* [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
@ 2023-07-04 18:50 James Almer
2023-07-04 18:50 ` [FFmpeg-devel] [PATCH 2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness James Almer
2023-07-04 19:34 ` [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random() Marton Balint
0 siblings, 2 replies; 12+ messages in thread
From: James Almer @ 2023-07-04 18:50 UTC (permalink / raw)
To: ffmpeg-devel
Uses the existing code for av_get_random_seed() to return a buffer with
cryptographically secure random data, or an error if none could be generated.
Signed-off-by: James Almer <jamrial@gmail.com>
---
TODO: APIChanges entry and minor version bump.
Also, if a new random.h header is prefered, i can move the prototype there.
libavutil/random_seed.c | 46 ++++++++++++++++++++++++++---------------
libavutil/random_seed.h | 12 +++++++++++
2 files changed, 41 insertions(+), 17 deletions(-)
diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
index 66dd504ef0..39fb27c5ad 100644
--- a/libavutil/random_seed.c
+++ b/libavutil/random_seed.c
@@ -46,20 +46,20 @@
#define TEST 0
#endif
-static int read_random(uint32_t *dst, const char *file)
-{
#if HAVE_UNISTD_H
+static ssize_t read_random(uint8_t *dst, size_t len, const char *file)
+{
int fd = avpriv_open(file, O_RDONLY);
- int err = -1;
+ ssize_t err = -1;
+ if (len > SSIZE_MAX)
+ return -1;
if (fd == -1)
return -1;
- err = read(fd, dst, sizeof(*dst));
+ err = read(fd, dst, len);
close(fd);
return err;
-#else
- return -1;
#endif
}
@@ -118,29 +118,41 @@ static uint32_t get_generic_seed(void)
return AV_RB32(digest) + AV_RB32(digest + 16);
}
-uint32_t av_get_random_seed(void)
+int av_random(uint8_t* buf, size_t len)
{
- uint32_t seed;
-
#if HAVE_BCRYPT
BCRYPT_ALG_HANDLE algo_handle;
NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
MS_PRIMITIVE_PROVIDER, 0);
if (BCRYPT_SUCCESS(ret)) {
- NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
+ NTSTATUS ret = BCryptGenRandom(algo_handle, (PUCHAR)buf, len, 0);
BCryptCloseAlgorithmProvider(algo_handle, 0);
if (BCRYPT_SUCCESS(ret))
- return seed;
+ return 0;
}
#endif
#if HAVE_ARC4RANDOM
- return arc4random();
+ arc4random_buf(buf, len);
+ return 0;
+#endif
+
+#if HAVE_UNISTD_H
+ if (read_random(buf, len, "/dev/urandom") == len)
+ return 0;
+ if (read_random(buf, len, "/dev/random") == len)
+ return 0;
#endif
- if (read_random(&seed, "/dev/urandom") == sizeof(seed))
- return seed;
- if (read_random(&seed, "/dev/random") == sizeof(seed))
- return seed;
- return get_generic_seed();
+ return AVERROR_INVALIDDATA;
+}
+
+uint32_t av_get_random_seed(void)
+{
+ uint32_t seed;
+
+ if (av_random((uint8_t *)&seed, sizeof(seed)) < 0)
+ return get_generic_seed();
+
+ return seed;
}
diff --git a/libavutil/random_seed.h b/libavutil/random_seed.h
index 0462a048e0..ce982bb82f 100644
--- a/libavutil/random_seed.h
+++ b/libavutil/random_seed.h
@@ -36,6 +36,18 @@
*/
uint32_t av_get_random_seed(void);
+/**
+ * Generate cryptographically secure random data, i.e. suitable for use as
+ * encryption keys and similar.
+ *
+ * @param buf buffer into which the random data will be written
+ * @param len size of buf in bytes
+ *
+ * @retval 0 success, and len bytes of random data was written into buf, or
+ * a negative AVERROR code if random data could not be generated.
+ */
+int av_random(uint8_t* buf, size_t len);
+
/**
* @}
*/
--
2.41.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* [FFmpeg-devel] [PATCH 2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness
2023-07-04 18:50 [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random() James Almer
@ 2023-07-04 18:50 ` James Almer
2023-07-04 20:02 ` Marton Balint
2023-07-04 19:34 ` [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random() Marton Balint
1 sibling, 1 reply; 12+ messages in thread
From: James Almer @ 2023-07-04 18:50 UTC (permalink / raw)
To: ffmpeg-devel
Signed-off-by: James Almer <jamrial@gmail.com>
---
I put these after /dev/random/ to not change the current behavior of
av_get_random_seed(), but if either of these are prefered i can move them up.
configure | 2 +-
libavutil/random_seed.c | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/configure b/configure
index 107d533b3e..d6e78297fe 100755
--- a/configure
+++ b/configure
@@ -3892,7 +3892,7 @@ avfilter_deps="avutil"
avfilter_suggest="libm stdatomic"
avformat_deps="avcodec avutil"
avformat_suggest="libm network zlib stdatomic"
-avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
+avutil_suggest="clock_gettime ffnvcodec gcrypt libm libdrm libmfx opencl openssl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
postproc_deps="avutil gpl"
postproc_suggest="libm stdatomic"
swresample_deps="avutil"
diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
index 39fb27c5ad..e8967c0cfe 100644
--- a/libavutil/random_seed.c
+++ b/libavutil/random_seed.c
@@ -30,6 +30,11 @@
#include <windows.h>
#include <bcrypt.h>
#endif
+#if CONFIG_GCRYPT
+#include <gcrypt.h>
+#elif CONFIG_OPENSSL
+#include <openssl/rand.h>
+#endif
#include <fcntl.h>
#include <math.h>
#include <time.h>
@@ -144,6 +149,14 @@ int av_random(uint8_t* buf, size_t len)
return 0;
#endif
+#if CONFIG_GCRYPT
+ gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
+ return 0;
+#elif CONFIG_OPENSSL
+ if (RAND_bytes(buf, len))
+ return 0;
+#endif
+
return AVERROR_INVALIDDATA;
}
--
2.41.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
2023-07-04 18:50 [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random() James Almer
2023-07-04 18:50 ` [FFmpeg-devel] [PATCH 2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness James Almer
@ 2023-07-04 19:34 ` Marton Balint
2023-07-04 19:42 ` James Almer
1 sibling, 1 reply; 12+ messages in thread
From: Marton Balint @ 2023-07-04 19:34 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On Tue, 4 Jul 2023, James Almer wrote:
> Uses the existing code for av_get_random_seed() to return a buffer with
> cryptographically secure random data, or an error if none could be generated.
>
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
> TODO: APIChanges entry and minor version bump.
>
> Also, if a new random.h header is prefered, i can move the prototype there.
>
> libavutil/random_seed.c | 46 ++++++++++++++++++++++++++---------------
> libavutil/random_seed.h | 12 +++++++++++
> 2 files changed, 41 insertions(+), 17 deletions(-)
>
> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
> index 66dd504ef0..39fb27c5ad 100644
> --- a/libavutil/random_seed.c
> +++ b/libavutil/random_seed.c
> @@ -46,20 +46,20 @@
> #define TEST 0
> #endif
>
> -static int read_random(uint32_t *dst, const char *file)
> -{
> #if HAVE_UNISTD_H
> +static ssize_t read_random(uint8_t *dst, size_t len, const char *file)
> +{
> int fd = avpriv_open(file, O_RDONLY);
> - int err = -1;
> + ssize_t err = -1;
>
> + if (len > SSIZE_MAX)
> + return -1;
> if (fd == -1)
> return -1;
> - err = read(fd, dst, sizeof(*dst));
> + err = read(fd, dst, len);
> close(fd);
>
> return err;
> -#else
> - return -1;
> #endif
> }
>
> @@ -118,29 +118,41 @@ static uint32_t get_generic_seed(void)
> return AV_RB32(digest) + AV_RB32(digest + 16);
> }
>
> -uint32_t av_get_random_seed(void)
> +int av_random(uint8_t* buf, size_t len)
> {
> - uint32_t seed;
> -
> #if HAVE_BCRYPT
> BCRYPT_ALG_HANDLE algo_handle;
> NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
> MS_PRIMITIVE_PROVIDER, 0);
> if (BCRYPT_SUCCESS(ret)) {
> - NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
> + NTSTATUS ret = BCryptGenRandom(algo_handle, (PUCHAR)buf, len, 0);
> BCryptCloseAlgorithmProvider(algo_handle, 0);
> if (BCRYPT_SUCCESS(ret))
> - return seed;
> + return 0;
> }
> #endif
>
> #if HAVE_ARC4RANDOM
> - return arc4random();
> + arc4random_buf(buf, len);
> + return 0;
> +#endif
> +
> +#if HAVE_UNISTD_H
> + if (read_random(buf, len, "/dev/urandom") == len)
> + return 0;
> + if (read_random(buf, len, "/dev/random") == len)
> + return 0;
> #endif
>
> - if (read_random(&seed, "/dev/urandom") == sizeof(seed))
> - return seed;
> - if (read_random(&seed, "/dev/random") == sizeof(seed))
> - return seed;
> - return get_generic_seed();
> + return AVERROR_INVALIDDATA;
Probably AVERROR(ENOSYS) is a more suiting error code for this.
Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
2023-07-04 19:34 ` [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random() Marton Balint
@ 2023-07-04 19:42 ` James Almer
2023-07-04 19:59 ` Anton Khirnov
0 siblings, 1 reply; 12+ messages in thread
From: James Almer @ 2023-07-04 19:42 UTC (permalink / raw)
To: ffmpeg-devel
On 7/4/2023 4:34 PM, Marton Balint wrote:
>
>
> On Tue, 4 Jul 2023, James Almer wrote:
>
>> Uses the existing code for av_get_random_seed() to return a buffer with
>> cryptographically secure random data, or an error if none could be
>> generated.
>>
>> Signed-off-by: James Almer <jamrial@gmail.com>
>> ---
>> TODO: APIChanges entry and minor version bump.
>>
>> Also, if a new random.h header is prefered, i can move the prototype
>> there.
>>
>> libavutil/random_seed.c | 46 ++++++++++++++++++++++++++---------------
>> libavutil/random_seed.h | 12 +++++++++++
>> 2 files changed, 41 insertions(+), 17 deletions(-)
>>
>> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
>> index 66dd504ef0..39fb27c5ad 100644
>> --- a/libavutil/random_seed.c
>> +++ b/libavutil/random_seed.c
>> @@ -46,20 +46,20 @@
>> #define TEST 0
>> #endif
>>
>> -static int read_random(uint32_t *dst, const char *file)
>> -{
>> #if HAVE_UNISTD_H
>> +static ssize_t read_random(uint8_t *dst, size_t len, const char *file)
>> +{
>> int fd = avpriv_open(file, O_RDONLY);
>> - int err = -1;
>> + ssize_t err = -1;
>>
>> + if (len > SSIZE_MAX)
>> + return -1;
>> if (fd == -1)
>> return -1;
>> - err = read(fd, dst, sizeof(*dst));
>> + err = read(fd, dst, len);
>> close(fd);
>>
>> return err;
>> -#else
>> - return -1;
>> #endif
>> }
>>
>> @@ -118,29 +118,41 @@ static uint32_t get_generic_seed(void)
>> return AV_RB32(digest) + AV_RB32(digest + 16);
>> }
>>
>> -uint32_t av_get_random_seed(void)
>> +int av_random(uint8_t* buf, size_t len)
>> {
>> - uint32_t seed;
>> -
>> #if HAVE_BCRYPT
>> BCRYPT_ALG_HANDLE algo_handle;
>> NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle,
>> BCRYPT_RNG_ALGORITHM,
>> MS_PRIMITIVE_PROVIDER, 0);
>> if (BCRYPT_SUCCESS(ret)) {
>> - NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed,
>> sizeof(seed), 0);
>> + NTSTATUS ret = BCryptGenRandom(algo_handle, (PUCHAR)buf, len,
>> 0);
>> BCryptCloseAlgorithmProvider(algo_handle, 0);
>> if (BCRYPT_SUCCESS(ret))
>> - return seed;
>> + return 0;
>> }
>> #endif
>>
>> #if HAVE_ARC4RANDOM
>> - return arc4random();
>> + arc4random_buf(buf, len);
>> + return 0;
>> +#endif
>> +
>> +#if HAVE_UNISTD_H
>> + if (read_random(buf, len, "/dev/urandom") == len)
>> + return 0;
>> + if (read_random(buf, len, "/dev/random") == len)
>> + return 0;
>> #endif
>>
>> - if (read_random(&seed, "/dev/urandom") == sizeof(seed))
>> - return seed;
>> - if (read_random(&seed, "/dev/random") == sizeof(seed))
>> - return seed;
>> - return get_generic_seed();
>> + return AVERROR_INVALIDDATA;
>
> Probably AVERROR(ENOSYS) is a more suiting error code for this.
Not if any of the functions above were called but failed to fill the buffer.
I could add return AVERROR(ENOSYS) to the HAVE_UNISTD_H block, and
return AVERROR_INVALIDDATA outside.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
2023-07-04 19:42 ` James Almer
@ 2023-07-04 19:59 ` Anton Khirnov
2023-07-04 20:08 ` James Almer
0 siblings, 1 reply; 12+ messages in thread
From: Anton Khirnov @ 2023-07-04 19:59 UTC (permalink / raw)
To: FFmpeg development discussions and patches
>
> Not if any of the functions above were called but failed to fill the buffer.
>
> I could add return AVERROR(ENOSYS) to the HAVE_UNISTD_H block, and
> return AVERROR_INVALIDDATA outside.
AVERROR_INVALIDDATA is defined as 'Invalid data found when processing
input'.
This function does not process any input, so IMO that code never makes
sense for it.
I'd say make it ENOSYS, AVERROR_UNKNOWN, or keep around one of
individual method errors.
--
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness
2023-07-04 18:50 ` [FFmpeg-devel] [PATCH 2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness James Almer
@ 2023-07-04 20:02 ` Marton Balint
2023-07-04 20:07 ` James Almer
0 siblings, 1 reply; 12+ messages in thread
From: Marton Balint @ 2023-07-04 20:02 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On Tue, 4 Jul 2023, James Almer wrote:
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
In the commit message s/ass/add/
> I put these after /dev/random/ to not change the current behavior of
> av_get_random_seed(), but if either of these are prefered i can move them up.
>
> configure | 2 +-
> libavutil/random_seed.c | 13 +++++++++++++
> 2 files changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/configure b/configure
> index 107d533b3e..d6e78297fe 100755
> --- a/configure
> +++ b/configure
> @@ -3892,7 +3892,7 @@ avfilter_deps="avutil"
> avfilter_suggest="libm stdatomic"
> avformat_deps="avcodec avutil"
> avformat_suggest="libm network zlib stdatomic"
> -avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
> +avutil_suggest="clock_gettime ffnvcodec gcrypt libm libdrm libmfx opencl openssl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
> postproc_deps="avutil gpl"
> postproc_suggest="libm stdatomic"
> swresample_deps="avutil"
> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
> index 39fb27c5ad..e8967c0cfe 100644
> --- a/libavutil/random_seed.c
> +++ b/libavutil/random_seed.c
> @@ -30,6 +30,11 @@
> #include <windows.h>
> #include <bcrypt.h>
> #endif
> +#if CONFIG_GCRYPT
> +#include <gcrypt.h>
> +#elif CONFIG_OPENSSL
> +#include <openssl/rand.h>
> +#endif
> #include <fcntl.h>
> #include <math.h>
> #include <time.h>
> @@ -144,6 +149,14 @@ int av_random(uint8_t* buf, size_t len)
> return 0;
> #endif
>
> +#if CONFIG_GCRYPT
> + gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
> + return 0;
> +#elif CONFIG_OPENSSL
> + if (RAND_bytes(buf, len))
(RAND_bytes(buf, len) == 1) is more in line with openssl docs.
Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness
2023-07-04 20:02 ` Marton Balint
@ 2023-07-04 20:07 ` James Almer
0 siblings, 0 replies; 12+ messages in thread
From: James Almer @ 2023-07-04 20:07 UTC (permalink / raw)
To: ffmpeg-devel
On 7/4/2023 5:02 PM, Marton Balint wrote:
>
>
> On Tue, 4 Jul 2023, James Almer wrote:
>
>> Signed-off-by: James Almer <jamrial@gmail.com>
>> ---
>
> In the commit message s/ass/add/
>
>> I put these after /dev/random/ to not change the current behavior of
>> av_get_random_seed(), but if either of these are prefered i can move
>> them up.
>>
>> configure | 2 +-
>> libavutil/random_seed.c | 13 +++++++++++++
>> 2 files changed, 14 insertions(+), 1 deletion(-)
>>
>> diff --git a/configure b/configure
>> index 107d533b3e..d6e78297fe 100755
>> --- a/configure
>> +++ b/configure
>> @@ -3892,7 +3892,7 @@ avfilter_deps="avutil"
>> avfilter_suggest="libm stdatomic"
>> avformat_deps="avcodec avutil"
>> avformat_suggest="libm network zlib stdatomic"
>> -avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl
>> user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia
>> bcrypt stdatomic"
>> +avutil_suggest="clock_gettime ffnvcodec gcrypt libm libdrm libmfx
>> opencl openssl user32 vaapi vulkan videotoolbox corefoundation
>> corevideo coremedia bcrypt stdatomic"
>> postproc_deps="avutil gpl"
>> postproc_suggest="libm stdatomic"
>> swresample_deps="avutil"
>> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
>> index 39fb27c5ad..e8967c0cfe 100644
>> --- a/libavutil/random_seed.c
>> +++ b/libavutil/random_seed.c
>> @@ -30,6 +30,11 @@
>> #include <windows.h>
>> #include <bcrypt.h>
>> #endif
>> +#if CONFIG_GCRYPT
>> +#include <gcrypt.h>
>> +#elif CONFIG_OPENSSL
>> +#include <openssl/rand.h>
>> +#endif
>> #include <fcntl.h>
>> #include <math.h>
>> #include <time.h>
>> @@ -144,6 +149,14 @@ int av_random(uint8_t* buf, size_t len)
>> return 0;
>> #endif
>>
>> +#if CONFIG_GCRYPT
>> + gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
>> + return 0;
>> +#elif CONFIG_OPENSSL
>> + if (RAND_bytes(buf, len))
>
> (RAND_bytes(buf, len) == 1) is more in line with openssl docs.
It's not just in line, it's the correct check, as -1 (error) would also
evaluated as a success with this check. Good catch.
This should probably be fixed in hlsenc for existing releases.
>
> Regards,
> Marton
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
2023-07-04 19:59 ` Anton Khirnov
@ 2023-07-04 20:08 ` James Almer
2023-07-04 20:14 ` Anton Khirnov
2023-07-04 20:14 ` Anton Khirnov
0 siblings, 2 replies; 12+ messages in thread
From: James Almer @ 2023-07-04 20:08 UTC (permalink / raw)
To: ffmpeg-devel
On 7/4/2023 4:59 PM, Anton Khirnov wrote:
>>
>> Not if any of the functions above were called but failed to fill the buffer.
>>
>> I could add return AVERROR(ENOSYS) to the HAVE_UNISTD_H block, and
>> return AVERROR_INVALIDDATA outside.
>
> AVERROR_INVALIDDATA is defined as 'Invalid data found when processing
> input'.
> This function does not process any input, so IMO that code never makes
> sense for it.
>
> I'd say make it ENOSYS, AVERROR_UNKNOWN, or keep around one of
> individual method errors.
For the cases read() is used for /dev/random/, i can return
AVERROR(errno), given the doxy states read() returns -1 on error and
sets errno to some value. Although if it succeeds and returns a value
smaller than len i would need to return AVERROR_UNKNOWN like you suggested.
RAND_bytes from OpenSSL returns 0 or -1 on error, so nothing i can
propagate.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
2023-07-04 20:08 ` James Almer
@ 2023-07-04 20:14 ` Anton Khirnov
2023-07-04 20:18 ` James Almer
2023-07-04 20:14 ` Anton Khirnov
1 sibling, 1 reply; 12+ messages in thread
From: Anton Khirnov @ 2023-07-04 20:14 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Quoting James Almer (2023-07-04 22:08:40)
> On 7/4/2023 4:59 PM, Anton Khirnov wrote:
> >>
> >> Not if any of the functions above were called but failed to fill the buffer.
> >>
> >> I could add return AVERROR(ENOSYS) to the HAVE_UNISTD_H block, and
> >> return AVERROR_INVALIDDATA outside.
> >
> > AVERROR_INVALIDDATA is defined as 'Invalid data found when processing
> > input'.
> > This function does not process any input, so IMO that code never makes
> > sense for it.
> >
> > I'd say make it ENOSYS, AVERROR_UNKNOWN, or keep around one of
> > individual method errors.
>
> For the cases read() is used for /dev/random/, i can return
> AVERROR(errno), given the doxy states read() returns -1 on error and
> sets errno to some value. Although if it succeeds and returns a value
> smaller than len i would need to return AVERROR_UNKNOWN like you suggested.
I wonder if we should be trying /dev/random at all. I cannot think of
any remotely sane configuration where /dev/urandom fails, but
/dev/random works. So it only makes sense to use /dev/urandom.
--
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
2023-07-04 20:08 ` James Almer
2023-07-04 20:14 ` Anton Khirnov
@ 2023-07-04 20:14 ` Anton Khirnov
1 sibling, 0 replies; 12+ messages in thread
From: Anton Khirnov @ 2023-07-04 20:14 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Quoting James Almer (2023-07-04 22:08:40)
>
> RAND_bytes from OpenSSL returns 0 or -1 on error, so nothing i can
> propagate.
That's AVERROR_EXTERNAL then.
--
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
2023-07-04 20:14 ` Anton Khirnov
@ 2023-07-04 20:18 ` James Almer
2023-07-04 20:24 ` Anton Khirnov
0 siblings, 1 reply; 12+ messages in thread
From: James Almer @ 2023-07-04 20:18 UTC (permalink / raw)
To: ffmpeg-devel
On 7/4/2023 5:14 PM, Anton Khirnov wrote:
> Quoting James Almer (2023-07-04 22:08:40)
>> On 7/4/2023 4:59 PM, Anton Khirnov wrote:
>>>>
>>>> Not if any of the functions above were called but failed to fill the buffer.
>>>>
>>>> I could add return AVERROR(ENOSYS) to the HAVE_UNISTD_H block, and
>>>> return AVERROR_INVALIDDATA outside.
>>>
>>> AVERROR_INVALIDDATA is defined as 'Invalid data found when processing
>>> input'.
>>> This function does not process any input, so IMO that code never makes
>>> sense for it.
>>>
>>> I'd say make it ENOSYS, AVERROR_UNKNOWN, or keep around one of
>>> individual method errors.
>>
>> For the cases read() is used for /dev/random/, i can return
>> AVERROR(errno), given the doxy states read() returns -1 on error and
>> sets errno to some value. Although if it succeeds and returns a value
>> smaller than len i would need to return AVERROR_UNKNOWN like you suggested.
>
> I wonder if we should be trying /dev/random at all. I cannot think of
> any remotely sane configuration where /dev/urandom fails, but
> /dev/random works. So it only makes sense to use /dev/urandom.
I think the problem is that one may not generate the requested amount of
bytes.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random()
2023-07-04 20:18 ` James Almer
@ 2023-07-04 20:24 ` Anton Khirnov
0 siblings, 0 replies; 12+ messages in thread
From: Anton Khirnov @ 2023-07-04 20:24 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Quoting James Almer (2023-07-04 22:18:40)
> On 7/4/2023 5:14 PM, Anton Khirnov wrote:
> > Quoting James Almer (2023-07-04 22:08:40)
> >> On 7/4/2023 4:59 PM, Anton Khirnov wrote:
> >>>>
> >>>> Not if any of the functions above were called but failed to fill the buffer.
> >>>>
> >>>> I could add return AVERROR(ENOSYS) to the HAVE_UNISTD_H block, and
> >>>> return AVERROR_INVALIDDATA outside.
> >>>
> >>> AVERROR_INVALIDDATA is defined as 'Invalid data found when processing
> >>> input'.
> >>> This function does not process any input, so IMO that code never makes
> >>> sense for it.
> >>>
> >>> I'd say make it ENOSYS, AVERROR_UNKNOWN, or keep around one of
> >>> individual method errors.
> >>
> >> For the cases read() is used for /dev/random/, i can return
> >> AVERROR(errno), given the doxy states read() returns -1 on error and
> >> sets errno to some value. Although if it succeeds and returns a value
> >> smaller than len i would need to return AVERROR_UNKNOWN like you suggested.
> >
> > I wonder if we should be trying /dev/random at all. I cannot think of
> > any remotely sane configuration where /dev/urandom fails, but
> > /dev/random works. So it only makes sense to use /dev/urandom.
>
> I think the problem is that one may not generate the requested amount of
> bytes.
It may happen that /dev/random blocks, but /dev/urandom should not. On
Linux, the manpage says:
Since Linux 3.16, a read(2) from /dev/urandom will return at most
32 MB. A read(2) from /dev/random will return at most 512 bytes
(340 bytes be‐ fore Linux 2.6.12).
so we may want to read in a loop if we want to handle callers requesting
very large amounts of data (though I can't think of a valid use case for
that).
But however it may be, it should never happen that /dev/urandom is not
usable, but /dev/random is.
--
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-07-04 20:24 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-04 18:50 [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random() James Almer
2023-07-04 18:50 ` [FFmpeg-devel] [PATCH 2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness James Almer
2023-07-04 20:02 ` Marton Balint
2023-07-04 20:07 ` James Almer
2023-07-04 19:34 ` [FFmpeg-devel] [PATCH 1/2] avutil/random_seed: add av_random() Marton Balint
2023-07-04 19:42 ` James Almer
2023-07-04 19:59 ` Anton Khirnov
2023-07-04 20:08 ` James Almer
2023-07-04 20:14 ` Anton Khirnov
2023-07-04 20:18 ` James Almer
2023-07-04 20:24 ` Anton Khirnov
2023-07-04 20:14 ` Anton Khirnov
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git