[Git][gajim/gajim][master] PyOpenSSL removed rand module. Stop using it. Fixes #8731

Wed, 20 Sep 2017 02:41:08 -0700 

Yann Leboulanger pushed to branch master at gajim / gajim


Commits:
ab60bcbe by Yann Leboulanger at 2017-09-20T11:39:55+02:00
PyOpenSSL removed rand module. Stop using it. Fixes #8731

- - - - -


3 changed files:

- gajim/common/configpaths.py
- gajim/common/crypto.py
- gajim/gajim.py


Changes:

=====================================
gajim/common/configpaths.py
=====================================
--- a/gajim/common/configpaths.py
+++ b/gajim/common/configpaths.py
@@ -144,8 +144,7 @@ class ConfigPaths:
         d = {'LOG_DB': 'logs.db', 'MY_CACERTS': 'cacerts.pem',
             'MY_EMOTS': 'emoticons', 'MY_ICONSETS': 'iconsets',
             'MY_MOOD_ICONSETS': 'moods', 'MY_ACTIVITY_ICONSETS': 'activities',
-            'PLUGINS_USER': 'plugins',
-            'RNG_SEED': 'rng_seed'}
+            'PLUGINS_USER': 'plugins'}
         for name in d:
             d[name] += profile
             self.add(name, Type.DATA, windowsify(d[name]))


=====================================
gajim/common/crypto.py
=====================================
--- a/gajim/common/crypto.py
+++ b/gajim/common/crypto.py
@@ -76,54 +76,8 @@ def base28(n):
     else:
         return base28_chr[n]
 
-def add_entropy_sources_OpenSSL():
-    # Other possibly variable data. This are very low quality sources of
-    # entropy, but some of them are installation dependent and can be hard
-    # to guess for the attacker.
-    # Data available on all platforms Unix, Windows
-    sources = [sys.argv, sys.builtin_module_names,
-        sys.copyright, sys.getfilesystemencoding(), sys.hexversion,
-        sys.modules, sys.path, sys.version, sys.api_version,
-        os.environ, os.getcwd(), os.getpid()]
-
-    for s in sources:
-        OpenSSL.rand.add(str(s).encode('utf-8'), 1)
-
-    # On Windows add the current contents of the screen to the PRNG state.
-#    if os.name == 'nt':
-#        OpenSSL.rand.screen()
-    # The /proc filesystem on POSIX systems contains many random variables:
-    # memory statistics, interrupt counts, network packet counts
-    if os.name == 'posix':
-        dirs = ['/proc', '/proc/net', '/proc/self']
-        for d in dirs:
-            if os.access(d, os.R_OK):
-               for filename in os.listdir(d):
-                  OpenSSL.rand.add(filename.encode('utf-8'), 0)
-                  try:
-                     with open(d + os.sep + filename, "r") as fp:
-                         # Limit the ammount of read bytes, in case a memory
-                         # file was opened
-                         OpenSSL.rand.add(str(fp.read(5000)).encode('utf-8'),
-                             1)
-                  except:
-                      # Ignore all read and access errors
-                      pass
-
-PYOPENSSL_PRNG_PRESENT = False
-try:
-    import OpenSSL.rand
-    PYOPENSSL_PRNG_PRESENT = True
-except ImportError:
-    # PyOpenSSL PRNG not available
-    pass
-
 def random_bytes(bytes_):
-    if PYOPENSSL_PRNG_PRESENT:
-        OpenSSL.rand.add(os.urandom(bytes_), bytes_)
-        return OpenSSL.rand.bytes(bytes_)
-    else:
-        return os.urandom(bytes_)
+    return os.urandom(bytes_)
 
 def generate_nonce():
     return random_bytes(8)


=====================================
gajim/gajim.py
=====================================
--- a/gajim/gajim.py
+++ b/gajim/gajim.py
@@ -52,12 +52,6 @@ from gi.repository import GLib, Gio, Gtk
 from gajim.common import i18n
 from gajim.common import logging_helpers
 from gajim.common import crypto
-try:
-    PYOPENSSL_PRNG_PRESENT = True
-    import OpenSSL.rand
-except ImportError:
-    print('PyOpenSSL not available, impossible to generate entropy', 
file=sys.stderr)
-    PYOPENSSL_PRNG_PRESENT = False
 
 MIN_NBXMPP_VER = "0.5.6"
 
@@ -104,7 +98,6 @@ class GajimApplication(Gtk.Application):
         self.config_path = None
         self.profile_separation = False
         self.interface = None
-        self.rng_seed = None
 
         GLib.set_prgname('gajim')
         if GLib.get_application_name() != 'Gajim':
@@ -206,20 +199,6 @@ class GajimApplication(Gtk.Application):
             elif sysname in ('FreeBSD', 'OpenBSD', 'NetBSD'):
                 libc.setproctitle('gajim')
 
-        # Seed the OpenSSL pseudo random number generator from file and 
initialize
-        if PYOPENSSL_PRNG_PRESENT:
-            self.rng_seed = app.gajimpaths['RNG_SEED']
-            # Seed from file
-            try:
-                OpenSSL.rand.load_file(self.rng_seed)
-            except TypeError:
-                OpenSSL.rand.load_file(self.rng_seed.encode('utf-8'))
-            crypto.add_entropy_sources_OpenSSL()
-            try:
-                OpenSSL.rand.write_file(self.rng_seed)
-            except TypeError:
-                OpenSSL.rand.write_file(self.rng_seed.encode('utf-8'))
-
         def sigint_cb(num, stack):
             print('SIGINT/SIGTERM received')
             self.quit()
@@ -249,12 +228,6 @@ class GajimApplication(Gtk.Application):
 
     def do_shutdown(self, *args):
         Gtk.Application.do_shutdown(self)
-        # Save the entropy from OpenSSL PRNG
-        if PYOPENSSL_PRNG_PRESENT and self.rng_seed:
-            try:
-                OpenSSL.rand.write_file(self.rng_seed)
-            except TypeError:
-                OpenSSL.rand.write_file(self.rng_seed.encode('utf-8'))
         # Shutdown GUI and save config
         if hasattr(self.interface, 'roster') and self.interface.roster:
             self.interface.roster.prepare_quit()



View it on GitLab: 
https://dev.gajim.org/gajim/gajim/commit/ab60bcbe8510584e0b406c6d3f66b23befde532c

---
View it on GitLab: 
https://dev.gajim.org/gajim/gajim/commit/ab60bcbe8510584e0b406c6d3f66b23befde532c
You're receiving this email because of your account on dev.gajim.org.

_______________________________________________
Commits mailing list
[email protected]
https://lists.gajim.org/cgi-bin/listinfo/commits

Reply via email to