diff options
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_plugin.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index f0a16ea94..d8c66dca0 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -24,6 +24,7 @@ #include "openssl_plugin.h" #include <library.h> +#include <debug.h> #include <threading/thread.h> #include <threading/mutex.h> #include "openssl_util.h" @@ -151,6 +152,31 @@ static void threading_init() } /** + * Seed the OpenSSL RNG, if required + */ +static bool seed_rng() +{ + rng_t *rng = NULL; + char buf[32]; + + while (RAND_status() != 1) + { + if (!rng) + { + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng) + { + return FALSE; + } + } + rng->get_bytes(rng, sizeof(buf), buf); + RAND_seed(buf, sizeof(buf)); + } + DESTROY_IF(rng); + return TRUE; +} + +/** * cleanup OpenSSL threading locks */ static void threading_cleanup() @@ -233,6 +259,13 @@ plugin_t *openssl_plugin_create() ENGINE_register_all_complete(); #endif /* OPENSSL_NO_ENGINE */ + if (!seed_rng()) + { + DBG1(DBG_CFG, "no RNG found to seed OpenSSL"); + destroy(this); + return NULL; + } + /* crypter */ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, (crypter_constructor_t)openssl_crypter_create); |