG;
+            used_global = 1;
+        }
+        else {
+            wc_UnLockMutex(&globalRNGMutex);
+        }
     }
 
-    if (initGlobalRNG) {
-        rng = &globalRNG;
-        used_global = 1;
-    }
-    else
+    if (used_global == 0)
 #endif
     {
-    #ifdef HAVE_GLOBAL_RNG
-        wc_UnLockMutex(&globalRNGMutex);
-    #endif
-
     #ifdef WOLFSSL_SMALL_STACK
         tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (tmpRNG == NULL)