aboutsummaryrefslogtreecommitdiff
path: root/src/libcrypto.c
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2014-02-05 21:24:12 +0100
committerAris Adamantiadis <aris@0xbadc0de.be>2014-03-04 09:55:28 +0100
commite99246246b4061f7e71463f8806b9dcad65affa0 (patch)
tree3275b977bbb6e88f34a554ec02d7bbe4c4ccbbd8 /src/libcrypto.c
parentc96e862c0821d4bb0aa2df676c7a8b212cd885b2 (diff)
downloadlibssh-e99246246b4061f7e71463f8806b9dcad65affa0.tar.gz
libssh-e99246246b4061f7e71463f8806b9dcad65affa0.tar.xz
libssh-e99246246b4061f7e71463f8806b9dcad65affa0.zip
security: fix for vulnerability CVE-2014-0017
When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
Diffstat (limited to 'src/libcrypto.c')
-rw-r--r--src/libcrypto.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/libcrypto.c b/src/libcrypto.c
index bb1d96ad..d8cc795c 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -23,6 +23,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <sys/time.h>
#include "libssh/priv.h"
#include "libssh/session.h"
@@ -38,6 +39,8 @@
#include <openssl/rsa.h>
#include <openssl/hmac.h>
#include <openssl/opensslv.h>
+#include <openssl/rand.h>
+
#ifdef HAVE_OPENSSL_AES_H
#define HAS_AES
#include <openssl/aes.h>
@@ -74,6 +77,12 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
return 0;
}
+void ssh_reseed(void){
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ RAND_add(&tv, sizeof(tv), 0.0);
+}
+
SHACTX sha1_init(void) {
SHACTX c = malloc(sizeof(*c));
if (c == NULL) {