wc_Entropy_GetRawEntropy: hold entropy_mutex

JeremiahM37 · JeremiahM37 · commit a2224a80b13a · 2026-05-04T17:15:55.000Z
diff --git a/wolfcrypt/src/wolfentropy.c b/wolfcrypt/src/wolfentropy.c
@@ -440,6 +440,11 @@ static void Entropy_GetNoise(unsigned char* noise, int samples)
     }
 }
 
+/* Mutex to prevent multiple callers requesting entropy operations at the
+ * same time.
+ */
+static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mutex);
+
 /* Generate raw entropy for performing assessment.
  *
  * @param [out] raw  Buffer to hold raw entropy data.
@@ -452,19 +457,35 @@ int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt)
 {
     int ret = 0;
 
+#ifdef HAVE_FIPS
+    if (!entropy_memuse_initialized) {
+        ret = Entropy_Init();
+    }
+#endif
+
+    /* Lock the mutex as collection uses globals. */
+    if ((ret == 0) && (wc_LockMutex(&entropy_mutex) != 0)) {
+        ret = BAD_MUTEX_E;
+    }
+
 #ifdef ENTROPY_MEMUSE_THREADED
-    /* Start the counter thread as a proxy for time counter. */
-    ret = Entropy_StartThread();
-    if (ret == 0)
+    if (ret == 0) {
+        /* Start the counter thread as a proxy for time counter. */
+        ret = Entropy_StartThread();
+    }
 #endif
-    {
+    if (ret == 0) {
         Entropy_GetNoise(raw, cnt);
     }
 #ifdef ENTROPY_MEMUSE_THREADED
     /* Stop the counter thread to avoid thrashing the system. */
     Entropy_StopThread();
 #endif
 
+    if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) {
+        wc_UnLockMutex(&entropy_mutex);
+    }
+
     return ret;
 }
 
@@ -729,11 +750,6 @@ static int Entropy_Condition(byte* output, word32 len, byte* noise,
     return ret;
 }
 
-/* Mutex to prevent multiple callers requesting entropy operations at the
- * same time.
- */
-static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mutex);
-
 /* Get entropy of specified strength.
  *
  * SP800-90b 2.3.1 - GetEntropy: An Interface to the Entropy Source
