+static int randomize(uint8_t *buf, int len)
+{
+#if CONFIG_GCRYPT
+ gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
+ return 0;
+#elif CONFIG_OPENSSL
+ if (RAND_bytes(buf, len))
+ return 0;
+#else
+ return AVERROR(ENOSYS);
+#endif
+ return AVERROR(EINVAL);
+}
+
+static int do_encrypt(AVFormatContext *s)
+{
+ HLSContext *hls = s->priv_data;
+ int ret;
+ int len;
+ AVIOContext *pb;
+ uint8_t key[KEYSIZE];
+
+ len = strlen(hls->basename) + 4 + 1;
+ hls->key_basename = av_mallocz(len);
+ if (!hls->key_basename)
+ return AVERROR(ENOMEM);
+
+ av_strlcpy(hls->key_basename, s->filename, len);
+ av_strlcat(hls->key_basename, ".key", len);
+
+ if (hls->key_url) {
+ strncpy(hls->key_file, hls->key_url, sizeof(hls->key_file));
+ strncpy(hls->key_uri, hls->key_url, sizeof(hls->key_uri));
+ } else {
+ strncpy(hls->key_file, hls->key_basename, sizeof(hls->key_file));
+ strncpy(hls->key_uri, hls->key_basename, sizeof(hls->key_uri));
+ }
+
+ if (!*hls->iv_string) {
+ uint8_t iv[16] = { 0 };
+ char buf[33];
+
+ if (!hls->iv) {
+ AV_WB64(iv + 8, hls->sequence);
+ } else {
+ memcpy(iv, hls->iv, sizeof(iv));
+ }
+ ff_data_to_hex(buf, iv, sizeof(iv), 0);
+ buf[32] = '\0';
+ memcpy(hls->iv_string, buf, sizeof(hls->iv_string));
+ }
+
+ if (!*hls->key_uri) {
+ av_log(hls, AV_LOG_ERROR, "no key URI specified in key info file\n");
+ return AVERROR(EINVAL);
+ }
+
+ if (!*hls->key_file) {
+ av_log(hls, AV_LOG_ERROR, "no key file specified in key info file\n");
+ return AVERROR(EINVAL);
+ }
+
+ if (!*hls->key_string) {
+ if (!hls->key) {
+ if ((ret = randomize(key, sizeof(key))) < 0) {
+ av_log(s, AV_LOG_ERROR, "Cannot generate a strong random key\n");
+ return ret;
+ }
+ } else {
+ memcpy(key, hls->key, sizeof(key));
+ }
+
+ ff_data_to_hex(hls->key_string, key, sizeof(key), 0);
+ if ((ret = s->io_open(s, &pb, hls->key_file, AVIO_FLAG_WRITE, NULL)) < 0)
+ return ret;
+ avio_seek(pb, 0, SEEK_CUR);
+ avio_write(pb, key, KEYSIZE);
+ avio_close(pb);
+ }
+ return 0;
+}
+
+