[FFmpeg-devel] [PATCH 1/2] avformat/hlsenc: fall back to av_get_random_seed() when generating AES128 key

Anton Khirnov anton at khirnov.net
Tue Jul 4 00:09:54 EEST 2023


Quoting Marton Balint (2023-07-03 22:54:41)
> On Mon, 3 Jul 2023, Anton Khirnov wrote:
> My patch use av_get_random_seed() which uses what the underlying OS 
> provides, BCrypt for Windows, /dev/urandom for Linux, arc4random() for 
> BSD/Mac.

IOW it's a jungle of various paths, some of which are not guaranteed to
be cryptographically secure. I see no such guarantees for arc4random()
from a brief web search, and the fallback get_generic_seed() certainly
is not either. Granted it's only used on obscure architectures, but
still.

The doxy even says
> This function tries to provide a good seed at a best effort bases.

> You really think that these are significantly worse than
> OpenSSL/GCrypt, so it should not be allowed to fallback to?

I think we should be using cryptographically secure PRNG for generating
encryption keys, or fail when they are not available. If you want to get
rid of the openssl dependency, IMO the best solution is a new
  int av_random(uint8_t* buf, size_t len);
that guarantees either cryptographically secure randomness or an error.

-- 
Anton Khirnov


More information about the ffmpeg-devel mailing list