use os.urandom instead of own cython openssl RAND_bytes wrapper, fixes #493

2015-12-18 21:05:59 +01:00 · 2015-12-18 21:05:59 +01:00 · 5607e5aefe
parent 3ade3d8a41
commit 5607e5aefe
4 changed files with 5 additions and 29 deletions
--- a/borg/crypto.pyx
+++ b/borg/crypto.pyx
@ -53,20 +53,6 @@ def num_aes_blocks(int length):
    return (length + 15) // 16


-def get_random_bytes(n):
-    """Return n cryptographically strong pseudo-random bytes
-    """
-    cdef unsigned char *buf = <unsigned char *>malloc(n)
-    if not buf:
-        raise MemoryError
-    try:
-        if RAND_bytes(buf, n) < 1:
-            raise Exception('RAND_bytes failed')
-        return buf[:n]
-    finally:
-        free(buf)
-
-
 cdef class AES:
    """A thin wrapper around the OpenSSL EVP cipher API
    """
--- a/borg/key.py
+++ b/borg/key.py
@ -11,7 +11,7 @@ from .helpers import IntegrityError, get_keys_dir, Error
 from .logger import create_logger
 logger = create_logger()

-from .crypto import get_random_bytes, AES, bytes_to_long, long_to_bytes, bytes_to_int, num_aes_blocks
+from .crypto import AES, bytes_to_long, long_to_bytes, bytes_to_int, num_aes_blocks
 from .compress import Compressor, COMPR_BUFFER
 import msgpack

@ -291,7 +291,7 @@ class KeyfileKeyBase(AESKeyBase):
            return data

    def encrypt_key_file(self, data, passphrase):
-        salt = get_random_bytes(32)
+        salt = os.urandom(32)
        iterations = 100000
        key = passphrase.kdf(salt, iterations, 32)
        hash = HMAC(key, data, sha256).digest()
@ -329,7 +329,7 @@ class KeyfileKeyBase(AESKeyBase):
        passphrase = Passphrase.new(allow_empty=True)
        key = cls(repository)
        key.repository_id = repository.id
-        key.init_from_random_data(get_random_bytes(100))
+        key.init_from_random_data(os.urandom(100))
        key.init_ciphers()
        target = key.get_new_target(args)
        key.save(target, passphrase)
--- a/borg/testsuite/benchmark.py
+++ b/borg/testsuite/benchmark.py
@ -40,13 +40,10 @@ def testdata(request, tmpdir_factory):
        # do not use a binary zero (\0) to avoid sparse detection
        data = lambda: b'0' * size
    if data_type == 'random':
-        rnd = open('/dev/urandom', 'rb')
-        data = lambda: rnd.read(size)
+        data = lambda: os.urandom(size)
    for i in range(count):
        with open(str(p.join(str(i))), "wb") as f:
            f.write(data())
-    if data_type == 'random':
-        rnd.close()
    yield str(p)
    p.remove(rec=1)

--- a/borg/testsuite/crypto.py
+++ b/borg/testsuite/crypto.py
@ -1,6 +1,6 @@
 from binascii import hexlify

-from ..crypto import AES, bytes_to_long, bytes_to_int, long_to_bytes, get_random_bytes
+from ..crypto import AES, bytes_to_long, bytes_to_int, long_to_bytes
 from . import BaseTestCase


@ -13,13 +13,6 @@ class CryptoTestCase(BaseTestCase):
        self.assert_equal(bytes_to_long(b'\0\0\0\0\0\0\0\1'), 1)
        self.assert_equal(long_to_bytes(1), b'\0\0\0\0\0\0\0\1')

-    def test_get_random_bytes(self):
-        bytes = get_random_bytes(10)
-        bytes2 = get_random_bytes(10)
-        self.assert_equal(len(bytes), 10)
-        self.assert_equal(len(bytes2), 10)
-        self.assert_not_equal(bytes, bytes2)
-
    def test_aes(self):
        key = b'X' * 32
        data = b'foo' * 10