BUG/MEDIUM: random: initialize the random pool a bit better
Since the UUID sample fetch was created, some people noticed that in
certain virtualized environments they manage to get exact same UUIDs
on different instances started exactly at the same moment. It turns
out that the randoms were only initialized to spread the health checks
originally, not to provide "clean" randoms.
This patch changes this and collects more randomness from various
sources, including existing randoms, /dev/urandom when available,
RAND_bytes() when OpenSSL is available, as well as the timing for such
operations, then applies a SHA1 on all this to keep a 160 bits random
seed available, 32 of which are passed to srandom().
It's worth mentioning that there's no clean way to pass more than 32
bits to srandom() as even initstate() provides an opaque state that
must absolutely not be tampered with since known implementations
contain state information.
At least this allows to have up to 4 billion different sequences
from the boot, which is not that bad.
Note that the thread safety was still not addressed, which is another
issue for another patch.
This must be backported to all versions containing the UUID sample
fetch function, i.e. as far as 2.0.
(cherry picked from commit 6c3a681bd61a3fd54de8fe644db17b9676939396)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit b0c73b8825967a503bb701d5fa04a2a321d981f9)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/include/types/global.h b/include/types/global.h
index 304edf5..36bbb8e 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -248,6 +248,7 @@
extern unsigned int rlim_fd_cur_at_boot;
extern unsigned int rlim_fd_max_at_boot;
extern int atexit_flag;
+extern unsigned char boot_seed[20]; // per-boot random seed (160 bits initially)
/* bit values to go with "warned" above */
#define WARN_BLOCK_DEPRECATED 0x00000001