oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(krb5_generate_random_block): try to avoid the dead-lock in by not

Browse Source 
holding the lock while running RAND_file_name. From Hai Zaar.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22193 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-12-07 02:16:01 +00:00
parent 3c288843c9
commit 08e19e862a
1 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
lib/krb5/crypto.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2005 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -3452,13 +3452,13 @@ krb5_decrypt_EncryptedData(krb5_context context,
#define ENTROPY_NEEDED 128 #define ENTROPY_NEEDED 128
static int static int
seed_something(void) seed_something(const char *seedfile)
{ {
char buf[1024], seedfile[256]; char buf[1024];
/* If there is a seed file, load it. But such a file cannot be trusted, /* If there is a seed file, load it. But such a file cannot be trusted,
so use 0 for the entropy estimate */ so use 0 for the entropy estimate */
if (RAND_file_name(seedfile, sizeof(seedfile))) { if (seedfile[0]) {
int fd; int fd;
fd = open(seedfile, O_RDONLY); fd = open(seedfile, O_RDONLY);
if (fd >= 0) { if (fd >= 0) {
@@ -3467,10 +3467,8 @@ seed_something(void)
if (ret > 0) if (ret > 0)
RAND_add(buf, ret, 0.0); RAND_add(buf, ret, 0.0);
close(fd); close(fd);
} else }
seedfile[0] = '\0'; }
} else
seedfile[0] = '\0';
/* Calling RAND_status() will try to use /dev/urandom if it exists so /* Calling RAND_status() will try to use /dev/urandom if it exists so
we do not have to deal with it. */ we do not have to deal with it. */
@@ -3505,7 +3503,13 @@ krb5_generate_random_block(void *buf, size_t len)
HEIMDAL_MUTEX_lock(&crypto_mutex); HEIMDAL_MUTEX_lock(&crypto_mutex);
if (!rng_initialized) { if (!rng_initialized) {
if (seed_something()) char seedfile[256];
HEIMDAL_MUTEX_unlock(&crypto_mutex);
if (RAND_file_name(seedfile, sizeof(seedfile)) == 0)
seedfile[0] = '\0';
HEIMDAL_MUTEX_lock(&crypto_mutex);
if (seed_something(seedfile))
krb5_abortx(NULL, "Fatal: could not seed the " krb5_abortx(NULL, "Fatal: could not seed the "
"random number generator"); "random number generator");