From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id ED4174D8B1
	for <ffmpegdev@gitmailbox.com>; Wed,  3 Dec 2025 12:21:17 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'9h4ybYFCENA0AbJ9+VDkYoNxkgyp/SsoltbxDaSK058=', expected 
   b'kA1wzEA/lD0aHvdPPhktbqXWWJs4G0CQqc4QYOQGj7E=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1764764468; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=9h4ybYFCENA0AbJ9+VDkYoNxkgyp/SsoltbxDaSK058=;
 b=tdxnaRfFQZCabX9j7DiJmW9mh7ePM1NRbIgbRA5BvLNQe5ISUAwAzHyeGhfeZjHUw3cRT
 n+bGH0rNzDS8c2on+uC29OChBTwuxaoVghyUB/d6yKZYR9uk9NFhEJIMcQiu+r7v7auYVJA
 N3swGKJL6LsJqEzLWTbAKjlOUHZBbkQGtIGQfQXWD7rDLvXqkA6DB8TPkkeRbQgswQpiudy
 N0jzRonFVg1Aj1GTh4pCaTpwqcB//nSwsttzcjy9ArEtF5R3KRwBnrZuvwkHNZm99GJCJcz
 PNgVKpSyP/Au+GvOfwOj4oT+7d4IklZQkF3zcWiLsU4j0oebNsJy4T1HkrmQ==
Received: from [172.19.0.3] (unknown [172.19.0.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 21F626904B0;
	Wed,  3 Dec 2025 14:21:08 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1764764453;
 b=ZoXHgCYPCyvp6m9FdYCaIrcCr+vibfisFT6Flo/NdnOvrmXBPWnoyvADBlk0dS2fzBeVx
 jX2bxF35RtFgEFt6X5pS1wjB0VvY9fWC1T8w0tAMBovIt5ZDWRD0IP6shxI/xH3pc6hGQzb
 7BxKbiLMxQ+Y/gz5LyNaLYa6NAhHeJU3eBwbHWGUbi/ezmh+4QTWROnNWIC8MPBzKHr8Nll
 5/IefS9BN0sYHCYGgeNe9O2+7g+IJSWMqNwU0xv+lUaFYPGZXmjECZVteIpfx1tfqQJfQAL
 /dLEOH0AWtMjvPlBc4rlQRaFCSFW/0R964n01zbQ17uyv3kk+V2kjIt8hd0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1764764453; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=5qAbUGo643g0y+RyPWhgksXIMpMD+k4Q1IEEn9PXhGg=;
 b=WDjSTKdstd9ApP7/JYQBneaBUJ0tPm9gpZszEnRS58qApJjlsadhH8RZTjGh5zaKU4jWh
 dlctcsGuiii9kwNT/ytm5ap8dfovXamUjgkP1YK5o1Vxu6E6Q2BwYFEUCqXTWKpK9GtjG6s
 5Jc3YG4grv08br7oMU6nAjEWAh8HmkfYcQyrAuuXsV0qmTDe/vFJFaZmqffOHAr8YjHjARS
 HZTeEx2rESYvYBnXMqsPH6XB5tcWJErDtYg5wgby3o5k8lJmD8TsAPAi8m/6zkcreGH39gS
 L2SUgYu1wHOPPXW24PMr/RrLSUJ/gcpIbd66JZKJDuxlkAo+DUn7zaML0v5g==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1764764446; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=kA1wzEA/lD0aHvdPPhktbqXWWJs4G0CQqc4QYOQGj7E=;
 b=IH31XU+vJ+h3PDy79qjj0fZvtN7vVZwPADWmdbXuuIwbhjGpMC6HDZR5arlBxQ9pJdi27
 dSoarKpZqF+A3wgHqGq+u5LeaKFarV0CHhEJpPiOIs+ANznVQKcJKf7B77hK0uba1f4CA7u
 uFp3b0H76xUBGoSswWEkDWKeMnM83shGijZUYevUXvobCNGVTgo3fgo3m70ubND0xvkujom
 H5LnTK+a4Ga8rkpKm6P/f9DZN76HNDQFrtnLoykAfQzcRgHZlTr5Giqtiqolfg1X/+eLXgD
 ue6dkQeoMnoENmDVk8rH9+wCGJ5tpkzsDtR/auMdEyC/CUBNT0ozYna1gNig==
Received: from 55ca25703178 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 73B61690445
	for <ffmpeg-devel@ffmpeg.org>; Wed,  3 Dec 2025 14:20:46 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 03 Dec 2025 12:20:46 -0000
Message-ID: <176476444657.39.16497287036433057657@2cb04c0e5124>
Message-ID-Hash: GKT4JYC7KAYBFFSQMVTLD4OMWQFKBB4S
X-Message-ID-Hash: GKT4JYC7KAYBFFSQMVTLD4OMWQFKBB4S
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] avformat/hlsenc: fix IVs only be auto generated once
 (PR #21088)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/GKT4JYC7KAYBFFSQMVTLD4OMWQFKBB4S/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/176476444657.39.16497287036433057657@2cb04c0e5124/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: Jack Lau via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: Jack Lau <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/176476444657.39.16497287036433057657@2cb04c0e5124/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #21088 opened by Jack Lau (JackLau)
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21088
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21088.patch

Fix #20970

In previous code, it generates IV for first segment
by its sequence number when the IV don't be provided.
But it's wrong that use the first generated IV for
every segments.

Refer to RFC 8216 section 5.2 and 4.3.2.4,

- EXT-X-KEY tag with a KEYFORMAT of "identity" that
does not have an IV attribute indicates that the
Media Sequence Number is to be used as the IV.

- KEYFORMAT attribute is OPTIONAL; its absence
indicates an implicit value of "identity".

- The EXT-X-KEY tag applies to every Media Segment
between it and the next EXT-X-KEY tag in the Playlist
file with the same KEYFORMAT attribute (or the end
of the Playlist file).

This patch adds auto_iv variable to record whether
we should auto generate IV for every segments.
If the auto_iv is enabled, this patch does these changes:
1. IVs will be auto generated for every segments
2. Omit IV info in EXT-X-KEY tag
3. Only show the EXT-X-KEY tag once for these segments

Example:

command:

ffmpeg -i input.mp4
-f hls -hls_key_info_file enc.keyinfo
-hls_segment_filename chunk_%06d.ts
-y playlist.m3u8

m3u8:

 #EXTM3U
 #EXT-X-VERSION:3
 #EXT-X-TARGETDURATION:6
 #EXT-X-MEDIA-SEQUENCE:0
 #EXT-X-KEY:METHOD=AES-128,URI="http://localhost:8000/enc.key"
 #EXTINF:4.266667,
 chunk_000000.ts
 #EXTINF:5.733333,
 chunk_000001.ts
 #EXT-X-ENDLIST

Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>


>>From 2ee8b1596f626d608f6fac50f18af0c5f967010e Mon Sep 17 00:00:00 2001
From: Jack Lau <jacklau1222gm@gmail.com>
Date: Wed, 3 Dec 2025 17:22:27 +0800
Subject: [PATCH] avformat/hlsenc: fix IVs only be auto generated once

Fix #20970

In previous code, it generates IV for first segment
by its sequence number when the IV don't be provided.
But it's wrong that use the first generated IV for
every segments.

Refer to RFC 8216 section 5.2 and 4.3.2.4,

- EXT-X-KEY tag with a KEYFORMAT of "identity" that
does not have an IV attribute indicates that the
Media Sequence Number is to be used as the IV.

- KEYFORMAT attribute is OPTIONAL; its absence
indicates an implicit value of "identity".

- The EXT-X-KEY tag applies to every Media Segment
between it and the next EXT-X-KEY tag in the Playlist
file with the same KEYFORMAT attribute (or the end
of the Playlist file).

This patch adds auto_iv variable to record whether
we should auto generate IV for every segments.
If the auto_iv is enabled, this patch does these changes:
1. IVs will be auto generated for every segments
2. Omit IV info in EXT-X-KEY tag
3. Only show the EXT-X-KEY tag once for these segments

Example:

command:

ffmpeg -i input.mp4
-f hls -hls_key_info_file enc.keyinfo
-hls_segment_filename chunk_%06d.ts
-y playlist.m3u8

m3u8:

 #EXTM3U
 #EXT-X-VERSION:3
 #EXT-X-TARGETDURATION:6
 #EXT-X-MEDIA-SEQUENCE:0
 #EXT-X-KEY:METHOD=AES-128,URI="http://localhost:8000/enc.key"
 #EXTINF:4.266667,
 chunk_000000.ts
 #EXTINF:5.733333,
 chunk_000001.ts
 #EXT-X-ENDLIST

Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>
---
 libavformat/hlsenc.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 7105404d1e..7a9161808d 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -229,6 +229,7 @@ typedef struct HLSContext {
     char *iv;
     char *key_basename;
     int encrypt_started;
+    int auto_iv;
 
     char *key_info_file;
     char key_file[LINE_BUFFER_SIZE + 1];
@@ -664,6 +665,7 @@ static int do_encrypt(AVFormatContext *s, VariantStream *vs)
         uint8_t iv[16] = { 0 };
         char buf[33];
 
+        hls->auto_iv = !hls->iv ? 1 : 0;
         if (!hls->iv) {
             AV_WB64(iv + 8, vs->sequence);
         } else {
@@ -734,6 +736,8 @@ static int hls_encryption_start(AVFormatContext *s,  VariantStream *vs)
     ff_get_line(pb, vs->iv_string, sizeof(vs->iv_string));
     vs->iv_string[strcspn(vs->iv_string, "\r\n")] = '\0';
 
+    hls->auto_iv = !*vs->iv_string ? 1 : 0;
+
     ff_format_io_close(s, &pb);
 
     if (!*vs->key_uri) {
@@ -1585,9 +1589,9 @@ static int hls_window(AVFormatContext *s, int last, VariantStream *vs)
     }
     for (en = vs->segments; en; en = en->next) {
         if ((hls->encrypt || hls->key_info_file) && (!key_uri || strcmp(en->key_uri, key_uri) ||
-                                    av_strcasecmp(en->iv_string, iv_string))) {
+                                    (av_strcasecmp(en->iv_string, iv_string) && !hls->auto_iv))) {
             avio_printf(byterange_mode ? hls->m3u8_out : vs->out, "#EXT-X-KEY:METHOD=AES-128,URI=\"%s\"", en->key_uri);
-            if (*en->iv_string)
+            if (*en->iv_string && !hls->auto_iv)
                 avio_printf(byterange_mode ? hls->m3u8_out : vs->out, ",IV=0x%s", en->iv_string);
             avio_printf(byterange_mode ? hls->m3u8_out : vs->out, "\n");
             key_uri = en->key_uri;
@@ -1779,7 +1783,7 @@ static int hls_start(AVFormatContext *s, VariantStream *vs)
             vs->encrypt_started = 1;
         }
         err = av_strlcpy(iv_string, vs->iv_string, sizeof(iv_string));
-        if (!err) {
+        if (!err || c->auto_iv) {
             snprintf(iv_string, sizeof(iv_string), "%032"PRIx64, vs->sequence);
             memset(vs->iv_string, 0, sizeof(vs->iv_string));
             memcpy(vs->iv_string, iv_string, sizeof(iv_string));
-- 
2.49.1

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org