From 16cacbc6be14f699a6805d79d5a44de1be703f61 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 25 May 2026 18:20:29 +0200 Subject: [PATCH] MEDIUM: init: fall back to ha_random64_pair_hashed() for the cluster secret The cluster secret, when SSL is not working, used to involve a mix of calls to ha_random64() and random() to mask the bits that we didn't want to see leaked. Let's now simply fall back to ha_random64_pair_hashed() that does a much better job. --- src/haproxy.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/src/haproxy.c b/src/haproxy.c index 51d1fc0de..cd1dbe464 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -1926,16 +1926,14 @@ static void dump_registered_keywords(void) /* Generate a random cluster-secret in case the setting is not provided in the * configuration. This allows to use features which rely on it albeit with some - * limitations. The function doesn't (solely) use ha_random64() because this - * secret is permanent, and ha_random64() can easily be leaked at various - * places. + * limitations. The function prefers RAND_bytes() if available, otherwise falls + * back to ha_random64_pair_hashed(). */ static void generate_random_cluster_secret() { /* used as a default random cluster-secret if none defined. */ union { uint64_t by64[2]; - uint32_t by32[4]; uchar by8[16]; } rand; @@ -1948,12 +1946,7 @@ static void generate_random_cluster_secret() #endif { /* no SSL or not working, fall back to other sources */ - rand.by64[0] = ha_random64(); - rand.by64[1] = ha_random64(); - rand.by32[0] ^= ((random() & 0x00ffff00) << 8) | ((random() & 0x00ffff00) >> 8); - rand.by32[1] ^= ((random() & 0x00ffff00) << 8) | ((random() & 0x00ffff00) >> 8); - rand.by32[2] ^= ((random() & 0x00ffff00) << 8) | ((random() & 0x00ffff00) >> 8); - rand.by32[3] ^= ((random() & 0x00ffff00) << 8) | ((random() & 0x00ffff00) >> 8); + ha_random64_pair_hashed(&rand.by64[0], &rand.by64[1]); } memcpy(global.cluster_secret, &rand, sizeof(rand));