1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
|
/*
* Copyright (c) 2009 Baptiste Coudurier <baptiste.coudurier@gmail.com>
*
* This file is part of FFmpeg.
*
* FFmpeg is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* FFmpeg is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with FFmpeg; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "config.h"
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#if HAVE_IO_H
#include <io.h>
#endif
#if HAVE_BCRYPT
#include <windows.h>
#include <bcrypt.h>
#endif
#if CONFIG_GCRYPT
#include <gcrypt.h>
#elif CONFIG_OPENSSL
#include <openssl/rand.h>
#endif
#include <fcntl.h>
#include <math.h>
#include <time.h>
#include <string.h>
#include "avassert.h"
#include "file_open.h"
#include "internal.h"
#include "intreadwrite.h"
#include "timer.h"
#include "random_seed.h"
#include "sha.h"
#ifndef TEST
#define TEST 0
#endif
static int read_random(uint8_t *dst, size_t len, const char *file)
{
#if HAVE_UNISTD_H
FILE *fp = avpriv_fopen_utf8(file, "r");
size_t err;
if (!fp)
return AVERROR_UNKNOWN;
setvbuf(fp, NULL, _IONBF, 0);
err = fread(dst, 1, len, fp);
fclose(fp);
if (err != len)
return AVERROR_UNKNOWN;
return 0;
#else
return AVERROR(ENOSYS);
#endif
}
static uint32_t get_generic_seed(void)
{
uint64_t tmp[120/8];
struct AVSHA *sha = (void*)tmp;
clock_t last_t = 0;
clock_t last_td = 0;
clock_t init_t = 0;
static uint64_t i = 0;
static uint32_t buffer[512] = { 0 };
unsigned char digest[20];
uint64_t last_i = i;
int repeats[3] = { 0 };
av_assert0(sizeof(tmp) >= av_sha_size);
if(TEST){
memset(buffer, 0, sizeof(buffer));
last_i = i = 0;
}else{
#ifdef AV_READ_TIME
buffer[13] ^= AV_READ_TIME();
buffer[41] ^= AV_READ_TIME()>>32;
#endif
}
for (;;) {
clock_t t = clock();
int incremented_i = 0;
int cur_td = t - last_t;
if (last_t + 2*last_td + (CLOCKS_PER_SEC > 1000) < t) {
// If the timer incremented by more than 2*last_td at once,
// we may e.g. have had a context switch. If the timer resolution
// is high (CLOCKS_PER_SEC > 1000), require that the timer
// incremented by more than 1. If the timer resolution is low,
// it is enough that the timer incremented at all.
buffer[++i & 511] += cur_td % 3294638521U;
incremented_i = 1;
} else if (t != last_t && repeats[0] > 0 && repeats[1] > 0 &&
repeats[2] > 0 && repeats[0] != repeats[1] &&
repeats[0] != repeats[2]) {
// If the timer resolution is high, and we get the same timer
// value multiple times, use variances in the number of repeats
// of each timer value as entropy. If we get a different number of
// repeats than the last two unique cases, count that as entropy
// and proceed to the next index.
buffer[++i & 511] += (repeats[0] + repeats[1] + repeats[2]) % 3294638521U;
incremented_i = 1;
} else {
buffer[i & 511] = 1664525*buffer[i & 511] + 1013904223 + (cur_td % 3294638521U);
}
if (incremented_i && (t - init_t) >= CLOCKS_PER_SEC>>5) {
if (last_i && i - last_i > 4 || i - last_i > 64 || TEST && i - last_i > 8)
break;
}
if (t == last_t) {
repeats[0]++;
} else {
// If we got a new unique number of repeats, update the history.
if (repeats[0] != repeats[1]) {
repeats[2] = repeats[1];
repeats[1] = repeats[0];
}
repeats[0] = 0;
}
last_t = t;
last_td = cur_td;
if (!init_t)
init_t = t;
}
if(TEST) {
buffer[0] = buffer[1] = 0;
} else {
#ifdef AV_READ_TIME
buffer[111] += AV_READ_TIME();
#endif
}
av_sha_init(sha, 160);
av_sha_update(sha, (const uint8_t *)buffer, sizeof(buffer));
av_sha_final(sha, digest);
return AV_RB32(digest) + AV_RB32(digest + 16);
}
int av_random_bytes(uint8_t* buf, size_t len)
{
int err;
#if HAVE_BCRYPT
BCRYPT_ALG_HANDLE algo_handle;
NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
MS_PRIMITIVE_PROVIDER, 0);
if (BCRYPT_SUCCESS(ret)) {
NTSTATUS ret = BCryptGenRandom(algo_handle, (PUCHAR)buf, len, 0);
BCryptCloseAlgorithmProvider(algo_handle, 0);
if (BCRYPT_SUCCESS(ret))
return 0;
}
#endif
#if HAVE_ARC4RANDOM_BUF
arc4random_buf(buf, len);
return 0;
#endif
err = read_random(buf, len, "/dev/urandom");
if (!err)
return err;
#if CONFIG_GCRYPT
gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
return 0;
#elif CONFIG_OPENSSL
if (RAND_bytes(buf, len) == 1)
return 0;
return AVERROR_EXTERNAL;
#else
return err;
#endif
}
uint32_t av_get_random_seed(void)
{
uint32_t seed;
if (av_random_bytes((uint8_t *)&seed, sizeof(seed)) < 0)
return get_generic_seed();
return seed;
}
|
