diff options
author | Yann Leboulanger <yann@leboulanger.org> | 2017-09-20 12:39:55 +0300 |
---|---|---|
committer | Yann Leboulanger <yann@leboulanger.org> | 2017-09-20 12:39:55 +0300 |
commit | ab60bcbe8510584e0b406c6d3f66b23befde532c (patch) | |
tree | cf174c0255dea5729a175bfbd2066bc961a59db7 | |
parent | f6deff2cd01fbb223ffbe2d78af364ac6d70ca54 (diff) |
PyOpenSSL removed rand module. Stop using it. Fixes #8731
-rw-r--r-- | gajim/common/configpaths.py | 3 | ||||
-rw-r--r-- | gajim/common/crypto.py | 48 | ||||
-rw-r--r-- | gajim/gajim.py | 27 |
3 files changed, 2 insertions, 76 deletions
diff --git a/gajim/common/configpaths.py b/gajim/common/configpaths.py index 20871109d..e0245f2cb 100644 --- a/gajim/common/configpaths.py +++ b/gajim/common/configpaths.py @@ -144,8 +144,7 @@ class ConfigPaths: d = {'LOG_DB': 'logs.db', 'MY_CACERTS': 'cacerts.pem', 'MY_EMOTS': 'emoticons', 'MY_ICONSETS': 'iconsets', 'MY_MOOD_ICONSETS': 'moods', 'MY_ACTIVITY_ICONSETS': 'activities', - 'PLUGINS_USER': 'plugins', - 'RNG_SEED': 'rng_seed'} + 'PLUGINS_USER': 'plugins'} for name in d: d[name] += profile self.add(name, Type.DATA, windowsify(d[name])) diff --git a/gajim/common/crypto.py b/gajim/common/crypto.py index 2e99cde1a..b0f59de3b 100644 --- a/gajim/common/crypto.py +++ b/gajim/common/crypto.py @@ -76,54 +76,8 @@ def base28(n): else: return base28_chr[n] -def add_entropy_sources_OpenSSL(): - # Other possibly variable data. This are very low quality sources of - # entropy, but some of them are installation dependent and can be hard - # to guess for the attacker. - # Data available on all platforms Unix, Windows - sources = [sys.argv, sys.builtin_module_names, - sys.copyright, sys.getfilesystemencoding(), sys.hexversion, - sys.modules, sys.path, sys.version, sys.api_version, - os.environ, os.getcwd(), os.getpid()] - - for s in sources: - OpenSSL.rand.add(str(s).encode('utf-8'), 1) - - # On Windows add the current contents of the screen to the PRNG state. -# if os.name == 'nt': -# OpenSSL.rand.screen() - # The /proc filesystem on POSIX systems contains many random variables: - # memory statistics, interrupt counts, network packet counts - if os.name == 'posix': - dirs = ['/proc', '/proc/net', '/proc/self'] - for d in dirs: - if os.access(d, os.R_OK): - for filename in os.listdir(d): - OpenSSL.rand.add(filename.encode('utf-8'), 0) - try: - with open(d + os.sep + filename, "r") as fp: - # Limit the ammount of read bytes, in case a memory - # file was opened - OpenSSL.rand.add(str(fp.read(5000)).encode('utf-8'), - 1) - except: - # Ignore all read and access errors - pass - -PYOPENSSL_PRNG_PRESENT = False -try: - import OpenSSL.rand - PYOPENSSL_PRNG_PRESENT = True -except ImportError: - # PyOpenSSL PRNG not available - pass - def random_bytes(bytes_): - if PYOPENSSL_PRNG_PRESENT: - OpenSSL.rand.add(os.urandom(bytes_), bytes_) - return OpenSSL.rand.bytes(bytes_) - else: - return os.urandom(bytes_) + return os.urandom(bytes_) def generate_nonce(): return random_bytes(8) diff --git a/gajim/gajim.py b/gajim/gajim.py index a3dd77267..1cf67ba64 100644 --- a/gajim/gajim.py +++ b/gajim/gajim.py @@ -52,12 +52,6 @@ from gi.repository import GLib, Gio, Gtk from gajim.common import i18n from gajim.common import logging_helpers from gajim.common import crypto -try: - PYOPENSSL_PRNG_PRESENT = True - import OpenSSL.rand -except ImportError: - print('PyOpenSSL not available, impossible to generate entropy', file=sys.stderr) - PYOPENSSL_PRNG_PRESENT = False MIN_NBXMPP_VER = "0.5.6" @@ -104,7 +98,6 @@ class GajimApplication(Gtk.Application): self.config_path = None self.profile_separation = False self.interface = None - self.rng_seed = None GLib.set_prgname('gajim') if GLib.get_application_name() != 'Gajim': @@ -206,20 +199,6 @@ class GajimApplication(Gtk.Application): elif sysname in ('FreeBSD', 'OpenBSD', 'NetBSD'): libc.setproctitle('gajim') - # Seed the OpenSSL pseudo random number generator from file and initialize - if PYOPENSSL_PRNG_PRESENT: - self.rng_seed = app.gajimpaths['RNG_SEED'] - # Seed from file - try: - OpenSSL.rand.load_file(self.rng_seed) - except TypeError: - OpenSSL.rand.load_file(self.rng_seed.encode('utf-8')) - crypto.add_entropy_sources_OpenSSL() - try: - OpenSSL.rand.write_file(self.rng_seed) - except TypeError: - OpenSSL.rand.write_file(self.rng_seed.encode('utf-8')) - def sigint_cb(num, stack): print('SIGINT/SIGTERM received') self.quit() @@ -249,12 +228,6 @@ class GajimApplication(Gtk.Application): def do_shutdown(self, *args): Gtk.Application.do_shutdown(self) - # Save the entropy from OpenSSL PRNG - if PYOPENSSL_PRNG_PRESENT and self.rng_seed: - try: - OpenSSL.rand.write_file(self.rng_seed) - except TypeError: - OpenSSL.rand.write_file(self.rng_seed.encode('utf-8')) # Shutdown GUI and save config if hasattr(self.interface, 'roster') and self.interface.roster: self.interface.roster.prepare_quit() |