PyOpenSSL removed rand module. Stop using it. Fixes #8731

This commit is contained in:
Yann Leboulanger 2017-09-20 11:39:55 +02:00
parent f6deff2cd0
commit ab60bcbe85
3 changed files with 2 additions and 76 deletions

View File

@ -144,8 +144,7 @@ class ConfigPaths:
d = {'LOG_DB': 'logs.db', 'MY_CACERTS': 'cacerts.pem',
'MY_EMOTS': 'emoticons', 'MY_ICONSETS': 'iconsets',
'MY_MOOD_ICONSETS': 'moods', 'MY_ACTIVITY_ICONSETS': 'activities',
'PLUGINS_USER': 'plugins',
'RNG_SEED': 'rng_seed'}
'PLUGINS_USER': 'plugins'}
for name in d:
d[name] += profile
self.add(name, Type.DATA, windowsify(d[name]))

View File

@ -76,54 +76,8 @@ def base28(n):
else:
return base28_chr[n]
def add_entropy_sources_OpenSSL():
# Other possibly variable data. This are very low quality sources of
# entropy, but some of them are installation dependent and can be hard
# to guess for the attacker.
# Data available on all platforms Unix, Windows
sources = [sys.argv, sys.builtin_module_names,
sys.copyright, sys.getfilesystemencoding(), sys.hexversion,
sys.modules, sys.path, sys.version, sys.api_version,
os.environ, os.getcwd(), os.getpid()]
for s in sources:
OpenSSL.rand.add(str(s).encode('utf-8'), 1)
# On Windows add the current contents of the screen to the PRNG state.
# if os.name == 'nt':
# OpenSSL.rand.screen()
# The /proc filesystem on POSIX systems contains many random variables:
# memory statistics, interrupt counts, network packet counts
if os.name == 'posix':
dirs = ['/proc', '/proc/net', '/proc/self']
for d in dirs:
if os.access(d, os.R_OK):
for filename in os.listdir(d):
OpenSSL.rand.add(filename.encode('utf-8'), 0)
try:
with open(d + os.sep + filename, "r") as fp:
# Limit the ammount of read bytes, in case a memory
# file was opened
OpenSSL.rand.add(str(fp.read(5000)).encode('utf-8'),
1)
except:
# Ignore all read and access errors
pass
PYOPENSSL_PRNG_PRESENT = False
try:
import OpenSSL.rand
PYOPENSSL_PRNG_PRESENT = True
except ImportError:
# PyOpenSSL PRNG not available
pass
def random_bytes(bytes_):
if PYOPENSSL_PRNG_PRESENT:
OpenSSL.rand.add(os.urandom(bytes_), bytes_)
return OpenSSL.rand.bytes(bytes_)
else:
return os.urandom(bytes_)
return os.urandom(bytes_)
def generate_nonce():
return random_bytes(8)

View File

@ -52,12 +52,6 @@ from gi.repository import GLib, Gio, Gtk
from gajim.common import i18n
from gajim.common import logging_helpers
from gajim.common import crypto
try:
PYOPENSSL_PRNG_PRESENT = True
import OpenSSL.rand
except ImportError:
print('PyOpenSSL not available, impossible to generate entropy', file=sys.stderr)
PYOPENSSL_PRNG_PRESENT = False
MIN_NBXMPP_VER = "0.5.6"
@ -104,7 +98,6 @@ class GajimApplication(Gtk.Application):
self.config_path = None
self.profile_separation = False
self.interface = None
self.rng_seed = None
GLib.set_prgname('gajim')
if GLib.get_application_name() != 'Gajim':
@ -206,20 +199,6 @@ class GajimApplication(Gtk.Application):
elif sysname in ('FreeBSD', 'OpenBSD', 'NetBSD'):
libc.setproctitle('gajim')
# Seed the OpenSSL pseudo random number generator from file and initialize
if PYOPENSSL_PRNG_PRESENT:
self.rng_seed = app.gajimpaths['RNG_SEED']
# Seed from file
try:
OpenSSL.rand.load_file(self.rng_seed)
except TypeError:
OpenSSL.rand.load_file(self.rng_seed.encode('utf-8'))
crypto.add_entropy_sources_OpenSSL()
try:
OpenSSL.rand.write_file(self.rng_seed)
except TypeError:
OpenSSL.rand.write_file(self.rng_seed.encode('utf-8'))
def sigint_cb(num, stack):
print('SIGINT/SIGTERM received')
self.quit()
@ -249,12 +228,6 @@ class GajimApplication(Gtk.Application):
def do_shutdown(self, *args):
Gtk.Application.do_shutdown(self)
# Save the entropy from OpenSSL PRNG
if PYOPENSSL_PRNG_PRESENT and self.rng_seed:
try:
OpenSSL.rand.write_file(self.rng_seed)
except TypeError:
OpenSSL.rand.write_file(self.rng_seed.encode('utf-8'))
# Shutdown GUI and save config
if hasattr(self.interface, 'roster') and self.interface.roster:
self.interface.roster.prepare_quit()