PyOpenSSL removed rand module. Stop using it. Fixes #8731
This commit is contained in:
parent
f6deff2cd0
commit
ab60bcbe85
|
@ -144,8 +144,7 @@ class ConfigPaths:
|
|||
d = {'LOG_DB': 'logs.db', 'MY_CACERTS': 'cacerts.pem',
|
||||
'MY_EMOTS': 'emoticons', 'MY_ICONSETS': 'iconsets',
|
||||
'MY_MOOD_ICONSETS': 'moods', 'MY_ACTIVITY_ICONSETS': 'activities',
|
||||
'PLUGINS_USER': 'plugins',
|
||||
'RNG_SEED': 'rng_seed'}
|
||||
'PLUGINS_USER': 'plugins'}
|
||||
for name in d:
|
||||
d[name] += profile
|
||||
self.add(name, Type.DATA, windowsify(d[name]))
|
||||
|
|
|
@ -76,54 +76,8 @@ def base28(n):
|
|||
else:
|
||||
return base28_chr[n]
|
||||
|
||||
def add_entropy_sources_OpenSSL():
|
||||
# Other possibly variable data. This are very low quality sources of
|
||||
# entropy, but some of them are installation dependent and can be hard
|
||||
# to guess for the attacker.
|
||||
# Data available on all platforms Unix, Windows
|
||||
sources = [sys.argv, sys.builtin_module_names,
|
||||
sys.copyright, sys.getfilesystemencoding(), sys.hexversion,
|
||||
sys.modules, sys.path, sys.version, sys.api_version,
|
||||
os.environ, os.getcwd(), os.getpid()]
|
||||
|
||||
for s in sources:
|
||||
OpenSSL.rand.add(str(s).encode('utf-8'), 1)
|
||||
|
||||
# On Windows add the current contents of the screen to the PRNG state.
|
||||
# if os.name == 'nt':
|
||||
# OpenSSL.rand.screen()
|
||||
# The /proc filesystem on POSIX systems contains many random variables:
|
||||
# memory statistics, interrupt counts, network packet counts
|
||||
if os.name == 'posix':
|
||||
dirs = ['/proc', '/proc/net', '/proc/self']
|
||||
for d in dirs:
|
||||
if os.access(d, os.R_OK):
|
||||
for filename in os.listdir(d):
|
||||
OpenSSL.rand.add(filename.encode('utf-8'), 0)
|
||||
try:
|
||||
with open(d + os.sep + filename, "r") as fp:
|
||||
# Limit the ammount of read bytes, in case a memory
|
||||
# file was opened
|
||||
OpenSSL.rand.add(str(fp.read(5000)).encode('utf-8'),
|
||||
1)
|
||||
except:
|
||||
# Ignore all read and access errors
|
||||
pass
|
||||
|
||||
PYOPENSSL_PRNG_PRESENT = False
|
||||
try:
|
||||
import OpenSSL.rand
|
||||
PYOPENSSL_PRNG_PRESENT = True
|
||||
except ImportError:
|
||||
# PyOpenSSL PRNG not available
|
||||
pass
|
||||
|
||||
def random_bytes(bytes_):
|
||||
if PYOPENSSL_PRNG_PRESENT:
|
||||
OpenSSL.rand.add(os.urandom(bytes_), bytes_)
|
||||
return OpenSSL.rand.bytes(bytes_)
|
||||
else:
|
||||
return os.urandom(bytes_)
|
||||
return os.urandom(bytes_)
|
||||
|
||||
def generate_nonce():
|
||||
return random_bytes(8)
|
||||
|
|
|
@ -52,12 +52,6 @@ from gi.repository import GLib, Gio, Gtk
|
|||
from gajim.common import i18n
|
||||
from gajim.common import logging_helpers
|
||||
from gajim.common import crypto
|
||||
try:
|
||||
PYOPENSSL_PRNG_PRESENT = True
|
||||
import OpenSSL.rand
|
||||
except ImportError:
|
||||
print('PyOpenSSL not available, impossible to generate entropy', file=sys.stderr)
|
||||
PYOPENSSL_PRNG_PRESENT = False
|
||||
|
||||
MIN_NBXMPP_VER = "0.5.6"
|
||||
|
||||
|
@ -104,7 +98,6 @@ class GajimApplication(Gtk.Application):
|
|||
self.config_path = None
|
||||
self.profile_separation = False
|
||||
self.interface = None
|
||||
self.rng_seed = None
|
||||
|
||||
GLib.set_prgname('gajim')
|
||||
if GLib.get_application_name() != 'Gajim':
|
||||
|
@ -206,20 +199,6 @@ class GajimApplication(Gtk.Application):
|
|||
elif sysname in ('FreeBSD', 'OpenBSD', 'NetBSD'):
|
||||
libc.setproctitle('gajim')
|
||||
|
||||
# Seed the OpenSSL pseudo random number generator from file and initialize
|
||||
if PYOPENSSL_PRNG_PRESENT:
|
||||
self.rng_seed = app.gajimpaths['RNG_SEED']
|
||||
# Seed from file
|
||||
try:
|
||||
OpenSSL.rand.load_file(self.rng_seed)
|
||||
except TypeError:
|
||||
OpenSSL.rand.load_file(self.rng_seed.encode('utf-8'))
|
||||
crypto.add_entropy_sources_OpenSSL()
|
||||
try:
|
||||
OpenSSL.rand.write_file(self.rng_seed)
|
||||
except TypeError:
|
||||
OpenSSL.rand.write_file(self.rng_seed.encode('utf-8'))
|
||||
|
||||
def sigint_cb(num, stack):
|
||||
print('SIGINT/SIGTERM received')
|
||||
self.quit()
|
||||
|
@ -249,12 +228,6 @@ class GajimApplication(Gtk.Application):
|
|||
|
||||
def do_shutdown(self, *args):
|
||||
Gtk.Application.do_shutdown(self)
|
||||
# Save the entropy from OpenSSL PRNG
|
||||
if PYOPENSSL_PRNG_PRESENT and self.rng_seed:
|
||||
try:
|
||||
OpenSSL.rand.write_file(self.rng_seed)
|
||||
except TypeError:
|
||||
OpenSSL.rand.write_file(self.rng_seed.encode('utf-8'))
|
||||
# Shutdown GUI and save config
|
||||
if hasattr(self.interface, 'roster') and self.interface.roster:
|
||||
self.interface.roster.prepare_quit()
|
||||
|
|
Loading…
Reference in New Issue