Yann Leboulanger pushed to branch master at gajim / python-nbxmpp
Commits:
0b77b07b by Philipp Hörist at 2017-11-22T18:03:18+01:00
Use os.urandom for random numbers
- - - - -
ef78e16c by Yann Leboulanger at 2017-11-22T22:50:11+01:00
Merge branch 'master' into 'master'
Use os.urandom for random numbers
See merge request gajim/python-nbxmpp!9
- - - - -
3 changed files:
- nbxmpp/auth_nb.py
- nbxmpp/bosh.py
- − nbxmpp/rndg.py
Changes:
=====================================
nbxmpp/auth_nb.py
=====================================
--- a/nbxmpp/auth_nb.py
+++ b/nbxmpp/auth_nb.py
@@ -29,6 +29,8 @@ from .protocol import Node, NodeProcessed, isResultNode, Iq,
Protocol, JID
from .plugin import PlugIn
import sys
import re
+import os
+import binascii
import base64
from . import dispatcher_nb
import hmac
@@ -37,8 +39,6 @@ import hashlib
import logging
log = logging.getLogger('nbxmpp.auth_nb')
-from . import rndg
-
def HH(some): return hashlib.md5(some).hexdigest()
def H(some): return hashlib.md5(some).digest()
def C(some): return b':'.join(some)
@@ -463,7 +463,7 @@ class SASL(PlugIn):
(isinstance(chal['qop'], list) and 'auth' in chal['qop'])):
self.resp = {'username': self.username,
'nonce': chal['nonce'],
- 'cnonce': '%x' % rndg.getrandbits(196),
+ 'cnonce': '%x' % int(binascii.hexlify(os.urandom(24)), 16),
'nc': ('00000001'), # ToDo: Is this a tupel or only a string?
'qop': 'auth',
'digest-uri': 'xmpp/' + self._owner.Server,
@@ -498,7 +498,7 @@ class SASL(PlugIn):
def set_password(self, password):
self.password = '' if password is None else password
if self.mechanism in ('SCRAM-SHA-1', 'SCRAM-SHA-1-PLUS'):
- self.client_nonce = '%x' % rndg.getrandbits(196)
+ self.client_nonce = '%x' % int(binascii.hexlify(os.urandom(24)),
16)
self.scram_soup = 'n=' + self.username + ',r=' + self.client_nonce
if self.mechanism == 'SCRAM-SHA-1':
if self.channel_binding is None:
=====================================
nbxmpp/bosh.py
=====================================
--- a/nbxmpp/bosh.py
+++ b/nbxmpp/bosh.py
@@ -17,7 +17,8 @@
## You should have received a copy of the GNU General Public License
## along with Gajim. If not, see <http://www.gnu.org/licenses/>.
-
+import os
+import binascii
import locale
from hashlib import sha1
from .transports_nb import NonBlockingTransport, NonBlockingHTTPBOSH,\
@@ -29,8 +30,6 @@ from .simplexml import Node
import logging
log = logging.getLogger('nbxmpp.bosh')
-from . import rndg
-
KEY_COUNT = 10
# Fake file descriptor - it's used for setting read_timeout in idlequeue for
@@ -486,11 +485,9 @@ class NonBlockingBOSH(NonBlockingTransport):
def get_rand_number():
- # with 50-bit random initial rid, session would have to go up
- # to 7881299347898368 messages to raise rid over 2**53
# (see http://www.xmpp.org/extensions/xep-0124.html#rids)
# it's also used for sequence key initialization
- return rndg.getrandbits(50)
+ return int(binascii.hexlify(os.urandom(6)), 16)
class AckChecker(object):
=====================================
nbxmpp/rndg.py deleted
=====================================
--- a/nbxmpp/rndg.py
+++ /dev/null
@@ -1,49 +0,0 @@
-## rndg.py
-##
-## cryptographically secure pseudo-random number generator.
-## When possible use OpenSSL PRNG combined with os.random,
-## if OpenSSL PRNG is not available, use only os.random.
-##
-## Copyright (C) 2013 Fedor Brunner <[email protected]>
-##
-## This file is part of Gajim.
-##
-## Gajim is free software; you can redistribute it and/or modify
-## it under the terms of the GNU General Public License as published
-## by the Free Software Foundation; version 3 only.
-##
-## Gajim is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-## GNU General Public License for more details.
-##
-## You should have received a copy of the GNU General Public License
-## along with Gajim. If not, see <http://www.gnu.org/licenses/>.
-
-USE_PYOPENSSL = False
-try:
- import OpenSSL.rand
- import binascii, os
- USE_PYOPENSSL = True
-except ImportError:
- import random
-
-if not USE_PYOPENSSL:
- getrandbits = random.SystemRandom().getrandbits
-else:
- def getrandbits(k):
- """getrandbits(k) -> x. Generates a long int with k random bits."""
- if k <= 0:
- raise ValueError('number of bits must be greater than zero')
- if k != int(k):
- raise TypeError('number of bits should be an integer')
-
- bytes = (k + 7) // 8 # bits / 8 and rounded up
-
- # Add system entropy to OpenSSL PRNG
- OpenSSL.rand.add(os.urandom(bytes), bytes)
- # Extract random bytes from OpenSSL PRNG
- random_str = OpenSSL.rand.bytes(bytes)
-
- x = int(binascii.hexlify(random_str), 16)
- return x >> (bytes * 8 - k) # trim excess bits
View it on GitLab:
https://dev.gajim.org/gajim/python-nbxmpp/compare/6807867b231ed7e25fbdbac364dae517e67ef3af...ef78e16c87afc84f481c567cccc4bff8731e690d
---
View it on GitLab:
https://dev.gajim.org/gajim/python-nbxmpp/compare/6807867b231ed7e25fbdbac364dae517e67ef3af...ef78e16c87afc84f481c567cccc4bff8731e690d
You're receiving this email because of your account on dev.gajim.org.
_______________________________________________
Commits mailing list
[email protected]
https://lists.gajim.org/cgi-bin/listinfo/commits
