Pre-patch test proving security flaw re: 32bit key hash comparisons

author: Jeff Forcier <jeff@bitprophet.org> 2021-11-27 22:13:23 -0500
committer: Jeff Forcier <jeff@bitprophet.org> 2021-11-28 20:24:17 -0500
commit: aca7613171937334c47377faf0cf2e4a9126c0d4 (patch)
tree: 37d8fa745f98ffeb3efba2ae8c36a6f7046c3b5d /tests/util.py
parent: f4b5ce36e75a2aca2b11ef54b0ce04e1188f667c (diff)
download: paramiko-aca7613171937334c47377faf0cf2e4a9126c0d4.tar.gz
1 files changed, 18 insertions, 1 deletions
diff --git a/tests/util.py b/tests/util.py
index 9057f516..1355ce8a 100644
--- a/tests/util.py
+++ b/tests/util.py
@@ -1,11 +1,12 @@
 from os.path import dirname, realpath, join
 import os
+import struct
 import sys
 import unittest
 
 import pytest
 
-from paramiko.py3compat import builtins
+from paramiko.py3compat import builtins, PY2
 from paramiko.ssh_gss import GSS_AUTH_AVAILABLE
 
 
@@ -127,3 +128,19 @@ def k5shell(args=None):
     if not args:
         args = [os.environ.get("SHELL", "bash")]
     sys.exit(subprocess.call(args))
+
+
+def is_low_entropy():
+    """
+    Attempts to detect whether running interpreter is low-entropy.
+
+    Classified as being in 32-bit mode under Python 2, or 32-bit mode and with
+    the hash seed set to zero under Python 3.
+    """
+    is_32bit = struct.calcsize("P") == 32 / 8
+    if PY2:
+        return is_32bit
+    else:
+        # I don't see a way to tell internally if the hash seed was set this
+        # way, but env should be plenty sufficient, this is only for testing.
+        return is_32bit and os.environ.get("PYTHONHASHSEED", None) == "0"
author	Jeff Forcier <jeff@bitprophet.org>	2021-11-27 22:13:23 -0500
committer	Jeff Forcier <jeff@bitprophet.org>	2021-11-28 20:24:17 -0500
commit	aca7613171937334c47377faf0cf2e4a9126c0d4 (patch)
tree	37d8fa745f98ffeb3efba2ae8c36a6f7046c3b5d /tests/util.py
parent	f4b5ce36e75a2aca2b11ef54b0ce04e1188f667c (diff)
download	paramiko-aca7613171937334c47377faf0cf2e4a9126c0d4.tar.gz