1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* Fluent Bit
* ==========
* Copyright (C) 2015-2022 The Fluent Bit Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <fluent-bit/flb_compat.h>
#include <fcntl.h>
#ifdef FLB_HAVE_GETENTROPY
#include <unistd.h>
#endif
#ifdef FLB_HAVE_GETENTROPY_SYS_RANDOM
#include <sys/random.h>
#endif
#define MAX_GETENTROPY_LEN 256
/*
* This module provides a random number generator for common use cases.
*
* On Windows, we use BCryptGenRandom() from CNG API. This function
* is available since Windows Vista, and should be compliant to the
* official recommendation.
*
* On other platforms, we use getentropy(3) if available, otherwise
* /dev/urandom as a secure random source.
*/
int flb_random_bytes(unsigned char *buf, int len)
{
#ifdef FLB_SYSTEM_WINDOWS
NTSTATUS ret;
ret = BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG);
if (!BCRYPT_SUCCESS(ret)) {
return -1;
}
return 0;
#else
int fd;
ssize_t bytes;
#if defined(FLB_HAVE_GETENTROPY) || defined(FLB_HAVE_GETENTROPY_SYS_RANDOM)
while (len > 0) {
if (len > MAX_GETENTROPY_LEN) {
bytes = MAX_GETENTROPY_LEN;
}
else {
bytes = len;
}
if (getentropy(buf, bytes) < 0) {
#ifdef ENOSYS
/* Fall back to urandom if the syscall is not available (Linux only) */
if (errno == ENOSYS) {
goto try_urandom;
}
#endif
return -1;
}
len -= bytes;
buf += bytes;
}
return 0;
try_urandom:
#endif /* FLB_HAVE_GETENTROPY || FLB_HAVE_GETENTROPY_SYS_RANDOM */
fd = open("/dev/urandom", O_RDONLY);
if (fd == -1) {
return -1;
}
while (len > 0) {
bytes = read(fd, buf, len);
if (bytes <= 0) {
close(fd);
return -1;
}
len -= bytes;
buf += bytes;
}
close(fd);
return 0;
#endif /* FLB_SYSTEM_WINDOWS */
}
|
