Merge pull request #7473 from douzzer/20240425-fixes

20240425-fixes
2024-04-26 15:52:05 +10:00 · 2024-04-26 15:52:05 +10:00 · e1bd4dd1ec
parent e41454004e 442d3f30cc
commit e1bd4dd1ec
3 changed files with 19 additions and 8 deletions
--- a/src/quic.c
+++ b/src/quic.c
@ -1013,7 +1013,8 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
    return evp_cipher;
 }

-static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
+/* currently only used if HAVE_CHACHA && HAVE_POLY1305. */
+WC_MAYBE_UNUSED static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
                         const WOLFSSL_EVP_CIPHER* c2)
 {
    /* We could check on nid equality, but we seem to have singulars */
--- a/src/ssl.c
+++ b/src/ssl.c
@ -289,7 +289,7 @@ int wc_OBJ_sn2nid(const char *sn)

 #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
 static WC_RNG globalRNG;
-static int initGlobalRNG = 0;
+static volatile int initGlobalRNG = 0;

 static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex
    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex);
@ -5758,11 +5758,13 @@ int wolfSSL_Init(void)
    if (ret == WOLFSSL_SUCCESS) {
        initRefCount++;
    }
+    else {
+        initRefCount = 1; /* Force cleanup */
+    }

    wc_UnLockMutex(&inits_count_mutex);

    if (ret != WOLFSSL_SUCCESS) {
-        initRefCount = 1; /* Force cleanup */
        (void)wolfSSL_Cleanup(); /* Ignore any error from cleanup */
    }

@ -23928,11 +23930,19 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
            WOLFSSL_MSG("Bad Lock Mutex rng");
            return ret;
        }
-
-        rng = &globalRNG;
-        used_global = 1;
+        /* the above access to initGlobalRNG is racey -- recheck it now that we
+         * have the lock.
+         */
+        if (initGlobalRNG) {
+            rng = &globalRNG;
+            used_global = 1;
+        }
+        else {
+            wc_UnLockMutex(&globalRNGMutex);
+        }
    }
-    else
+
+    if (used_global == 0)
 #endif
    {
    #ifdef WOLFSSL_SMALL_STACK
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -38878,7 +38878,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
    }

    if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
-        printf("error: LMS pub len %d, expected %d\n", pub_len,
+        printf("error: LMS pub len %u, expected %d\n", pub_len,
               HSS_MAX_PUBLIC_KEY_LEN);
        return WC_TEST_RET_ENC_EC(pub_len);
    }