mirror of https://github.com/borgbackup/borg.git
use os.urandom instead of own cython openssl RAND_bytes wrapper, fixes #493
This commit is contained in:
parent
3ade3d8a41
commit
5607e5aefe
|
@ -53,20 +53,6 @@ def num_aes_blocks(int length):
|
|||
return (length + 15) // 16
|
||||
|
||||
|
||||
def get_random_bytes(n):
|
||||
"""Return n cryptographically strong pseudo-random bytes
|
||||
"""
|
||||
cdef unsigned char *buf = <unsigned char *>malloc(n)
|
||||
if not buf:
|
||||
raise MemoryError
|
||||
try:
|
||||
if RAND_bytes(buf, n) < 1:
|
||||
raise Exception('RAND_bytes failed')
|
||||
return buf[:n]
|
||||
finally:
|
||||
free(buf)
|
||||
|
||||
|
||||
cdef class AES:
|
||||
"""A thin wrapper around the OpenSSL EVP cipher API
|
||||
"""
|
||||
|
|
|
@ -11,7 +11,7 @@ from .helpers import IntegrityError, get_keys_dir, Error
|
|||
from .logger import create_logger
|
||||
logger = create_logger()
|
||||
|
||||
from .crypto import get_random_bytes, AES, bytes_to_long, long_to_bytes, bytes_to_int, num_aes_blocks
|
||||
from .crypto import AES, bytes_to_long, long_to_bytes, bytes_to_int, num_aes_blocks
|
||||
from .compress import Compressor, COMPR_BUFFER
|
||||
import msgpack
|
||||
|
||||
|
@ -291,7 +291,7 @@ class KeyfileKeyBase(AESKeyBase):
|
|||
return data
|
||||
|
||||
def encrypt_key_file(self, data, passphrase):
|
||||
salt = get_random_bytes(32)
|
||||
salt = os.urandom(32)
|
||||
iterations = 100000
|
||||
key = passphrase.kdf(salt, iterations, 32)
|
||||
hash = HMAC(key, data, sha256).digest()
|
||||
|
@ -329,7 +329,7 @@ class KeyfileKeyBase(AESKeyBase):
|
|||
passphrase = Passphrase.new(allow_empty=True)
|
||||
key = cls(repository)
|
||||
key.repository_id = repository.id
|
||||
key.init_from_random_data(get_random_bytes(100))
|
||||
key.init_from_random_data(os.urandom(100))
|
||||
key.init_ciphers()
|
||||
target = key.get_new_target(args)
|
||||
key.save(target, passphrase)
|
||||
|
|
|
@ -40,13 +40,10 @@ def testdata(request, tmpdir_factory):
|
|||
# do not use a binary zero (\0) to avoid sparse detection
|
||||
data = lambda: b'0' * size
|
||||
if data_type == 'random':
|
||||
rnd = open('/dev/urandom', 'rb')
|
||||
data = lambda: rnd.read(size)
|
||||
data = lambda: os.urandom(size)
|
||||
for i in range(count):
|
||||
with open(str(p.join(str(i))), "wb") as f:
|
||||
f.write(data())
|
||||
if data_type == 'random':
|
||||
rnd.close()
|
||||
yield str(p)
|
||||
p.remove(rec=1)
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
from binascii import hexlify
|
||||
|
||||
from ..crypto import AES, bytes_to_long, bytes_to_int, long_to_bytes, get_random_bytes
|
||||
from ..crypto import AES, bytes_to_long, bytes_to_int, long_to_bytes
|
||||
from . import BaseTestCase
|
||||
|
||||
|
||||
|
@ -13,13 +13,6 @@ class CryptoTestCase(BaseTestCase):
|
|||
self.assert_equal(bytes_to_long(b'\0\0\0\0\0\0\0\1'), 1)
|
||||
self.assert_equal(long_to_bytes(1), b'\0\0\0\0\0\0\0\1')
|
||||
|
||||
def test_get_random_bytes(self):
|
||||
bytes = get_random_bytes(10)
|
||||
bytes2 = get_random_bytes(10)
|
||||
self.assert_equal(len(bytes), 10)
|
||||
self.assert_equal(len(bytes2), 10)
|
||||
self.assert_not_equal(bytes, bytes2)
|
||||
|
||||
def test_aes(self):
|
||||
key = b'X' * 32
|
||||
data = b'foo' * 10
|
||||
|
|
Loading…
Reference in New Issue