Message ID | 20230706170105.4804-1-cus@passwd.hu |
---|---|
State | Accepted |
Commit | 36f4e6f8f4c14b3a571815c55d213d095b54df6f |
Headers | show |
Series | [FFmpeg-devel] avformat/hlsenc: use av_random_bytes() for generating AES128 key | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On Thu, 6 Jul 2023, Marton Balint wrote: > av_random_bytes() can use OS provided strong random functions and does not > depend soley on openssl/gcrypt external libraries. > > Fixes ticket #10441. Will apply. Regards, Marton > > Signed-off-by: Marton Balint <cus@passwd.hu> > --- > configure | 1 - > libavformat/hlsenc.c | 23 ++--------------------- > 2 files changed, 2 insertions(+), 22 deletions(-) > > diff --git a/configure b/configure > index 107d533b3e..b331b2e9db 100755 > --- a/configure > +++ b/configure > @@ -3507,7 +3507,6 @@ gxf_muxer_select="pcm_rechunk_bsf" > hds_muxer_select="flv_muxer" > hls_demuxer_select="adts_header ac3_parser mov_demuxer mpegts_demuxer" > hls_muxer_select="mov_muxer mpegts_muxer" > -hls_muxer_suggest="gcrypt openssl" > image2_alias_pix_demuxer_select="image2_demuxer" > image2_brender_pix_demuxer_select="image2_demuxer" > imf_demuxer_deps="libxml2" > diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c > index 1e0848ce3d..27d97f5f72 100644 > --- a/libavformat/hlsenc.c > +++ b/libavformat/hlsenc.c > @@ -27,12 +27,6 @@ > #include <unistd.h> > #endif > > -#if CONFIG_GCRYPT > -#include <gcrypt.h> > -#elif CONFIG_OPENSSL > -#include <openssl/rand.h> > -#endif > - > #include "libavutil/avassert.h" > #include "libavutil/mathematics.h" > #include "libavutil/avstring.h" > @@ -40,6 +34,7 @@ > #include "libavutil/intreadwrite.h" > #include "libavutil/opt.h" > #include "libavutil/log.h" > +#include "libavutil/random_seed.h" > #include "libavutil/time.h" > #include "libavutil/time_internal.h" > > @@ -710,20 +705,6 @@ fail: > return ret; > } > > -static int randomize(uint8_t *buf, int len) > -{ > -#if CONFIG_GCRYPT > - gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM); > - return 0; > -#elif CONFIG_OPENSSL > - if (RAND_bytes(buf, len)) > - return 0; > -#else > - return AVERROR(ENOSYS); > -#endif > - return AVERROR(EINVAL); > -} > - > static int do_encrypt(AVFormatContext *s, VariantStream *vs) > { > HLSContext *hls = s->priv_data; > @@ -775,7 +756,7 @@ static int do_encrypt(AVFormatContext *s, VariantStream *vs) > if (!*hls->key_string) { > AVDictionary *options = NULL; > if (!hls->key) { > - if ((ret = randomize(key, sizeof(key))) < 0) { > + if ((ret = av_random_bytes(key, sizeof(key))) < 0) { > av_log(s, AV_LOG_ERROR, "Cannot generate a strong random key\n"); > return ret; > } > -- > 2.35.3 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
diff --git a/configure b/configure index 107d533b3e..b331b2e9db 100755 --- a/configure +++ b/configure @@ -3507,7 +3507,6 @@ gxf_muxer_select="pcm_rechunk_bsf" hds_muxer_select="flv_muxer" hls_demuxer_select="adts_header ac3_parser mov_demuxer mpegts_demuxer" hls_muxer_select="mov_muxer mpegts_muxer" -hls_muxer_suggest="gcrypt openssl" image2_alias_pix_demuxer_select="image2_demuxer" image2_brender_pix_demuxer_select="image2_demuxer" imf_demuxer_deps="libxml2" diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 1e0848ce3d..27d97f5f72 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -27,12 +27,6 @@ #include <unistd.h> #endif -#if CONFIG_GCRYPT -#include <gcrypt.h> -#elif CONFIG_OPENSSL -#include <openssl/rand.h> -#endif - #include "libavutil/avassert.h" #include "libavutil/mathematics.h" #include "libavutil/avstring.h" @@ -40,6 +34,7 @@ #include "libavutil/intreadwrite.h" #include "libavutil/opt.h" #include "libavutil/log.h" +#include "libavutil/random_seed.h" #include "libavutil/time.h" #include "libavutil/time_internal.h" @@ -710,20 +705,6 @@ fail: return ret; } -static int randomize(uint8_t *buf, int len) -{ -#if CONFIG_GCRYPT - gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM); - return 0; -#elif CONFIG_OPENSSL - if (RAND_bytes(buf, len)) - return 0; -#else - return AVERROR(ENOSYS); -#endif - return AVERROR(EINVAL); -} - static int do_encrypt(AVFormatContext *s, VariantStream *vs) { HLSContext *hls = s->priv_data; @@ -775,7 +756,7 @@ static int do_encrypt(AVFormatContext *s, VariantStream *vs) if (!*hls->key_string) { AVDictionary *options = NULL; if (!hls->key) { - if ((ret = randomize(key, sizeof(key))) < 0) { + if ((ret = av_random_bytes(key, sizeof(key))) < 0) { av_log(s, AV_LOG_ERROR, "Cannot generate a strong random key\n"); return ret; }
av_random_bytes() can use OS provided strong random functions and does not depend soley on openssl/gcrypt external libraries. Fixes ticket #10441. Signed-off-by: Marton Balint <cus@passwd.hu> --- configure | 1 - libavformat/hlsenc.c | 23 ++--------------------- 2 files changed, 2 insertions(+), 22 deletions(-)