diff --git a/src/quic.c b/src/quic.c
index b1af7f176..0c902f422 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -1013,7 +1013,8 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
     return evp_cipher;
 }
 
-static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
+/* currently only used if HAVE_CHACHA && HAVE_POLY1305. */
+WC_MAYBE_UNUSED static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
                          const WOLFSSL_EVP_CIPHER* c2)
 {
     /* We could check on nid equality, but we seem to have singulars */
diff --git a/src/ssl.c b/src/ssl.c
index 098e2fba9..594445014 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -289,7 +289,7 @@ int wc_OBJ_sn2nid(const char *sn)
 
 #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
 static WC_RNG globalRNG;
-static int initGlobalRNG = 0;
+static volatile int initGlobalRNG = 0;
 
 static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex
     WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex);
@@ -5758,11 +5758,13 @@ int wolfSSL_Init(void)
     if (ret == WOLFSSL_SUCCESS) {
         initRefCount++;
     }
+    else {
+        initRefCount = 1; /* Force cleanup */
+    }
 
     wc_UnLockMutex(&inits_count_mutex);
 
     if (ret != WOLFSSL_SUCCESS) {
-        initRefCount = 1; /* Force cleanup */
         (void)wolfSSL_Cleanup(); /* Ignore any error from cleanup */
     }
 
@@ -23928,11 +23930,19 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
             WOLFSSL_MSG("Bad Lock Mutex rng");
             return ret;
         }
-
-        rng = &globalRNG;
-        used_global = 1;
+        /* the above access to initGlobalRNG is racey -- recheck it now that we
+         * have the lock.
+         */
+        if (initGlobalRNG) {
+            rng = &globalRNG;
+            used_global = 1;
+        }
+        else {
+            wc_UnLockMutex(&globalRNGMutex);
+        }
     }
-    else
+
+    if (used_global == 0)
 #endif
     {
     #ifdef WOLFSSL_SMALL_STACK
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 4a32aaf3c..88e1f94fc 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -38878,7 +38878,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
     }
 
     if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
-        printf("error: LMS pub len %d, expected %d\n", pub_len,
+        printf("error: LMS pub len %u, expected %d\n", pub_len,
                HSS_MAX_PUBLIC_KEY_LEN);
         return WC_TEST_RET_ENC_EC(pub_len);
     }