#include "openssl_plugin.h"
#include <library.h>
+#include <debug.h>
#include <threading/thread.h>
#include <threading/mutex.h>
#include "openssl_util.h"
}
}
+/**
+ * Seed the OpenSSL RNG, if required
+ */
+static bool seed_rng()
+{
+ rng_t *rng = NULL;
+ char buf[32];
+
+ while (RAND_status() != 1)
+ {
+ if (!rng)
+ {
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng)
+ {
+ return FALSE;
+ }
+ }
+ rng->get_bytes(rng, sizeof(buf), buf);
+ RAND_seed(buf, sizeof(buf));
+ }
+ DESTROY_IF(rng);
+ return TRUE;
+}
+
/**
* cleanup OpenSSL threading locks
*/
ENGINE_register_all_complete();
#endif /* OPENSSL_NO_ENGINE */
+ if (!seed_rng())
+ {
+ DBG1(DBG_CFG, "no RNG found to seed OpenSSL");
+ destroy(this);
+ return NULL;
+ }
+
/* crypter */
lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)openssl_crypter_create);