From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 2555E46BDE
	for <ffmpegdev@gitmailbox.com>; Tue,  4 Jul 2023 23:32:57 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 411F568C646;
	Wed,  5 Jul 2023 02:32:55 +0300 (EEST)
Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net
 [217.70.183.197])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1B86668C5D7
 for <ffmpeg-devel@ffmpeg.org>; Wed,  5 Jul 2023 02:32:49 +0300 (EEST)
X-GND-Sasl: michael@niedermayer.cc
Received: by mail.gandi.net (Postfix) with ESMTPSA id 3E3321C0004
 for <ffmpeg-devel@ffmpeg.org>; Tue,  4 Jul 2023 23:32:48 +0000 (UTC)
Date: Wed, 5 Jul 2023 01:32:47 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20230704233247.GR1093384@pb2>
References: <20230704204128.2510-1-jamrial@gmail.com>
 <CA+anqdyg4KQUzXzQ-mvM-sLGMC6fZZZCh3dEFZV1ZuxijDxiwQ@mail.gmail.com>
 <ad9c5d38-232e-1aa6-d91f-4a117a2ad477@gmail.com>
MIME-Version: 1.0
In-Reply-To: <ad9c5d38-232e-1aa6-d91f-4a117a2ad477@gmail.com>
Subject: Re: [FFmpeg-devel] [PATCH v2 1/2] avutil/random_seed: add
 av_random()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============1661179832710554804=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20230704233247.GR1093384@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============1661179832710554804==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="TDVcAd+kFgbLxwBe"
Content-Disposition: inline


--TDVcAd+kFgbLxwBe
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 04, 2023 at 06:35:06PM -0300, James Almer wrote:
> On 7/4/2023 5:54 PM, Hendrik Leppkes wrote:
> > On Tue, Jul 4, 2023 at 10:41=E2=80=AFPM James Almer <jamrial@gmail.com>=
 wrote:
> > >=20
> > > Uses the existing code for av_get_random_seed() to return a buffer wi=
th
> > > cryptographically secure random data, or an error if none could be ge=
nerated.
> > >=20
> > > Signed-off-by: James Almer <jamrial@gmail.com>
> > > ---
> > >   libavutil/random_seed.c | 54 ++++++++++++++++++++++++++++----------=
---
> > >   libavutil/random_seed.h | 12 +++++++++
> > >   2 files changed, 49 insertions(+), 17 deletions(-)
> > >=20
> > > diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
> > > index 66dd504ef0..0ed8f89cc6 100644
> > > --- a/libavutil/random_seed.c
> > > +++ b/libavutil/random_seed.c
> > > @@ -46,20 +46,22 @@
> > >   #define TEST 0
> > >   #endif
> > >=20
> > > -static int read_random(uint32_t *dst, const char *file)
> > > -{
> > >   #if HAVE_UNISTD_H
> > > +static int read_random(uint8_t *dst, size_t len, const char *file)
> > > +{
> > >       int fd =3D avpriv_open(file, O_RDONLY);
> > > -    int err =3D -1;
> > > +    ssize_t err =3D -1;
> > >=20
> > > +    if (len > SSIZE_MAX)
> > > +        return -1;
> > >       if (fd =3D=3D -1)
> > >           return -1;
> > > -    err =3D read(fd, dst, sizeof(*dst));
> > > +    err =3D read(fd, dst, len);
> > >       close(fd);
> > > +    if (err =3D=3D -1)
> > > +        return AVERROR(errno);
> > >=20
> > > -    return err;
> > > -#else
> > > -    return -1;
> > > +    return err =3D=3D len;
> > >   #endif
> > >   }
> > >=20
> > > @@ -118,29 +120,47 @@ static uint32_t get_generic_seed(void)
> > >       return AV_RB32(digest) + AV_RB32(digest + 16);
> > >   }
> > >=20
> > > -uint32_t av_get_random_seed(void)
> > > +int av_random(uint8_t* buf, size_t len)
> > >   {
> > > -    uint32_t seed;
> > > +    int err =3D AVERROR_UNKNOWN;
> > >=20
> > >   #if HAVE_BCRYPT
> > >       BCRYPT_ALG_HANDLE algo_handle;
> > >       NTSTATUS ret =3D BCryptOpenAlgorithmProvider(&algo_handle, BCRY=
PT_RNG_ALGORITHM,
> > >                                                  MS_PRIMITIVE_PROVIDE=
R, 0);
> > >       if (BCRYPT_SUCCESS(ret)) {
> > > -        NTSTATUS ret =3D BCryptGenRandom(algo_handle, (UCHAR*)&seed,=
 sizeof(seed), 0);
> > > +        NTSTATUS ret =3D BCryptGenRandom(algo_handle, (PUCHAR)buf, l=
en, 0);
> > >           BCryptCloseAlgorithmProvider(algo_handle, 0);
> > >           if (BCRYPT_SUCCESS(ret))
> > > -            return seed;
> > > +            return 0;
> > >       }
> > >   #endif
> > >=20
> > >   #if HAVE_ARC4RANDOM
> > > -    return arc4random();
> > > +    arc4random_buf(buf, len);
> > > +    return 0;
> > > +#endif
> > > +
> > > +#if HAVE_UNISTD_H
> > > +    err =3D read_random(buf, len, "/dev/urandom");
> > > +    if (err =3D=3D 1)
> > > +        return 0;
> > > +    err =3D read_random(buf, len, "/dev/random");
> > > +    if (err =3D=3D 1)
> > > +        return 0;
> > > +    if (err =3D=3D 0)
> > > +           err =3D AVERROR_UNKNOWN;
> > >   #endif
> > >=20
> > > -    if (read_random(&seed, "/dev/urandom") =3D=3D sizeof(seed))
> > > -        return seed;
> > > -    if (read_random(&seed, "/dev/random")  =3D=3D sizeof(seed))
> > > -        return seed;
> > > -    return get_generic_seed();
> > > +    return err;
> > > +}
> > > +
> > > +uint32_t av_get_random_seed(void)
> > > +{
> > > +    uint32_t seed;
> > > +
> > > +    if (av_random((uint8_t *)&seed, sizeof(seed)) < 0)
> > > +        return get_generic_seed();
> > > +
> > > +    return seed;
> > >   }
> > > diff --git a/libavutil/random_seed.h b/libavutil/random_seed.h
> > > index 0462a048e0..ce982bb82f 100644
> > > --- a/libavutil/random_seed.h
> > > +++ b/libavutil/random_seed.h
> > > @@ -36,6 +36,18 @@
> > >    */
> > >   uint32_t av_get_random_seed(void);
> > >=20
> > > +/**
> > > + * Generate cryptographically secure random data, i.e. suitable for =
use as
> > > + * encryption keys and similar.
> > > + *
> > > + * @param buf buffer into which the random data will be written
> > > + * @param len size of buf in bytes
> > > + *
> > > + * @retval 0 success, and len bytes of random data was written into =
buf, or
> > > + *         a negative AVERROR code if random data could not be gener=
ated.
> > > + */
> > > +int av_random(uint8_t* buf, size_t len);
> >=20
> > av_random seems like a pretty generic name for something thats
> > requiring to be cryptographically secure and otherwise fail. I would
> > expect a more specific name for that purpose. There is plenty other
> > uses of randomness in multimedia, noise, dithering, etc, which don't
> > need crypto security. The function doesn't have to handle those, but
> > maybe it should be specific in what it does handle?
>=20
> Maybe av_random_buf()? I don't want too much bikeshedding on the name.

if the intend is that this is ONLY "cryptographically secure" PRNGs then
maybe av_csprng_buf()
would be an idea for a name

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.

--TDVcAd+kFgbLxwBe
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZKSsGwAKCRBhHseHBAsP
qyi0AJ9SKuPMsqwW+kqopRXjlOjq7zJ/UACfcRRELHz7CxLp0hK2DEaygqg3fyI=
=qM4a
-----END PGP SIGNATURE-----

--TDVcAd+kFgbLxwBe--

--===============1661179832710554804==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============1661179832710554804==--