diff options
author | Jeff Forcier <jeff@bitprophet.org> | 2021-11-27 22:13:23 -0500 |
---|---|---|
committer | Jeff Forcier <jeff@bitprophet.org> | 2021-11-28 20:24:17 -0500 |
commit | aca7613171937334c47377faf0cf2e4a9126c0d4 (patch) | |
tree | 37d8fa745f98ffeb3efba2ae8c36a6f7046c3b5d /tests/util.py | |
parent | f4b5ce36e75a2aca2b11ef54b0ce04e1188f667c (diff) | |
download | paramiko-aca7613171937334c47377faf0cf2e4a9126c0d4.tar.gz |
Pre-patch test proving security flaw re: 32bit key hash comparisons
Diffstat (limited to 'tests/util.py')
-rw-r--r-- | tests/util.py | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/tests/util.py b/tests/util.py index 9057f516..1355ce8a 100644 --- a/tests/util.py +++ b/tests/util.py @@ -1,11 +1,12 @@ from os.path import dirname, realpath, join import os +import struct import sys import unittest import pytest -from paramiko.py3compat import builtins +from paramiko.py3compat import builtins, PY2 from paramiko.ssh_gss import GSS_AUTH_AVAILABLE @@ -127,3 +128,19 @@ def k5shell(args=None): if not args: args = [os.environ.get("SHELL", "bash")] sys.exit(subprocess.call(args)) + + +def is_low_entropy(): + """ + Attempts to detect whether running interpreter is low-entropy. + + Classified as being in 32-bit mode under Python 2, or 32-bit mode and with + the hash seed set to zero under Python 3. + """ + is_32bit = struct.calcsize("P") == 32 / 8 + if PY2: + return is_32bit + else: + # I don't see a way to tell internally if the hash seed was set this + # way, but env should be plenty sufficient, this is only for testing. + return is_32bit and os.environ.get("PYTHONHASHSEED", None) == "0" |