2 files changed, 10 insertions, 1 deletions

diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c
index ef79a7453..1a9674f4d 100644
--- a/src/libstrongswan/utils/chunk.c
+++ b/src/libstrongswan/utils/chunk.c
@@ -917,10 +917,17 @@ static u_char static_key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  */
 void chunk_hash_seed()
 {
+	static bool seeded = FALSE;
 	ssize_t len;
 	size_t done = 0;
 	int fd;
 
+	if (seeded)
+	{
+		/* just once to have the same seed during the whole process lifetimes */
+		return;
+	}
+
 	fd = open("/dev/urandom", O_RDONLY);
 	if (fd >= 0)
 	{
@@ -944,6 +951,7 @@ void chunk_hash_seed()
 			key[done] = (u_char)random();
 		}
 	}
+	seeded = TRUE;
 }
 
 /**
diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h
index 760f922e1..9951ff31f 100644
--- a/src/libstrongswan/utils/chunk.h
+++ b/src/libstrongswan/utils/chunk.h
@@ -343,7 +343,8 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace);
  * Seed initial key for chunk_hash().
  *
  * This call should get invoked once during startup. This is usually done
- * by calling library_init().
+ * by calling library_init(). Calling it multiple times is safe, it gets
+ * executed just once.
  */
 void chunk_hash_seed();