diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-02-25 18:23:10 +0200 |
---|---|---|
committer | Matěj Cepl <mcepl@cepl.eu> | 2015-10-13 15:23:06 +0200 |
commit | 421056c6b346afd717e7de5a449fc860ae4a6139 (patch) | |
tree | 901679b4ddd13b76f4823e89485c995f68768ae5 /tests/test_rsa.py | |
parent | a4e8e60f95ce6b2c1e4bc5d804d6521392bfa66b (diff) | |
download | m2crypto-421056c6b346afd717e7de5a449fc860ae4a6139.tar.gz |
Fix M2Crypto in FIPS mode.
More comments and rationale is at
https://bugzilla.redhat.com/show_bug.cgi?id=565662
* Some algorithms are not available in FIPS mode, in particular MD5.
* Ignoring the error returned by HMAC_Init IIRC results in a NULL
deference.
* FIPS mode prohibits 512-bit RSA keys, so the tests have to increase
the key length.
* MD5 is prohibited in FIPS mode, had to use a different algorithm (and
different known answers) for testing HMAC.
* RC4 is unavailable in FIPS mode. Should probably use @unittest.skip
nowadays.
* The same goes for RIPEMD-160
Diffstat (limited to 'tests/test_rsa.py')
-rw-r--r-- | tests/test_rsa.py | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/tests/test_rsa.py b/tests/test_rsa.py index e2e61f5..f939527 100644 --- a/tests/test_rsa.py +++ b/tests/test_rsa.py @@ -12,6 +12,8 @@ except ImportError: from M2Crypto import RSA, BIO, Rand, m2, EVP, X509 +from fips import fips_mode + class RSATestCase(unittest.TestCase): errkey = 'tests/dsa.priv.pem' @@ -191,9 +193,10 @@ class RSATestCase(unittest.TestCase): else: import hashlib - algos = {'sha1': 43, - 'ripemd160': 43, - 'md5': 47} + algos = {'sha1': 43} + if not fips_mode: + algos['md5'] = 47 + algos['ripemd160'] = 43 if m2.OPENSSL_VERSION_NUMBER >= 0x90800F: algos['sha224'] = 35 @@ -221,7 +224,7 @@ class RSATestCase(unittest.TestCase): """ rsa = RSA.load_key(self.privkey) message = "This is the message string" - digest = md5.md5(message).digest() + digest = 'a' * 16 self.assertRaises(ValueError, rsa.sign, digest, 'bad_digest_method') @@ -231,7 +234,7 @@ class RSATestCase(unittest.TestCase): """ rsa = RSA.load_key(self.privkey) message = "This is the message string" - digest = md5.md5(message).digest() + digest = 'a' * 16 signature = rsa.sign(digest, 'sha1') self.assertRaises(ValueError, rsa.verify, digest, signature, 'bad_digest_method') |