BUG/MINOR: init: Initialize random seed earlier in the init process

The random seed used in ha_random functions needs to be first
initialized by calling ha_random_boot. This function was called rather
late in the init process, after the init functions (INITCALLS) are
called and after the configuration parsing for instance which means that
any ha_random call in an init function would return 0. This was the case
in 'vars_init' and 'cache_init' which tried to build seeds for specific
hash calculations but ended up not being seeded.

This patch can be backported on all stable branches.

(cherry picked from commit 15ee49e8222be2b34663fac838aa74e62f6c82ea)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit f7fbb55f0dcbbb44f6d20950bc1c0835699c85b6)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 0429f236a3adae23ca173cf11b74ccfd8099168f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/haproxy.c b/src/haproxy.c
index 5b79414..f01ad2a 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2486,19 +2486,6 @@ static void init(int argc, char **argv)
        if (global.mode & MODE_DUMP_CFG)
                deinit_and_exit(0);
 
-#ifdef USE_OPENSSL
-
-       /* Initialize SSL random generator. Must be called before chroot for
-        * access to /dev/urandom, and before ha_random_boot() which may use
-        * RAND_bytes().
-        */
-       if (!ssl_initialize_random()) {
-               ha_alert("OpenSSL random data generator initialization failed.\n");
-               exit(EXIT_FAILURE);
-       }
-#endif
-       ha_random_boot(argv); // the argv pointer brings some kernel-fed entropy
-
        /* now we know the buffer size, we can initialize the channels and buffers */
        init_buffer();
 
@@ -3449,6 +3436,19 @@ int main(int argc, char **argv)
        rlim_fd_cur_at_boot = limit.rlim_cur;
        rlim_fd_max_at_boot = limit.rlim_max;
 
+#ifdef USE_OPENSSL
+
+       /* Initialize SSL random generator. Must be called before chroot for
+        * access to /dev/urandom, and before ha_random_boot() which may use
+        * RAND_bytes().
+        */
+       if (!ssl_initialize_random()) {
+               ha_alert("OpenSSL random data generator initialization failed.\n");
+               exit(EXIT_FAILURE);
+       }
+#endif
+       ha_random_boot(argv); // the argv pointer brings some kernel-fed entropy
+
        /* process all initcalls in order of potential dependency */
        RUN_INITCALLS(STG_PREPARE);
        RUN_INITCALLS(STG_LOCK);