Fix M2Crypto in FIPS mode.

More comments and rationale is at https://bugzilla.redhat.com/show_bug.cgi?id=565662 * Some algorithms are not available in FIPS mode, in particular MD5. * Ignoring the error returned by HMAC_Init IIRC results in a NULL deference. * FIPS mode prohibits 512-bit RSA keys, so the tests have to increase the key length. * MD5 is prohibited in FIPS mode, had to use a different algorithm (and different known answers) for testing HMAC. * RC4 is unavailable in FIPS mode. Should probably use @unittest.skip nowadays. * The same goes for RIPEMD-160
author: Miloslav Trmač <mitr@redhat.com> 2010-02-25 18:23:10 +0200
committer: Matěj Cepl <mcepl@cepl.eu> 2015-10-13 15:23:06 +0200
commit: 421056c6b346afd717e7de5a449fc860ae4a6139 (patch)
tree: 901679b4ddd13b76f4823e89485c995f68768ae5 /tests/test_rsa.py
parent: a4e8e60f95ce6b2c1e4bc5d804d6521392bfa66b (diff)
download: m2crypto-421056c6b346afd717e7de5a449fc860ae4a6139.tar.gz
1 files changed, 8 insertions, 5 deletions
diff --git a/tests/test_rsa.py b/tests/test_rsa.py
index e2e61f5..f939527 100644
--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
@@ -12,6 +12,8 @@ except ImportError:
 
 from M2Crypto import RSA, BIO, Rand, m2, EVP, X509
 
+from fips import fips_mode
+
 class RSATestCase(unittest.TestCase):
 
     errkey = 'tests/dsa.priv.pem'
@@ -191,9 +193,10 @@ class RSATestCase(unittest.TestCase):
         
             else:
                 import hashlib
-                algos = {'sha1': 43, 
-                         'ripemd160': 43,
-                         'md5': 47}
+                algos = {'sha1': 43}
+                if not fips_mode:
+                    algos['md5'] = 47
+                    algos['ripemd160'] = 43
         
                 if m2.OPENSSL_VERSION_NUMBER >= 0x90800F:
                     algos['sha224'] = 35
@@ -221,7 +224,7 @@ class RSATestCase(unittest.TestCase):
         """
         rsa = RSA.load_key(self.privkey)
         message = "This is the message string"
-        digest = md5.md5(message).digest() 
+        digest = 'a' * 16
         self.assertRaises(ValueError, rsa.sign, 
                           digest, 'bad_digest_method') 
     
@@ -231,7 +234,7 @@ class RSATestCase(unittest.TestCase):
         """
         rsa = RSA.load_key(self.privkey)
         message = "This is the message string"
-        digest = md5.md5(message).digest() 
+        digest = 'a' * 16
         signature = rsa.sign(digest, 'sha1')
         self.assertRaises(ValueError, rsa.verify,
                           digest, signature, 'bad_digest_method')
author	Miloslav Trmač <mitr@redhat.com>	2010-02-25 18:23:10 +0200
committer	Matěj Cepl <mcepl@cepl.eu>	2015-10-13 15:23:06 +0200
commit	421056c6b346afd717e7de5a449fc860ae4a6139 (patch)
tree	901679b4ddd13b76f4823e89485c995f68768ae5 /tests/test_rsa.py
parent	a4e8e60f95ce6b2c1e4bc5d804d6521392bfa66b (diff)
download	m2crypto-421056c6b346afd717e7de5a449fc860ae4a6139.tar.gz