From 02114e77391262def5e6407195ae80bed78ca38d Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Wed, 20 Jan 2021 16:30:18 -0600
Subject: [PATCH] Protect use of globalRNG

---
 src/ssl.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 15d78c4f3..ef4c6afb6 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -30943,6 +30943,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
 #else
     WC_RNG  tmpRNG[1];
 #endif
+    int used_global = 0;
 
     WOLFSSL_ENTER("wolfSSL_RAND_bytes");
 
@@ -30952,8 +30953,15 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
         return ret;
 #endif
 
-    if (initGlobalRNG)
+    if (initGlobalRNG) {
+        if (wc_LockMutex(&globalRNGMutex) != 0) {
+            WOLFSSL_MSG("Bad Lock Mutex rng");
+            return ret;
+        }
+
         rng = &globalRNG;
+        used_global = 1;
+    }
     else if(wc_InitRng(tmpRNG) == 0) {
         rng = tmpRNG;
         initTmpRng = 1;
@@ -30965,6 +30973,10 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
             ret = WOLFSSL_SUCCESS;
     }
 
+    if (used_global == 1) {
+        wc_UnLockMutex(&globalRNGMutex);
+    }
+
     if (initTmpRng)
         wc_FreeRng(tmpRNG);