From patchwork Tue Jul  4 18:50:43 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Almer <jamrial@gmail.com>
X-Patchwork-Id: 42433
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:3b1e:b0:12b:9ae3:586d with SMTP id
 c30csp5291571pzh;
        Tue, 4 Jul 2023 11:51:12 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlGJ98wLzoSeglI1cxuMNY72cmpkLVjNRf704xodz2zwL+t6Phgyakqd+QDmNvr/VzVyXH2t
X-Received: by 2002:a5d:6544:0:b0:314:4240:6cb2 with SMTP id
 z4-20020a5d6544000000b0031442406cb2mr2144383wrv.40.1688496672569;
        Tue, 04 Jul 2023 11:51:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688496672; cv=none;
        d=google.com; s=arc-20160816;
        b=sbFPNdk7nA3DQf8iDEDTtL+WiUYaN8nf5VwwtFUTyrLdIQOQ+5ex8RU6g7QULoiMSg
         59I5Au5Wff1Dr7Tsi0pDllY9ICchsMvjZ6DuFVbBlPs0N/vcajERtFyCgT3cvcjBMdtq
         XfU9SM12F1CYnkoYOU5OWwtJO1EUK/kcTUoJR6y8nMqkRKQQdE4qMK6cA+O9VXYzjhP0
         PpUVKXc1Sy3pVC6cryXU9EEV20nQGNAGKv0B2S0jCFIbrhkDB0/mW8IP2pIyiXn/qzAQ
         InrMzp61MaIF82pWllg9DqE0qfAVerT5C3PNcwCU5wxJRrYOALsWk3NLmsqSqPFKITff
         A4OQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:message-id:date:to:from
         :dkim-signature:delivered-to;
        bh=Hum3jhlXnlo65c0agqbMkDXxcnbXHLd6qI51EJcxQ3o=;
        fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=;
        b=Aa37DzIvr9JHj2ZKOAufuGs8+IiFsAJ8FiUdcciYWDPbjBwAfZpI01hdDdEufh1Gik
         2R22XGTVYWYrW9HetjFA7CV80klApWQjcfNqbeSfPpWMk4wyXt6p3ZTikCCamTp3tdGh
         hLILyg8fXumUgYfxtzw+znySW3E5oGmdObIigYONYHKkVLgI6jWV8aG5eBVZffnkzIZk
         6wsPFqQYythqcwqu+G0BMRtlRSN34Dcl99VOxwDjQgEbhkltGAMWW5F9e7JYGv0/S4G0
         /YQFdghYXguSkZACcUjiIv1SPP8hDY+zu4UTFGtzirxrv71Gr4ifFesE+CTwKm0ieS+A
         eQJw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20221208 header.b=YzfM5Uy7;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 d11-20020a1709067f0b00b00992af47620esi6721275ejr.509.2023.07.04.11.51.11;
        Tue, 04 Jul 2023 11:51:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20221208 header.b=YzfM5Uy7;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E67B568C609;
	Tue,  4 Jul 2023 21:51:07 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com
 [209.85.210.53])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A7CBB68C573
 for <ffmpeg-devel@ffmpeg.org>; Tue,  4 Jul 2023 21:51:01 +0300 (EEST)
Received: by mail-ot1-f53.google.com with SMTP id
 46e09a7af769-6b73a2d622dso3703142a34.0
 for <ffmpeg-devel@ffmpeg.org>; Tue, 04 Jul 2023 11:51:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1688496660; x=1691088660;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=BStRQD/zPQayLWNQd02JffMDa80w2SVPp/J2duGsxIc=;
 b=YzfM5Uy7eTu5GR7+/AwXlVfpPPpsLsCmlgPfmpmko2UgOSKUpIBShAakXosKB2yEO3
 SnB+VbWCkDjiYX1/1PdaxTA+Oe+GFOvywEr8+aKe98ihkFb+foLI4Im+W4l0LaLVgOXg
 TJ1aNQF8ufG+VOq7GhdLd+6m3RypIcvnluyP6elGk5y/YNXjWV10rynceczh2FgNS+HL
 Z/F8lUmYwBuxf5T6EEFVLofYLa/vJU+5BEIl580wvC75bYrrtagHMM2TJTmw7YEfBwHl
 T9Y+bWpfmuvRLGxV0qw+EdIpkEq5T/FZdrEj9Npfjdgx3eKxJexp5ZmMz4x3w/PSMRGC
 mIfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1688496660; x=1691088660;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=BStRQD/zPQayLWNQd02JffMDa80w2SVPp/J2duGsxIc=;
 b=cqeZQy0rYMVbMPwo/qIqIuSDHwNn8I16adU5/3C228ptypMv0X1GIdRM5nEQjUaTqe
 2FaxqBvSOzLSsYgafYo8BbHy6hLHRJyeZGHv1MuwMkSBnNj3krM7IuuQpZO81laWuI3v
 PHEVIRTuC8V3S6ESJiYBicuhuxGPlmq0puuKK/eAwyhGwkhSQ7u72O1RVHG4Ouy+7R/6
 lm3YOEweJkYhGSo1s2TxBzTafeZZUxzs0T/3W6NTlSVYhBhOnbFHB2NDI8zT8Hh8jYH0
 aVMKMHAxkhjmBPOO8jQ5Nx8LbelrRB9H8CK4ARMHIn/lyIeqeNuMGDreEn7YTTtwBqsO
 hoeg==
X-Gm-Message-State: ABy/qLZQMAAtJWP9QYL3GZzrXZposBln0KGqKN/cUD6EtDJ3IWuOCGPE
 QyYM54DfilJWoEAIobs6iRXLYDGj5Hg=
X-Received: by 2002:a05:6830:a86:b0:6b8:7653:dd5a with SMTP id
 n6-20020a0568300a8600b006b87653dd5amr32423otu.12.1688496659561;
 Tue, 04 Jul 2023 11:50:59 -0700 (PDT)
Received: from localhost.localdomain (host197.190-225-105.telecom.net.ar.
 [190.225.105.197]) by smtp.gmail.com with ESMTPSA id
 l25-20020a9d7a99000000b006b71deb7809sm4112739otn.14.2023.07.04.11.50.58
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 Jul 2023 11:50:59 -0700 (PDT)
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue,  4 Jul 2023 15:50:43 -0300
Message-ID: <20230704185044.2154-1-jamrial@gmail.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: tDz4u/OwmDdI

Uses the existing code for av_get_random_seed() to return a buffer with
cryptographically secure random data, or an error if none could be generated.

Signed-off-by: James Almer <jamrial@gmail.com>
---
TODO: APIChanges entry and minor version bump.

Also, if a new random.h header is prefered, i can move the prototype there.

 libavutil/random_seed.c | 46 ++++++++++++++++++++++++++---------------
 libavutil/random_seed.h | 12 +++++++++++
 2 files changed, 41 insertions(+), 17 deletions(-)

diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
index 66dd504ef0..39fb27c5ad 100644
--- a/libavutil/random_seed.c
+++ b/libavutil/random_seed.c
@@ -46,20 +46,20 @@
 #define TEST 0
 #endif
 
-static int read_random(uint32_t *dst, const char *file)
-{
 #if HAVE_UNISTD_H
+static ssize_t read_random(uint8_t *dst, size_t len, const char *file)
+{
     int fd = avpriv_open(file, O_RDONLY);
-    int err = -1;
+    ssize_t err = -1;
 
+    if (len > SSIZE_MAX)
+        return -1;
     if (fd == -1)
         return -1;
-    err = read(fd, dst, sizeof(*dst));
+    err = read(fd, dst, len);
     close(fd);
 
     return err;
-#else
-    return -1;
 #endif
 }
 
@@ -118,29 +118,41 @@ static uint32_t get_generic_seed(void)
     return AV_RB32(digest) + AV_RB32(digest + 16);
 }
 
-uint32_t av_get_random_seed(void)
+int av_random(uint8_t* buf, size_t len)
 {
-    uint32_t seed;
-
 #if HAVE_BCRYPT
     BCRYPT_ALG_HANDLE algo_handle;
     NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
                                                MS_PRIMITIVE_PROVIDER, 0);
     if (BCRYPT_SUCCESS(ret)) {
-        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
+        NTSTATUS ret = BCryptGenRandom(algo_handle, (PUCHAR)buf, len, 0);
         BCryptCloseAlgorithmProvider(algo_handle, 0);
         if (BCRYPT_SUCCESS(ret))
-            return seed;
+            return 0;
     }
 #endif
 
 #if HAVE_ARC4RANDOM
-    return arc4random();
+    arc4random_buf(buf, len);
+    return 0;
+#endif
+
+#if HAVE_UNISTD_H
+    if (read_random(buf, len, "/dev/urandom") == len)
+        return 0;
+    if (read_random(buf, len, "/dev/random")  == len)
+        return 0;
 #endif
 
-    if (read_random(&seed, "/dev/urandom") == sizeof(seed))
-        return seed;
-    if (read_random(&seed, "/dev/random")  == sizeof(seed))
-        return seed;
-    return get_generic_seed();
+    return AVERROR_INVALIDDATA;
+}
+
+uint32_t av_get_random_seed(void)
+{
+    uint32_t seed;
+
+    if (av_random((uint8_t *)&seed, sizeof(seed)) < 0)
+        return get_generic_seed();
+
+    return seed;
 }
diff --git a/libavutil/random_seed.h b/libavutil/random_seed.h
index 0462a048e0..ce982bb82f 100644
--- a/libavutil/random_seed.h
+++ b/libavutil/random_seed.h
@@ -36,6 +36,18 @@
  */
 uint32_t av_get_random_seed(void);
 
+/**
+ * Generate cryptographically secure random data, i.e. suitable for use as
+ * encryption keys and similar.
+ *
+ * @param buf buffer into which the random data will be written
+ * @param len size of buf in bytes
+ *
+ * @retval 0 success, and len bytes of random data was written into buf, or
+ *         a negative AVERROR code if random data could not be generated.
+ */
+int av_random(uint8_t* buf, size_t len);
+
 /**
  * @}
  */