Switch from using PyCrypto's Random to using os.urandom.

There's several reasons for this change: 1) It's faster for reads up to 1024 bytes (nearly 10x faster for 16 byte reads) 2) It receives considerably more security review since it's in the kernel. 3) It's yet another step towards running on PyPy. 4) Using userspace CSPRNGs is considered something of an anti-pattern. See: http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ http://webcache.googleusercontent.com/search?q=cache:2nTvpCgKZXIJ:www.2uo.de/myths-about-urandom/+&cd=3&hl=en&ct=clnk&gl=us
author: Alex Gaynor <alex.gaynor@gmail.com> 2014-03-29 19:22:36 -0700
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-03-29 19:22:36 -0700
commit: 6f211115f49edcea7d23b764d7cf3a84ff12f5f0 (patch)
tree: 093859d4a75d3ccb361974439f61a01e7dc2b2b4 /tests
parent: 5a430def22aa5cbd755f347c8714e4140d6cdcab (diff)
3 files changed, 16 insertions, 20 deletions
diff --git a/tests/test_kex.py b/tests/test_kex.py
index c522be46..56f1b7c7 100644
--- a/tests/test_kex.py
+++ b/tests/test_kex.py
@@ -21,7 +21,9 @@ Some unit tests for the key exchange protocols.
 """
 
 from binascii import hexlify
+import os
 import unittest
+
 import paramiko.util
 from paramiko.kex_group1 import KexGroup1
 from paramiko.kex_gex import KexGex
@@ -29,9 +31,8 @@ from paramiko import Message
 from paramiko.common import byte_chr
 
 
-class FakeRng (object):
-    def read(self, n):
-        return byte_chr(0xcc) * n
+def dummy_urandom(n):
+    return byte_chr(0xcc) * n
 
 
 class FakeKey (object):
@@ -41,7 +42,7 @@ class FakeKey (object):
     def asbytes(self):
         return b'fake-key'
 
-    def sign_ssh_data(self, rng, H):
+    def sign_ssh_data(self, H):
         return b'fake-sig'
 
 
@@ -53,8 +54,7 @@ class FakeModulusPack (object):
         return self.G, self.P
 
 
-class FakeTransport (object):
-    rng = FakeRng()
+class FakeTransport(object):
     local_version = 'SSH-2.0-paramiko_1.0'
     remote_version = 'SSH-2.0-lame'
     local_kex_init = 'local-kex-init'
@@ -91,10 +91,11 @@ class KexTest (unittest.TestCase):
     K = 14730343317708716439807310032871972459448364195094179797249681733965528989482751523943515690110179031004049109375612685505881911274101441415545039654102474376472240501616988799699744135291070488314748284283496055223852115360852283821334858541043710301057312858051901453919067023103730011648890038847384890504
 
     def setUp(self):
-        pass
+        self._original_urandom = os.urandom
+        os.urandom = dummy_urandom
 
     def tearDown(self):
-        pass
+        os.urandom = self._original_urandom
 
     def test_1_group1_client(self):
         transport = FakeTransport()
diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index 6ff68fc2..b0ceefe7 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -22,9 +22,10 @@ Some unit tests for public/private key objects.
 
 from binascii import hexlify
 import unittest
+
 from paramiko import RSAKey, DSSKey, ECDSAKey, Message, util
 from paramiko.py3compat import StringIO, byte_chr, b, bytes
-from paramiko.common import rng
+
 from tests.util import test_path
 
 # from openssh's ssh-keygen
@@ -166,7 +167,7 @@ class KeyTest (unittest.TestCase):
     def test_8_sign_rsa(self):
         # verify that the rsa private key can sign and verify
         key = RSAKey.from_private_key_file(test_path('test_rsa.key'))
-        msg = key.sign_ssh_data(rng, b'ice weasels')
+        msg = key.sign_ssh_data(b'ice weasels')
         self.assertTrue(type(msg) is Message)
         msg.rewind()
         self.assertEqual('ssh-rsa', msg.get_text())
@@ -179,7 +180,7 @@ class KeyTest (unittest.TestCase):
     def test_9_sign_dss(self):
         # verify that the dss private key can sign and verify
         key = DSSKey.from_private_key_file(test_path('test_dss.key'))
-        msg = key.sign_ssh_data(rng, b'ice weasels')
+        msg = key.sign_ssh_data(b'ice weasels')
         self.assertTrue(type(msg) is Message)
         msg.rewind()
         self.assertEqual('ssh-dss', msg.get_text())
@@ -193,13 +194,13 @@ class KeyTest (unittest.TestCase):
 
     def test_A_generate_rsa(self):
         key = RSAKey.generate(1024)
-        msg = key.sign_ssh_data(rng, b'jerri blank')
+        msg = key.sign_ssh_data(b'jerri blank')
         msg.rewind()
         self.assertTrue(key.verify_ssh_sig(b'jerri blank', msg))
 
     def test_B_generate_dss(self):
         key = DSSKey.generate(1024)
-        msg = key.sign_ssh_data(rng, b'jerri blank')
+        msg = key.sign_ssh_data(b'jerri blank')
         msg.rewind()
         self.assertTrue(key.verify_ssh_sig(b'jerri blank', msg))
 
@@ -240,7 +241,7 @@ class KeyTest (unittest.TestCase):
     def test_13_sign_ecdsa(self):
         # verify that the rsa private key can sign and verify
         key = ECDSAKey.from_private_key_file(test_path('test_ecdsa.key'))
-        msg = key.sign_ssh_data(rng, b'ice weasels')
+        msg = key.sign_ssh_data(b'ice weasels')
         self.assertTrue(type(msg) is Message)
         msg.rewind()
         self.assertEqual('ecdsa-sha2-nistp256', msg.get_text())
diff --git a/tests/test_util.py b/tests/test_util.py
index 6bde4045..d3911f49 100644
--- a/tests/test_util.py
+++ b/tests/test_util.py
@@ -153,12 +153,6 @@ class UtilTest(ParamikoTest):
         finally:
             os.unlink('hostfile.temp')
 
-    def test_6_random(self):
-        from paramiko.common import rng
-        # just verify that we can pull out 32 bytes and not get an exception.
-        x = rng.read(32)
-        self.assertEqual(len(x), 32)
-
     def test_7_host_config_expose_issue_33(self):
         test_config_file = """
 Host www13.*
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-03-29 19:22:36 -0700
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-03-29 19:22:36 -0700
commit	6f211115f49edcea7d23b764d7cf3a84ff12f5f0 (patch)
tree	093859d4a75d3ccb361974439f61a01e7dc2b2b4 /tests
parent	5a430def22aa5cbd755f347c8714e4140d6cdcab (diff)