From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id EECF346BC5
	for <ffmpegdev@gitmailbox.com>; Tue,  4 Jul 2023 20:47:33 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 179B068C640;
	Tue,  4 Jul 2023 23:47:30 +0300 (EEST)
Received: from mail-oa1-f45.google.com (mail-oa1-f45.google.com
 [209.85.160.45])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C64E868C424
 for <ffmpeg-devel@ffmpeg.org>; Tue,  4 Jul 2023 23:47:23 +0300 (EEST)
Received: by mail-oa1-f45.google.com with SMTP id
 586e51a60fabf-1b055510c9dso3986426fac.0
 for <ffmpeg-devel@ffmpeg.org>; Tue, 04 Jul 2023 13:47:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1688503642; x=1691095642;
 h=content-transfer-encoding:in-reply-to:references:to:from
 :content-language:subject:user-agent:mime-version:date:message-id
 :from:to:cc:subject:date:message-id:reply-to;
 bh=lA9WOyKvBhN4nPNivyCdiHLrxreVWCZSbuvcNeBIwcw=;
 b=RPPnpToBJH7iZvNh/ZmV1Sej82/WsB812RCXnC9f4qdErmwhG4H2rK1vRWt1uFsILl
 9LSiEUYnEScI4thNXU4sxycT1cX+mjP3QPy2PtAFtFvstZ0OoqORvFSEXInyMShx98tf
 SRtSrPceWo2+3nAVUC5lSCZv9qAjZk7JeEX7RuCQcfLyw1aejwrvvc/sOfv8WDW/QM5Z
 ZaykLGifB/yaVw5sso0vp4zJdXRiOs3XPgDCKAPBWHiueNB/CS7KnGB2hQptlU2c+J6d
 I1SUdUIsXEOcw9NS352MeU/b4PvERvnmxYCq6/t8qjcCtcQhokrbs+tIfM/HakDy8wLq
 Jv6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1688503642; x=1691095642;
 h=content-transfer-encoding:in-reply-to:references:to:from
 :content-language:subject:user-agent:mime-version:date:message-id
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=lA9WOyKvBhN4nPNivyCdiHLrxreVWCZSbuvcNeBIwcw=;
 b=cyA0qDLGSOUvuU+o7jYyBdlRg5ZOqF3O7WkfCpdOyg823Ng2S4/13Ge+GplmolM9JD
 PTII8lUDoNsjtNNwuRWagjHIPBXORPwZ1uDv/qMtwr8d8vSSQiA7r0F+PrJzzgliuIGw
 3D9W1CKdlrZYyfmZ3GG3t7vUoQzZQDdghhrePBevQ3Zj7+btaYqIz7kDS/IE1zz/IU5T
 ibRi7wbrZAuVtPtRaHam2LBUolyEMM1uenVhEUsbjKOaAeal/ZQzQC3aoXAh2tMcYAIb
 acCHD2PMwMxLe7+WW7uW2FqnYZgoUEUbt+yYL6ELSwt5qe+Xkkjjv1fl89p/+HQwQMo+
 katg==
X-Gm-Message-State: AC+VfDynbCdB9PeSTyZBCYh7i9CDPPMP7kaT70BrEsb/QKKRVKe7/ekn
 1kttc2i9FLoHJez5wpuo35m44ZVPSBI=
X-Google-Smtp-Source: ACHHUZ7zP+9YKBTdPxUXOqpG/MBocE1Za2EKJEeZpvhBxIzHNXsD+T5h2fOTMa5PGuXy6h2F0Jwe0g==
X-Received: by 2002:a05:6808:1a03:b0:3a3:63b8:fdc7 with SMTP id
 bk3-20020a0568081a0300b003a363b8fdc7mr12969708oib.38.1688503641933; 
 Tue, 04 Jul 2023 13:47:21 -0700 (PDT)
Received: from [192.168.0.12] (host197.190-225-105.telecom.net.ar.
 [190.225.105.197]) by smtp.gmail.com with ESMTPSA id
 bf39-20020a056808192700b003a1d29f0549sm9511084oib.15.2023.07.04.13.47.21
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Tue, 04 Jul 2023 13:47:21 -0700 (PDT)
Message-ID: <8522753a-4de2-783b-a436-361d424b825b@gmail.com>
Date: Tue, 4 Jul 2023 17:47:23 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.12.0
Content-Language: en-US
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
References: <20230704204128.2510-1-jamrial@gmail.com>
In-Reply-To: <20230704204128.2510-1-jamrial@gmail.com>
Subject: Re: [FFmpeg-devel] [PATCH v2 1/2] avutil/random_seed: add
 av_random()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/8522753a-4de2-783b-a436-361d424b825b@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On 7/4/2023 5:41 PM, James Almer wrote:
> Uses the existing code for av_get_random_seed() to return a buffer with
> cryptographically secure random data, or an error if none could be generated.
> 
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
>   libavutil/random_seed.c | 54 ++++++++++++++++++++++++++++-------------
>   libavutil/random_seed.h | 12 +++++++++
>   2 files changed, 49 insertions(+), 17 deletions(-)
> 
> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
> index 66dd504ef0..0ed8f89cc6 100644
> --- a/libavutil/random_seed.c
> +++ b/libavutil/random_seed.c
> @@ -46,20 +46,22 @@
>   #define TEST 0
>   #endif
>   
> -static int read_random(uint32_t *dst, const char *file)
> -{
>   #if HAVE_UNISTD_H
> +static int read_random(uint8_t *dst, size_t len, const char *file)
> +{
>       int fd = avpriv_open(file, O_RDONLY);
> -    int err = -1;
> +    ssize_t err = -1;
>   
> +    if (len > SSIZE_MAX)
> +        return -1;
>       if (fd == -1)
>           return -1;
> -    err = read(fd, dst, sizeof(*dst));
> +    err = read(fd, dst, len);
>       close(fd);
> +    if (err == -1)
> +        return AVERROR(errno);
>   
> -    return err;
> -#else
> -    return -1;
> +    return err == len;
>   #endif
>   }
>   
> @@ -118,29 +120,47 @@ static uint32_t get_generic_seed(void)
>       return AV_RB32(digest) + AV_RB32(digest + 16);
>   }
>   
> -uint32_t av_get_random_seed(void)
> +int av_random(uint8_t* buf, size_t len)
>   {
> -    uint32_t seed;
> +    int err = AVERROR_UNKNOWN;

Changed this locally to AVERROR(ENOSYS), which is the more correct error 
value if nothing below is available.

Will send a v3 with that change after this one is reviewed anyway since 
this code is delicate and i want to push exactly what was approved.

>   
>   #if HAVE_BCRYPT
>       BCRYPT_ALG_HANDLE algo_handle;
>       NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
>                                                  MS_PRIMITIVE_PROVIDER, 0);
>       if (BCRYPT_SUCCESS(ret)) {
> -        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
> +        NTSTATUS ret = BCryptGenRandom(algo_handle, (PUCHAR)buf, len, 0);
>           BCryptCloseAlgorithmProvider(algo_handle, 0);
>           if (BCRYPT_SUCCESS(ret))
> -            return seed;
> +            return 0;
>       }
>   #endif
>   
>   #if HAVE_ARC4RANDOM
> -    return arc4random();
> +    arc4random_buf(buf, len);
> +    return 0;
> +#endif
> +
> +#if HAVE_UNISTD_H
> +    err = read_random(buf, len, "/dev/urandom");
> +    if (err == 1)
> +        return 0;
> +    err = read_random(buf, len, "/dev/random");
> +    if (err == 1)
> +        return 0;
> +    if (err == 0)
> +	    err = AVERROR_UNKNOWN;
>   #endif
>   
> -    if (read_random(&seed, "/dev/urandom") == sizeof(seed))
> -        return seed;
> -    if (read_random(&seed, "/dev/random")  == sizeof(seed))
> -        return seed;
> -    return get_generic_seed();
> +    return err;
> +}
> +
> +uint32_t av_get_random_seed(void)
> +{
> +    uint32_t seed;
> +
> +    if (av_random((uint8_t *)&seed, sizeof(seed)) < 0)
> +        return get_generic_seed();
> +
> +    return seed;
>   }
> diff --git a/libavutil/random_seed.h b/libavutil/random_seed.h
> index 0462a048e0..ce982bb82f 100644
> --- a/libavutil/random_seed.h
> +++ b/libavutil/random_seed.h
> @@ -36,6 +36,18 @@
>    */
>   uint32_t av_get_random_seed(void);
>   
> +/**
> + * Generate cryptographically secure random data, i.e. suitable for use as
> + * encryption keys and similar.
> + *
> + * @param buf buffer into which the random data will be written
> + * @param len size of buf in bytes
> + *
> + * @retval 0 success, and len bytes of random data was written into buf, or
> + *         a negative AVERROR code if random data could not be generated.
> + */
> +int av_random(uint8_t* buf, size_t len);
> +
>   /**
>    * @}
>    */
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".