From 3fdd82f2a8a776650f10f30c33546ce2dd42f073 Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Wed, 5 Feb 2014 21:24:12 +0100
Subject: security: fix for vulnerability CVE-2014-0017

When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
---
 src/libgcrypt.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/libgcrypt.c')

diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 899bccdf..46179016 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -45,6 +45,9 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
     return 0;
 }
 
+void ssh_reseed(void){
+	}
+
 SHACTX sha1_init(void) {
   SHACTX ctx = NULL;
   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
-- 
cgit