diff options
-rw-r--r-- | include/libssh/wrapper.h | 1 | ||||
-rw-r--r-- | src/bind.c | 3 | ||||
-rw-r--r-- | src/libcrypto.c | 9 | ||||
-rw-r--r-- | src/libgcrypt.c | 3 |
4 files changed, 15 insertions, 1 deletions
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h index 8c034970..b8cd4d27 100644 --- a/include/libssh/wrapper.h +++ b/include/libssh/wrapper.h @@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_session session); struct ssh_crypto_struct *crypto_new(void); void crypto_free(struct ssh_crypto_struct *crypto); +void ssh_reseed(void); #endif /* WRAPPER_H_ */ @@ -374,7 +374,8 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) { ssh_socket_get_poll_handle_out(session->socket); session->dsa_key = dsa; session->rsa_key = rsa; - + /* force PRNG to change state in case we fork after ssh_bind_accept */ + ssh_reseed(); return SSH_OK; } diff --git a/src/libcrypto.c b/src/libcrypto.c index f43a91eb..0932cbea 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -23,6 +23,7 @@ #include <stdlib.h> #include <stdio.h> #include <string.h> +#include <sys/time.h> #include "libssh/priv.h" #include "libssh/session.h" @@ -38,6 +39,8 @@ #include <openssl/rsa.h> #include <openssl/hmac.h> #include <openssl/opensslv.h> +#include <openssl/rand.h> + #ifdef HAVE_OPENSSL_AES_H #define HAS_AES #include <openssl/aes.h> @@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struct *cipher) { return 0; } +void ssh_reseed(void){ + struct timeval tv; + gettimeofday(&tv, NULL); + RAND_add(&tv, sizeof(tv), 0.0); +} + SHACTX sha1_init(void) { SHACTX c = malloc(sizeof(*c)); if (c == NULL) { diff --git a/src/libgcrypt.c b/src/libgcrypt.c index f8fe96f2..9a7ea431 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struct *cipher) { return 0; } +void ssh_reseed(void){ + } + SHACTX sha1_init(void) { SHACTX ctx = NULL; gcry_md_open(&ctx, GCRY_MD_SHA1, 0); |