From 08e19e862af902b86d4b039b872f1cac049ec20a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Fri, 7 Dec 2007 02:16:01 +0000 Subject: [PATCH] (krb5_generate_random_block): try to avoid the dead-lock in by not holding the lock while running RAND_file_name. From Hai Zaar. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22193 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/crypto.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 2beff027d..3a35a2e80 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -3452,13 +3452,13 @@ krb5_decrypt_EncryptedData(krb5_context context, #define ENTROPY_NEEDED 128 static int -seed_something(void) +seed_something(const char *seedfile) { - char buf[1024], seedfile[256]; + char buf[1024]; /* If there is a seed file, load it. But such a file cannot be trusted, so use 0 for the entropy estimate */ - if (RAND_file_name(seedfile, sizeof(seedfile))) { + if (seedfile[0]) { int fd; fd = open(seedfile, O_RDONLY); if (fd >= 0) { @@ -3467,10 +3467,8 @@ seed_something(void) if (ret > 0) RAND_add(buf, ret, 0.0); close(fd); - } else - seedfile[0] = '\0'; - } else - seedfile[0] = '\0'; + } + } /* Calling RAND_status() will try to use /dev/urandom if it exists so we do not have to deal with it. */ @@ -3505,7 +3503,13 @@ krb5_generate_random_block(void *buf, size_t len) HEIMDAL_MUTEX_lock(&crypto_mutex); if (!rng_initialized) { - if (seed_something()) + char seedfile[256]; + + HEIMDAL_MUTEX_unlock(&crypto_mutex); + if (RAND_file_name(seedfile, sizeof(seedfile)) == 0) + seedfile[0] = '\0'; + HEIMDAL_MUTEX_lock(&crypto_mutex); + if (seed_something(seedfile)) krb5_abortx(NULL, "Fatal: could not seed the " "random number generator");