BUG/MINOR: init: Initialize random seed earlier in the init process

The random seed used in ha_random functions needs to be first
initialized by calling ha_random_boot. This function was called rather
late in the init process, after the init functions (INITCALLS) are
called and after the configuration parsing for instance which means that
any ha_random call in an init function would return 0. This was the case
in 'vars_init' and 'cache_init' which tried to build seeds for specific
hash calculations but ended up not being seeded.

This patch can be backported on all stable branches.

diff --git a/src/haproxy.c b/src/haproxy.c
index 213794d9ebdf4dda926abfb8c2ff04a2dfcfb1c4..e0f196a343e043b82b3f02988e33a6342ab058fd 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2215,19 +2215,6 @@ static void step_init_2(int argc, char** argv)
        if (global.mode & MODE_DUMP_CFG)
                deinit_and_exit(0);
 
-#ifdef USE_OPENSSL
-
-       /* Initialize SSL random generator. Must be called before chroot for
-        * access to /dev/urandom, and before ha_random_boot() which may use
-        * RAND_bytes().
-        */
-       if (!ssl_initialize_random()) {
-               ha_alert("OpenSSL random data generator initialization failed.\n");
-               exit(EXIT_FAILURE);
-       }
-#endif
-       ha_random_boot(argv); // the argv pointer brings some kernel-fed entropy
-
        /* now we know the buffer size, we can initialize the channels and buffers */
        init_buffer();
 
@@ -3154,6 +3141,19 @@ int main(int argc, char **argv)
        rlim_fd_cur_at_boot = limit.rlim_cur;
        rlim_fd_max_at_boot = limit.rlim_max;
 
+#ifdef USE_OPENSSL
+
+       /* Initialize SSL random generator. Must be called before chroot for
+        * access to /dev/urandom, and before ha_random_boot() which may use
+        * RAND_bytes().
+        */
+       if (!ssl_initialize_random()) {
+               ha_alert("OpenSSL random data generator initialization failed.\n");
+               exit(EXIT_FAILURE);
+       }
+#endif
+       ha_random_boot(argv); // the argv pointer brings some kernel-fed entropy
+
        /* process all initcalls in order of potential dependency */
        RUN_INITCALLS(STG_PREPARE);
        RUN_INITCALLS(STG_LOCK);