From patchwork Thu Jul  6 17:01:05 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marton Balint <cus@passwd.hu>
X-Patchwork-Id: 42470
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:3b1e:b0:12b:9ae3:586d with SMTP id
 c30csp6669218pzh;
        Thu, 6 Jul 2023 10:01:24 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlHW08F0is5ebsTVzLHhsDkl5b3DBVy48eTsmoGZIT1fjULaUij35iFfHCCVTktswuIe2yHn
X-Received: by 2002:aa7:d052:0:b0:51e:2a56:91d6 with SMTP id
 n18-20020aa7d052000000b0051e2a5691d6mr1755618edo.19.1688662883784;
        Thu, 06 Jul 2023 10:01:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688662883; cv=none;
        d=google.com; s=arc-20160816;
        b=p4ZcXbtwcHOcx+xMefKhUTdxzL4YpesaSmEbL7wZgb0Gni1A1n5myh1s2wybyoKTpN
         VkDNHtjoaAWDLxPlM9ETl/vI2+BZOtHP3PKEPLNuQkJbqMftn5kU3u6ruvEFAavdLLrr
         PQBg+WUn11YVR0MRoL2tnfo0WTOoZxwarTD69JWTzfh1XvTSp6cA62HuyPkaUQY14z2h
         miTD5Pc4hZLl0CsMPZoZF0d4YON8g+7Sx65+MazAoc/Ghi5csScz4Yk4hcTVG2R+dtRf
         HEcLPLrujLlnmrnS2rSZg2OWUyhbQl59oiOwQuYoxBqr13Pe1vp1sPu0dHtk8U31Urya
         ID7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:cc:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:mime-version:references:in-reply-to
         :message-id:date:to:from:delivered-to;
        bh=XTNWlfBqN1WFB123p/t1VQTIJwQpjRc4z1b5+lbbsq0=;
        fh=fMjmfVbdHm+M/+18QsbBd9XwekW2z8GZAuS0XfnYyyA=;
        b=WNfvwWlFhCwFZU3OvyH7Qln6PebTezVjHAHjtXiEHaxErov11cw9lRQuAcKPmbgGrE
         yGxrz68myZ3KrqC4o0QgylUmxh3sH06rhly/9RhezT5JuRStIyVzcxgWWzXYHh8h/U2J
         Nqj8OAeljQ2LnWxQG2v9de4Gq0ieYpPnpihyglOhrtKVh+6b7Tudv8hwgsuECgf1Yiom
         nlEnTzAkQpsr2XzRcsXRQUtKS64PVMjvdpQb6ZbqKjkb+Hh/eRtcFT1qs9HO9lgmMG1r
         PTUCR4r72TsD+R6cre5yd5Hlmusk6p7bWNGjuw3lZjweGBU2eTNCgy7T8Tqh71rh5Fj3
         vK7w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 w14-20020a50fa8e000000b00516b291217fsi1120081edr.0.2023.07.06.10.01.23;
        Thu, 06 Jul 2023 10:01:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CC57168C72C;
	Thu,  6 Jul 2023 20:01:19 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from iq.passwd.hu (iq.passwd.hu [217.27.212.140])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4729D688373
 for <ffmpeg-devel@ffmpeg.org>; Thu,  6 Jul 2023 20:01:13 +0300 (EEST)
Received: from localhost (localhost [127.0.0.1])
 by iq.passwd.hu (Postfix) with ESMTP id 8305AE8DD9;
 Thu,  6 Jul 2023 18:58:02 +0200 (CEST)
X-Virus-Scanned: amavisd-new at passwd.hu
Received: from iq.passwd.hu ([127.0.0.1])
 by localhost (iq.passwd.hu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id sXPTC8L7bxDH; Thu,  6 Jul 2023 18:58:01 +0200 (CEST)
Received: from bluegene.passwd.hu (localhost [127.0.0.1])
 by iq.passwd.hu (Postfix) with ESMTP id D2DEAE8DD7;
 Thu,  6 Jul 2023 18:58:00 +0200 (CEST)
From: Marton Balint <cus@passwd.hu>
To: ffmpeg-devel@ffmpeg.org
Date: Thu,  6 Jul 2023 19:01:05 +0200
Message-Id: <20230706170105.4804-1-cus@passwd.hu>
X-Mailer: git-send-email 2.35.3
In-Reply-To: <10991752-b1e9-41c0-623f-69ac11d994c9@passwd.hu>
References: <10991752-b1e9-41c0-623f-69ac11d994c9@passwd.hu>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] avformat/hlsenc: use av_random_bytes() for
 generating AES128 key
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Marton Balint <cus@passwd.hu>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: GQY8tBKA4gb8

av_random_bytes() can use OS provided strong random functions and does not
depend soley on openssl/gcrypt external libraries.

Fixes ticket #10441.

Signed-off-by: Marton Balint <cus@passwd.hu>
---
 configure            |  1 -
 libavformat/hlsenc.c | 23 ++---------------------
 2 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/configure b/configure
index 107d533b3e..b331b2e9db 100755
--- a/configure
+++ b/configure
@@ -3507,7 +3507,6 @@ gxf_muxer_select="pcm_rechunk_bsf"
 hds_muxer_select="flv_muxer"
 hls_demuxer_select="adts_header ac3_parser mov_demuxer mpegts_demuxer"
 hls_muxer_select="mov_muxer mpegts_muxer"
-hls_muxer_suggest="gcrypt openssl"
 image2_alias_pix_demuxer_select="image2_demuxer"
 image2_brender_pix_demuxer_select="image2_demuxer"
 imf_demuxer_deps="libxml2"
diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 1e0848ce3d..27d97f5f72 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -27,12 +27,6 @@
 #include <unistd.h>
 #endif
 
-#if CONFIG_GCRYPT
-#include <gcrypt.h>
-#elif CONFIG_OPENSSL
-#include <openssl/rand.h>
-#endif
-
 #include "libavutil/avassert.h"
 #include "libavutil/mathematics.h"
 #include "libavutil/avstring.h"
@@ -40,6 +34,7 @@
 #include "libavutil/intreadwrite.h"
 #include "libavutil/opt.h"
 #include "libavutil/log.h"
+#include "libavutil/random_seed.h"
 #include "libavutil/time.h"
 #include "libavutil/time_internal.h"
 
@@ -710,20 +705,6 @@ fail:
     return ret;
 }
 
-static int randomize(uint8_t *buf, int len)
-{
-#if CONFIG_GCRYPT
-    gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
-    return 0;
-#elif CONFIG_OPENSSL
-    if (RAND_bytes(buf, len))
-        return 0;
-#else
-    return AVERROR(ENOSYS);
-#endif
-    return AVERROR(EINVAL);
-}
-
 static int do_encrypt(AVFormatContext *s, VariantStream *vs)
 {
     HLSContext *hls = s->priv_data;
@@ -775,7 +756,7 @@ static int do_encrypt(AVFormatContext *s, VariantStream *vs)
     if (!*hls->key_string) {
         AVDictionary *options = NULL;
         if (!hls->key) {
-            if ((ret = randomize(key, sizeof(key))) < 0) {
+            if ((ret = av_random_bytes(key, sizeof(key))) < 0) {
                 av_log(s, AV_LOG_ERROR, "Cannot generate a strong random key\n");
                 return ret;
             }