(krb5_generate_random_block): try to avoid the dead-lock in by not

holding the lock while running RAND_file_name. From Hai Zaar.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22193 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-12-07 02:16:01 +00:00
parent 3c288843c9
commit 08e19e862a

View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -3452,13 +3452,13 @@ krb5_decrypt_EncryptedData(krb5_context context,
#define ENTROPY_NEEDED 128
static int
seed_something(void)
seed_something(const char *seedfile)
{
char buf[1024], seedfile[256];
char buf[1024];
/* If there is a seed file, load it. But such a file cannot be trusted,
so use 0 for the entropy estimate */
if (RAND_file_name(seedfile, sizeof(seedfile))) {
if (seedfile[0]) {
int fd;
fd = open(seedfile, O_RDONLY);
if (fd >= 0) {
@@ -3467,10 +3467,8 @@ seed_something(void)
if (ret > 0)
RAND_add(buf, ret, 0.0);
close(fd);
} else
seedfile[0] = '\0';
} else
seedfile[0] = '\0';
}
}
/* Calling RAND_status() will try to use /dev/urandom if it exists so
we do not have to deal with it. */
@@ -3505,7 +3503,13 @@ krb5_generate_random_block(void *buf, size_t len)
HEIMDAL_MUTEX_lock(&crypto_mutex);
if (!rng_initialized) {
if (seed_something())
char seedfile[256];
HEIMDAL_MUTEX_unlock(&crypto_mutex);
if (RAND_file_name(seedfile, sizeof(seedfile)) == 0)
seedfile[0] = '\0';
HEIMDAL_MUTEX_lock(&crypto_mutex);
if (seed_something(seedfile))
krb5_abortx(NULL, "Fatal: could not seed the "
"random number generator");