From patchwork Wed Jul  5 12:12:47 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Almer <jamrial@gmail.com>
X-Patchwork-Id: 42450
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:3b1e:b0:12b:9ae3:586d with SMTP id
 c30csp5736585pzh;
        Wed, 5 Jul 2023 05:13:15 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlF7sohZxM2CIEljUrvdxMdZkYy237HTKqoDpXC+uK0G972u/qGYZ0juq3K3OIi9CYGnUiZI
X-Received: by 2002:a17:907:11c7:b0:992:a836:a194 with SMTP id
 va7-20020a17090711c700b00992a836a194mr12338671ejb.59.1688559195706;
        Wed, 05 Jul 2023 05:13:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688559195; cv=none;
        d=google.com; s=arc-20160816;
        b=YM+iNxf5ngYGa2lO6GHWHmUda8WjiWfV1sm4tlS0F2YrmDFt1j6KC+GXY+hMdUyj+B
         Nyb7YlO4xoBIGf4mm+VVuzWQo6FNHDmfsuv+owehQm1F7rd5/6F1PoRgIbidFhbVvCDr
         ESozZca1fu43oXBvDg4kCry2IDys75PVpQfHbqXw5UnOCJgO7e65jxI0aVfIHtLEVdtK
         jc3LnHBx01GBnKi3UcMhmj6AiUUJpVzj4A27oGi1P8QC8pByJTnPZiFen6quWur0/S+Z
         jBUwsPWiDdNRxb9RhzsmPQWt+4FTqkQNVcU+Fm0CLtpXt/IJWvYJh9SKlBgGGE9l+ogX
         qH0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=EZ1pIzAuMMmNcbCQG8DZL+4e4NLyaAv+xkidfcmHg9A=;
        fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=;
        b=rHlWYbqYjZOvxxUGFoVQEd5072iZ+aGSUzqsWchQzfktR6Kw1V0MH3Dgsi3UUg3Jc0
         3OvU5My4CuCLYou38tXtZzDgZiJlM9aP4NFbVXqvw58teh4J8LxK2MnUCFHXjVVrRgTP
         KRATx65M7YY3CVBu+ZxIo++y97mzqzmE/gw31IrOTzJstTJdJyVqvDBocokB/uyWffqq
         rOcu0uUXO3c3o2FuQety2UQOT1b/s+CphPLMS/A/C84RRdJHvkzSq9XfGGbOz9P3cqiq
         85JcXC7I8Qag85wM9h7pFUmib+iw7l5+K+ZHZ7EhqBHWuMRK2ueOREwZE3kNc2pYdk9h
         S3gA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20221208 header.b=eytLrRWW;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 f14-20020a170906390e00b00987a0569370si13493119eje.703.2023.07.05.05.13.14;
        Wed, 05 Jul 2023 05:13:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20221208 header.b=eytLrRWW;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A9CD868C60D;
	Wed,  5 Jul 2023 15:13:11 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-oa1-f43.google.com (mail-oa1-f43.google.com
 [209.85.160.43])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 26C7868C329
 for <ffmpeg-devel@ffmpeg.org>; Wed,  5 Jul 2023 15:13:05 +0300 (EEST)
Received: by mail-oa1-f43.google.com with SMTP id
 586e51a60fabf-1b06ea7e7beso6155613fac.0
 for <ffmpeg-devel@ffmpeg.org>; Wed, 05 Jul 2023 05:13:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1688559183; x=1691151183;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=rMFlaWiQUHa7T5asshV+H0fJ62jH51h+ZpOMBoUwimM=;
 b=eytLrRWW1mxTb8lVLo+yDvH2Lg5gMKCkJcl8z5k4yLo/dK4CdKN5XniWHG2ix9y4Xg
 yiIRa/0/iB1hIGFU9p6ZffoZO7XWxsMFlGew4FsdqApXdXvYvIvdDrB+a+c8igq2xQK4
 jUZzBYYxkke5v69lUmhRbusuXWUp7hisEhUrRT8xLH3CGMBdSbF8cy3UO2GYfOFJ10++
 HhXUq2J/KHfC/9JAdlKLAho4N8k2ptSD6SI3GXoa+/JBbm1MeK+ocJDJBvnEVZjtML8E
 38CFZQO3RNjAexqbAYC6Mc9EAoHe+Yjf+JDBDwB7LH41KeSyEQDnqNHjF16XahoUB8Km
 PxdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1688559183; x=1691151183;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=rMFlaWiQUHa7T5asshV+H0fJ62jH51h+ZpOMBoUwimM=;
 b=Gk2SLqR5r3pWj3F/6gAgI3KbRgmyZBOMMY0Zpa1FTgeN+s7s64te3M54VAFEZ8H6Ot
 mTFLG2fgaO3yS3EvQ6b08gbfRMhy+MQhanlmWZyulMxYmjX15Gbt23y1ePcTR0PpQcUF
 OsJoPdY/Kj/c0/tWUeSNodDUNEAAsEN+rjBNxZog8DcTWG1Q6lDQr3ZHpqcNjWV6JHpo
 MKr4lRzva5HW8B3KGn4COZICi55dKi7+AWRzg2U4kb3b3MywU6ilncNCf9hEfRWeJuaS
 svP6swIuvLJN8B+vaI/bFuokm+IaU09T1WvLmIyHMrJy4BSH/3YQBEoZ/GL8F7HacF1G
 SDVw==
X-Gm-Message-State: ABy/qLYWmgN3Xsk9UnDyQGuKVDZN/k4EQywGUms/7TzaTVC+FwNxfl85
 VOMEAItQ+J+b7oF6dji85AOPl1X7NtM=
X-Received: by 2002:a05:6871:8715:b0:1b3:8cfb:78c5 with SMTP id
 tc21-20020a056871871500b001b38cfb78c5mr9097151oab.34.1688559183093;
 Wed, 05 Jul 2023 05:13:03 -0700 (PDT)
Received: from localhost.localdomain (host197.190-225-105.telecom.net.ar.
 [190.225.105.197]) by smtp.gmail.com with ESMTPSA id
 eh18-20020a056870f59200b001a663e49523sm15068349oab.36.2023.07.05.05.13.02
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 05 Jul 2023 05:13:02 -0700 (PDT)
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Wed,  5 Jul 2023 09:12:47 -0300
Message-ID: <20230705121247.1235-1-jamrial@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <168855266183.542.7703623237832964766@lain.khirnov.net>
References: <168855266183.542.7703623237832964766@lain.khirnov.net>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH v4 2/4] avutil/random_seed: add
 av_random_bytes()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: I1cQHofpCkcD

Uses the existing code for av_get_random_seed() to return a buffer with
cryptographically secure random data, or an error if none could be generated.

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavutil/random_seed.c | 33 ++++++++++++++++++++++-----------
 libavutil/random_seed.h | 13 +++++++++++++
 2 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
index a51149235b..f5c291263e 100644
--- a/libavutil/random_seed.c
+++ b/libavutil/random_seed.c
@@ -46,7 +46,7 @@
 #define TEST 0
 #endif
 
-static int read_random(uint32_t *dst, const char *file)
+static int read_random(uint8_t *dst, size_t len, const char *file)
 {
 #if HAVE_UNISTD_H
     FILE *fp = avpriv_fopen_utf8(file, "r");
@@ -54,10 +54,10 @@ static int read_random(uint32_t *dst, const char *file)
 
     if (!fp)
         return AVERROR_UNKNOWN;
-    err = fread(dst, 1, sizeof(*dst), fp);
+    err = fread(dst, 1, len, fp);
     fclose(fp);
 
-    if (err != sizeof(*dst))
+    if (err != len)
         return AVERROR_UNKNOWN;
 
     return 0;
@@ -121,27 +121,38 @@ static uint32_t get_generic_seed(void)
     return AV_RB32(digest) + AV_RB32(digest + 16);
 }
 
-uint32_t av_get_random_seed(void)
+int av_random_bytes(uint8_t* buf, size_t len)
 {
-    uint32_t seed;
+    int err;
 
 #if HAVE_BCRYPT
     BCRYPT_ALG_HANDLE algo_handle;
     NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
                                                MS_PRIMITIVE_PROVIDER, 0);
     if (BCRYPT_SUCCESS(ret)) {
-        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
+        NTSTATUS ret = BCryptGenRandom(algo_handle, (PUCHAR)buf, len, 0);
         BCryptCloseAlgorithmProvider(algo_handle, 0);
         if (BCRYPT_SUCCESS(ret))
-            return seed;
+            return 0;
     }
 #endif
 
 #if HAVE_ARC4RANDOM
-    return arc4random();
+    arc4random_buf(buf, len);
+    return 0;
 #endif
 
-    if (!read_random(&seed, "/dev/urandom"))
-        return seed;
-    return get_generic_seed();
+    err = read_random(buf, len, "/dev/urandom");
+
+    return err;
+}
+
+uint32_t av_get_random_seed(void)
+{
+    uint32_t seed;
+
+    if (av_random_bytes((uint8_t *)&seed, sizeof(seed)) < 0)
+        return get_generic_seed();
+
+    return seed;
 }
diff --git a/libavutil/random_seed.h b/libavutil/random_seed.h
index 0462a048e0..e67e6e38c4 100644
--- a/libavutil/random_seed.h
+++ b/libavutil/random_seed.h
@@ -36,6 +36,19 @@
  */
 uint32_t av_get_random_seed(void);
 
+/**
+ * Generate cryptographically secure random data, i.e. suitable for use as
+ * encryption keys and similar.
+ *
+ * @param buf buffer into which the random data will be written
+ * @param len size of buf in bytes
+ *
+ * @retval 0                         success, len bytes of random data was written
+ *                                   into buf
+ * @retval "a negative AVERROR code" random data could not be generated
+ */
+int av_random_bytes(uint8_t *buf, size_t len);
+
 /**
  * @}
  */