Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

use os.urandom instead of own cython openssl RAND_bytes wrapper, fixes #493

Thomas Waldmann 9 years ago
parent
3ade3d8a41
commit
5607e5aefe
4 changed files with 5 additions and 29 deletions
Split View Show Diff Stats
  1. 0 14
      borg/crypto.pyx
  2. 3 3
      borg/key.py
  3. 1 4
      borg/testsuite/benchmark.py
  4. 1 8
      borg/testsuite/crypto.py

+ 0 - 14
borg/crypto.pyx
View File 

@@ -53,20 +53,6 @@ def num_aes_blocks(int length):
 
     return (length + 15) // 16
 
 
 
-def get_random_bytes(n):
 
-    """Return n cryptographically strong pseudo-random bytes
 
-    """
 
-    cdef unsigned char *buf = <unsigned char *>malloc(n)
 
-    if not buf:
 
-        raise MemoryError
 
-    try:
 
-        if RAND_bytes(buf, n) < 1:
 
-            raise Exception('RAND_bytes failed')
 
-        return buf[:n]
 
-    finally:
 
-        free(buf)
 
-
 
-
 
 cdef class AES:
 
     """A thin wrapper around the OpenSSL EVP cipher API
 
     """

+ 3 - 3
borg/key.py
View File 

@@ -11,7 +11,7 @@ from .helpers import IntegrityError, get_keys_dir, Error
 
 from .logger import create_logger
 
 logger = create_logger()
 
 
-from .crypto import get_random_bytes, AES, bytes_to_long, long_to_bytes, bytes_to_int, num_aes_blocks
 
+from .crypto import AES, bytes_to_long, long_to_bytes, bytes_to_int, num_aes_blocks
 
 from .compress import Compressor, COMPR_BUFFER
 
 import msgpack
 
 
@@ -291,7 +291,7 @@ class KeyfileKeyBase(AESKeyBase):
 
             return data
 
 
     def encrypt_key_file(self, data, passphrase):
 
-        salt = get_random_bytes(32)
 
+        salt = os.urandom(32)
 
         iterations = 100000
 
         key = passphrase.kdf(salt, iterations, 32)
 
         hash = HMAC(key, data, sha256).digest()
 
@@ -329,7 +329,7 @@ class KeyfileKeyBase(AESKeyBase):
 
         passphrase = Passphrase.new(allow_empty=True)
 
         key = cls(repository)
 
         key.repository_id = repository.id
 
-        key.init_from_random_data(get_random_bytes(100))
 
+        key.init_from_random_data(os.urandom(100))
 
         key.init_ciphers()
 
         target = key.get_new_target(args)
 
         key.save(target, passphrase)

+ 1 - 4
borg/testsuite/benchmark.py
View File 

@@ -40,13 +40,10 @@ def testdata(request, tmpdir_factory):
 
         # do not use a binary zero (\0) to avoid sparse detection
 
         data = lambda: b'0' * size
 
     if data_type == 'random':
 
-        rnd = open('/dev/urandom', 'rb')
 
-        data = lambda: rnd.read(size)
 
+        data = lambda: os.urandom(size)
 
     for i in range(count):
 
         with open(str(p.join(str(i))), "wb") as f:
 
             f.write(data())
 
-    if data_type == 'random':
 
-        rnd.close()
 
     yield str(p)
 
     p.remove(rec=1)

+ 1 - 8
borg/testsuite/crypto.py
View File 

@@ -1,6 +1,6 @@
 
 from binascii import hexlify
 
 
-from ..crypto import AES, bytes_to_long, bytes_to_int, long_to_bytes, get_random_bytes
 
+from ..crypto import AES, bytes_to_long, bytes_to_int, long_to_bytes
 
 from . import BaseTestCase
 
 
 
@@ -13,13 +13,6 @@ class CryptoTestCase(BaseTestCase):
 
         self.assert_equal(bytes_to_long(b'\0\0\0\0\0\0\0\1'), 1)
 
         self.assert_equal(long_to_bytes(1), b'\0\0\0\0\0\0\0\1')
 
 
-    def test_get_random_bytes(self):
 
-        bytes = get_random_bytes(10)
 
-        bytes2 = get_random_bytes(10)
 
-        self.assert_equal(len(bytes), 10)
 
-        self.assert_equal(len(bytes2), 10)
 
-        self.assert_not_equal(bytes, bytes2)
 
-
 
     def test_aes(self):
 
         key = b'X' * 32
 
         data = b'foo' * 10