Merge pull request #7473 from douzzer/20240425-fixes

SparkiDev · web-flow · commit e1bd4dd1ec28 · 2024-04-26T15:52:05.000+10:00
20240425-fixes
diff --git a/src/quic.c b/src/quic.c
@@ -1013,7 +1013,8 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
     return evp_cipher;
 }
 
-static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
+/* currently only used if HAVE_CHACHA && HAVE_POLY1305. */
+WC_MAYBE_UNUSED static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
                          const WOLFSSL_EVP_CIPHER* c2)
 {
     /* We could check on nid equality, but we seem to have singulars */
diff --git a/src/ssl.c b/src/ssl.c
@@ -289,7 +289,7 @@ int wc_OBJ_sn2nid(const char *sn)
 
 #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
 static WC_RNG globalRNG;
-static int initGlobalRNG = 0;
+static volatile int initGlobalRNG = 0;
 
 static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex
     WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex);
@@ -5758,11 +5758,13 @@ int wolfSSL_Init(void)
     if (ret == WOLFSSL_SUCCESS) {
         initRefCount++;
     }
+    else {
+        initRefCount = 1; /* Force cleanup */
+    }
 
     wc_UnLockMutex(&inits_count_mutex);
 
     if (ret != WOLFSSL_SUCCESS) {
-        initRefCount = 1; /* Force cleanup */
         (void)wolfSSL_Cleanup(); /* Ignore any error from cleanup */
     }
 
@@ -23928,11 +23930,19 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
             WOLFSSL_MSG("Bad Lock Mutex rng");
             return ret;
         }
-
-        rng = &globalRNG;
-        used_global = 1;
+        /* the above access to initGlobalRNG is racey -- recheck it now that we
+         * have the lock.
+         */
+        if (initGlobalRNG) {
+            rng = &globalRNG;
+            used_global = 1;
+        }
+        else {
+            wc_UnLockMutex(&globalRNGMutex);
+        }
     }
-    else
+
+    if (used_global == 0)
 #endif
     {
     #ifdef WOLFSSL_SMALL_STACK
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -38878,7 +38878,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     }
 
     if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
-        printf("error: LMS pub len %d, expected %d\n", pub_len,
+        printf("error: LMS pub len %u, expected %d\n", pub_len,
                HSS_MAX_PUBLIC_KEY_LEN);
         return WC_TEST_RET_ENC_EC(pub_len);
     }

Original file line number	Diff line number	Diff line change
`@@ -1013,7 +1013,8 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)`
`1013`	`1013`	`return evp_cipher;`
`1014`	`1014`	`}`
`1015`	`1015`
`1016`		`-static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,`
	`1016`	`+/* currently only used if HAVE_CHACHA && HAVE_POLY1305. */`
	`1017`	`+WC_MAYBE_UNUSED static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,`
`1017`	`1018`	`const WOLFSSL_EVP_CIPHER* c2)`
`1018`	`1019`	`{`
`1019`	`1020`	`/* We could check on nid equality, but we seem to have singulars */`
Original file line number	Diff line number	Diff line change
`@@ -38878,7 +38878,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)`
`38878`	`38878`	`}`
`38879`	`38879`
`38880`	`38880`	`if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {`
`38881`		`- printf("error: LMS pub len %d, expected %d\n", pub_len,`
	`38881`	`+ printf("error: LMS pub len %u, expected %d\n", pub_len,`
`38882`	`38882`	`HSS_MAX_PUBLIC_KEY_LEN);`
`38883`	`38883`	`return WC_TEST_RET_ENC_EC(pub_len);`
`38884`	`38884`	`}`