[FFmpeg-devel] [PATCH] lavu/random_seed: use getrandom() when available

Marton Balint cus at passwd.hu
Sun Jul 9 19:23:29 EEST 2023



On Sun, 9 Jul 2023, Anton Khirnov wrote:

> Quoting Marton Balint (2023-07-07 22:02:26)
>>
>>
>> On Fri, 7 Jul 2023, Anton Khirnov wrote:
>>
>>> It is a better interface for /dev/u?random on Linux, which avoids the
>>> issues associated with opening files.
>>
>>
>> getrandom() actually have the same problem as read(). It can read less
>> than requested. So you should use it in a loop in that case or if it
>> returns EINTR.
>
> I'm not convinced it's actually a problem.
>
> This API is intended for small secrets like keys and such, somebody
> trying to generate vast quantities of random data is likely misusing it
> and could just as well use LFG or something.
>
> Failing in that case seems like a good thing to me.

This is a very bad argument. If the API should not be used for big 
secrets, then it should always fail for size > 256 or something, not 
sometimes fail. And such limitation should be documented.

And its not just about big secrets. EINTR can be returned for small 
secrets as well, and you should handle it.

I also question if it is a good idea to use the non blocking mode. Imagine 
a situation when somebody wants to automatically start a command line 
after boot which needs a key. It might fail right after boot, but will 
work after a couple of minutes. IMHO it is better to block (1-2 minute 
tops) than making the function sometimes work, sometimes not.

Regards,
Marton


More information about the ffmpeg-devel mailing list