diff mbox series

[FFmpeg-devel,2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness

Message ID 20230704185044.2154-2-jamrial@gmail.com
State New
Headers show
Series [FFmpeg-devel,1/2] avutil/random_seed: add av_random() | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

James Almer July 4, 2023, 6:50 p.m. UTC 
Signed-off-by: James Almer <jamrial@gmail.com>
---
I put these after /dev/random/ to not change the current behavior of
av_get_random_seed(), but if either of these are prefered i can move them up.

 configure               |  2 +-
 libavutil/random_seed.c | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

Comments

Marton Balint July 4, 2023, 8:02 p.m. UTC | #1 
On Tue, 4 Jul 2023, James Almer wrote:

> Signed-off-by: James Almer <jamrial@gmail.com>
> ---

In the commit message s/ass/add/

> I put these after /dev/random/ to not change the current behavior of
> av_get_random_seed(), but if either of these are prefered i can move them up.
>
> configure               |  2 +-
> libavutil/random_seed.c | 13 +++++++++++++
> 2 files changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/configure b/configure
> index 107d533b3e..d6e78297fe 100755
> --- a/configure
> +++ b/configure
> @@ -3892,7 +3892,7 @@ avfilter_deps="avutil"
> avfilter_suggest="libm stdatomic"
> avformat_deps="avcodec avutil"
> avformat_suggest="libm network zlib stdatomic"
> -avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
> +avutil_suggest="clock_gettime ffnvcodec gcrypt libm libdrm libmfx opencl openssl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
> postproc_deps="avutil gpl"
> postproc_suggest="libm stdatomic"
> swresample_deps="avutil"
> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
> index 39fb27c5ad..e8967c0cfe 100644
> --- a/libavutil/random_seed.c
> +++ b/libavutil/random_seed.c
> @@ -30,6 +30,11 @@
> #include <windows.h>
> #include <bcrypt.h>
> #endif
> +#if CONFIG_GCRYPT
> +#include <gcrypt.h>
> +#elif CONFIG_OPENSSL
> +#include <openssl/rand.h>
> +#endif
> #include <fcntl.h>
> #include <math.h>
> #include <time.h>
> @@ -144,6 +149,14 @@ int av_random(uint8_t* buf, size_t len)
>         return 0;
> #endif
>
> +#if CONFIG_GCRYPT
> +    gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
> +    return 0;
> +#elif CONFIG_OPENSSL
> +    if (RAND_bytes(buf, len))

(RAND_bytes(buf, len) == 1) is more in line with openssl docs.

Regards,
Marton
James Almer July 4, 2023, 8:07 p.m. UTC | #2 
On 7/4/2023 5:02 PM, Marton Balint wrote:
> 
> 
> On Tue, 4 Jul 2023, James Almer wrote:
> 
>> Signed-off-by: James Almer <jamrial@gmail.com>
>> ---
> 
> In the commit message s/ass/add/
> 
>> I put these after /dev/random/ to not change the current behavior of
>> av_get_random_seed(), but if either of these are prefered i can move 
>> them up.
>>
>> configure               |  2 +-
>> libavutil/random_seed.c | 13 +++++++++++++
>> 2 files changed, 14 insertions(+), 1 deletion(-)
>>
>> diff --git a/configure b/configure
>> index 107d533b3e..d6e78297fe 100755
>> --- a/configure
>> +++ b/configure
>> @@ -3892,7 +3892,7 @@ avfilter_deps="avutil"
>> avfilter_suggest="libm stdatomic"
>> avformat_deps="avcodec avutil"
>> avformat_suggest="libm network zlib stdatomic"
>> -avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl 
>> user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia 
>> bcrypt stdatomic"
>> +avutil_suggest="clock_gettime ffnvcodec gcrypt libm libdrm libmfx 
>> opencl openssl user32 vaapi vulkan videotoolbox corefoundation 
>> corevideo coremedia bcrypt stdatomic"
>> postproc_deps="avutil gpl"
>> postproc_suggest="libm stdatomic"
>> swresample_deps="avutil"
>> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
>> index 39fb27c5ad..e8967c0cfe 100644
>> --- a/libavutil/random_seed.c
>> +++ b/libavutil/random_seed.c
>> @@ -30,6 +30,11 @@
>> #include <windows.h>
>> #include <bcrypt.h>
>> #endif
>> +#if CONFIG_GCRYPT
>> +#include <gcrypt.h>
>> +#elif CONFIG_OPENSSL
>> +#include <openssl/rand.h>
>> +#endif
>> #include <fcntl.h>
>> #include <math.h>
>> #include <time.h>
>> @@ -144,6 +149,14 @@ int av_random(uint8_t* buf, size_t len)
>>         return 0;
>> #endif
>>
>> +#if CONFIG_GCRYPT
>> +    gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
>> +    return 0;
>> +#elif CONFIG_OPENSSL
>> +    if (RAND_bytes(buf, len))
> 
> (RAND_bytes(buf, len) == 1) is more in line with openssl docs.

It's not just in line, it's the correct check, as -1 (error) would also 
evaluated as a success with this check. Good catch.

This should probably be fixed in hlsenc for existing releases.

> 
> Regards,
> Marton
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff mbox series

Patch

diff --git a/configure b/configure
index 107d533b3e..d6e78297fe 100755
--- a/configure
+++ b/configure
@@ -3892,7 +3892,7 @@  avfilter_deps="avutil"
 avfilter_suggest="libm stdatomic"
 avformat_deps="avcodec avutil"
 avformat_suggest="libm network zlib stdatomic"
-avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
+avutil_suggest="clock_gettime ffnvcodec gcrypt libm libdrm libmfx opencl openssl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
 postproc_deps="avutil gpl"
 postproc_suggest="libm stdatomic"
 swresample_deps="avutil"
diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
index 39fb27c5ad..e8967c0cfe 100644
--- a/libavutil/random_seed.c
+++ b/libavutil/random_seed.c
@@ -30,6 +30,11 @@ 
 #include <windows.h>
 #include <bcrypt.h>
 #endif
+#if CONFIG_GCRYPT
+#include <gcrypt.h>
+#elif CONFIG_OPENSSL
+#include <openssl/rand.h>
+#endif
 #include <fcntl.h>
 #include <math.h>
 #include <time.h>
@@ -144,6 +149,14 @@  int av_random(uint8_t* buf, size_t len)
         return 0;
 #endif
 
+#if CONFIG_GCRYPT
+    gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
+    return 0;
+#elif CONFIG_OPENSSL
+    if (RAND_bytes(buf, len))
+        return 0;
+#endif
+
     return AVERROR_INVALIDDATA;
 }