aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl/openssl_plugin.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c33
1 files changed, 33 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index f0a16ea94..d8c66dca0 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -24,6 +24,7 @@
#include "openssl_plugin.h"
#include <library.h>
+#include <debug.h>
#include <threading/thread.h>
#include <threading/mutex.h>
#include "openssl_util.h"
@@ -151,6 +152,31 @@ static void threading_init()
}
/**
+ * Seed the OpenSSL RNG, if required
+ */
+static bool seed_rng()
+{
+ rng_t *rng = NULL;
+ char buf[32];
+
+ while (RAND_status() != 1)
+ {
+ if (!rng)
+ {
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng)
+ {
+ return FALSE;
+ }
+ }
+ rng->get_bytes(rng, sizeof(buf), buf);
+ RAND_seed(buf, sizeof(buf));
+ }
+ DESTROY_IF(rng);
+ return TRUE;
+}
+
+/**
* cleanup OpenSSL threading locks
*/
static void threading_cleanup()
@@ -233,6 +259,13 @@ plugin_t *openssl_plugin_create()
ENGINE_register_all_complete();
#endif /* OPENSSL_NO_ENGINE */
+ if (!seed_rng())
+ {
+ DBG1(DBG_CFG, "no RNG found to seed OpenSSL");
+ destroy(this);
+ return NULL;
+ }
+
/* crypter */
lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)openssl_crypter_create);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 08:55:53 +0000