[FFmpeg-devel] [PATCH 2/2] avutil/random_seed: ass support for gcrypt and OpenSSL as source of randomness

James Almer jamrial at gmail.com
Tue Jul 4 23:07:06 EEST 2023


On 7/4/2023 5:02 PM, Marton Balint wrote:
> 
> 
> On Tue, 4 Jul 2023, James Almer wrote:
> 
>> Signed-off-by: James Almer <jamrial at gmail.com>
>> ---
> 
> In the commit message s/ass/add/
> 
>> I put these after /dev/random/ to not change the current behavior of
>> av_get_random_seed(), but if either of these are prefered i can move 
>> them up.
>>
>> configure               |  2 +-
>> libavutil/random_seed.c | 13 +++++++++++++
>> 2 files changed, 14 insertions(+), 1 deletion(-)
>>
>> diff --git a/configure b/configure
>> index 107d533b3e..d6e78297fe 100755
>> --- a/configure
>> +++ b/configure
>> @@ -3892,7 +3892,7 @@ avfilter_deps="avutil"
>> avfilter_suggest="libm stdatomic"
>> avformat_deps="avcodec avutil"
>> avformat_suggest="libm network zlib stdatomic"
>> -avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl 
>> user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia 
>> bcrypt stdatomic"
>> +avutil_suggest="clock_gettime ffnvcodec gcrypt libm libdrm libmfx 
>> opencl openssl user32 vaapi vulkan videotoolbox corefoundation 
>> corevideo coremedia bcrypt stdatomic"
>> postproc_deps="avutil gpl"
>> postproc_suggest="libm stdatomic"
>> swresample_deps="avutil"
>> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
>> index 39fb27c5ad..e8967c0cfe 100644
>> --- a/libavutil/random_seed.c
>> +++ b/libavutil/random_seed.c
>> @@ -30,6 +30,11 @@
>> #include <windows.h>
>> #include <bcrypt.h>
>> #endif
>> +#if CONFIG_GCRYPT
>> +#include <gcrypt.h>
>> +#elif CONFIG_OPENSSL
>> +#include <openssl/rand.h>
>> +#endif
>> #include <fcntl.h>
>> #include <math.h>
>> #include <time.h>
>> @@ -144,6 +149,14 @@ int av_random(uint8_t* buf, size_t len)
>>         return 0;
>> #endif
>>
>> +#if CONFIG_GCRYPT
>> +    gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
>> +    return 0;
>> +#elif CONFIG_OPENSSL
>> +    if (RAND_bytes(buf, len))
> 
> (RAND_bytes(buf, len) == 1) is more in line with openssl docs.

It's not just in line, it's the correct check, as -1 (error) would also 
evaluated as a success with this check. Good catch.

This should probably be fixed in hlsenc for existing releases.

> 
> Regards,
> Marton
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".


More information about the ffmpeg-devel mailing list