security: fix for vulnerability CVE-2014-0017

When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
author: Aris Adamantiadis <aris@0xbadc0de.be> 2014-02-05 21:24:12 +0100
committer: Aris Adamantiadis <aris@0xbadc0de.be> 2014-03-04 09:55:02 +0100
commit: 3fdd82f2a8a776650f10f30c33546ce2dd42f073 (patch)
tree: bca8b517f5d952e72cb7a7d87c87028d7d2316a6 /src/libgcrypt.c
parent: 6cd94a63ff09f67d4f06102cd35470068fee88a6 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 899bccdf..46179016 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -45,6 +45,9 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
     return 0;
 }
 
+void ssh_reseed(void){
+	}
+
 SHACTX sha1_init(void) {
   SHACTX ctx = NULL;
   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
author	Aris Adamantiadis <aris@0xbadc0de.be>	2014-02-05 21:24:12 +0100
committer	Aris Adamantiadis <aris@0xbadc0de.be>	2014-03-04 09:55:02 +0100
commit	3fdd82f2a8a776650f10f30c33546ce2dd42f073 (patch)
tree	bca8b517f5d952e72cb7a7d87c87028d7d2316a6 /src/libgcrypt.c
parent	6cd94a63ff09f67d4f06102cd35470068fee88a6 (diff)