Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()

From: Marton Balint <cus@passwd.hu>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
Date: Tue, 4 Jul 2023 21:34:04 +0200 (CEST)
Message-ID: <5a79a98-acb9-62bc-5279-e3624fc3c5@passwd.hu> (raw)
In-Reply-To: <20230704185044.2154-1-jamrial@gmail.com>

On Tue, 4 Jul 2023, James Almer wrote:

> Uses the existing code for av_get_random_seed() to return a buffer with
> cryptographically secure random data, or an error if none could be generated.
>
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
> TODO: APIChanges entry and minor version bump.
>
> Also, if a new random.h header is prefered, i can move the prototype there.
>
> libavutil/random_seed.c | 46 ++++++++++++++++++++++++++---------------
> libavutil/random_seed.h | 12 +++++++++++
> 2 files changed, 41 insertions(+), 17 deletions(-)
>
> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
> index 66dd504ef0..39fb27c5ad 100644
> --- a/libavutil/random_seed.c
> +++ b/libavutil/random_seed.c
> @@ -46,20 +46,20 @@
> #define TEST 0
> #endif
>
> -static int read_random(uint32_t *dst, const char *file)
> -{
> #if HAVE_UNISTD_H
> +static ssize_t read_random(uint8_t *dst, size_t len, const char *file)
> +{
>     int fd = avpriv_open(file, O_RDONLY);
> -    int err = -1;
> +    ssize_t err = -1;
>
> +    if (len > SSIZE_MAX)
> +        return -1;
>     if (fd == -1)
>         return -1;
> -    err = read(fd, dst, sizeof(*dst));
> +    err = read(fd, dst, len);
>     close(fd);
>
>     return err;
> -#else
> -    return -1;
> #endif
> }
>
> @@ -118,29 +118,41 @@ static uint32_t get_generic_seed(void)
>     return AV_RB32(digest) + AV_RB32(digest + 16);
> }
>
> -uint32_t av_get_random_seed(void)
> +int av_random(uint8_t* buf, size_t len)
> {
> -    uint32_t seed;
> -
> #if HAVE_BCRYPT
>     BCRYPT_ALG_HANDLE algo_handle;
>     NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
>                                                MS_PRIMITIVE_PROVIDER, 0);
>     if (BCRYPT_SUCCESS(ret)) {
> -        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
> +        NTSTATUS ret = BCryptGenRandom(algo_handle, (PUCHAR)buf, len, 0);
>         BCryptCloseAlgorithmProvider(algo_handle, 0);
>         if (BCRYPT_SUCCESS(ret))
> -            return seed;
> +            return 0;
>     }
> #endif
>
> #if HAVE_ARC4RANDOM
> -    return arc4random();
> +    arc4random_buf(buf, len);
> +    return 0;
> +#endif
> +
> +#if HAVE_UNISTD_H
> +    if (read_random(buf, len, "/dev/urandom") == len)
> +        return 0;
> +    if (read_random(buf, len, "/dev/random")  == len)
> +        return 0;
> #endif
>
> -    if (read_random(&seed, "/dev/urandom") == sizeof(seed))
> -        return seed;
> -    if (read_random(&seed, "/dev/random")  == sizeof(seed))
> -        return seed;
> -    return get_generic_seed();
> +    return AVERROR_INVALIDDATA;

Probably AVERROR(ENOSYS) is a more suiting error code for this.

Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".