diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-07-27 14:42:42 -0500 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-07-27 15:42:42 -0400 |
commit | 25efc646152c3b9e3e4d2ffcd81ccb52055782f3 (patch) | |
tree | 5d37d581c3ea8c5c007f2e4c91dc119df8c93f7b /tests/x509 | |
parent | 784676de3381f039f95f998505d45fb9d56bd300 (diff) | |
download | cryptography-25efc646152c3b9e3e4d2ffcd81ccb52055782f3.tar.gz cryptography-25efc646152c3b9e3e4d2ffcd81ccb52055782f3.tar.bz2 cryptography-25efc646152c3b9e3e4d2ffcd81ccb52055782f3.zip |
some test improvements (#4954)
detect md5 and don't generate short RSA keys
these changes will help if we actually try to run FIPS enabled
Diffstat (limited to 'tests/x509')
-rw-r--r-- | tests/x509/test_x509.py | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index cd756b6b..20e23d5f 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -2184,6 +2184,10 @@ class TestCertificateBuilder(object): @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_rsa_with_md5(self, backend): private_key = RSA_KEY_2048.private_key(backend) builder = x509.CertificateBuilder() @@ -2205,6 +2209,10 @@ class TestCertificateBuilder(object): @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_dsa_with_md5(self, backend): private_key = DSA_KEY_2048.private_key(backend) builder = x509.CertificateBuilder() @@ -2226,6 +2234,10 @@ class TestCertificateBuilder(object): @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_ec_with_md5(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) private_key = EC_KEY_SECP256R1.private_key(backend) @@ -2891,6 +2903,10 @@ class TestCertificateSigningRequestBuilder(object): builder.sign(private_key, 'NotAHash', backend) @pytest.mark.requires_backend_interface(interface=RSABackend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_rsa_with_md5(self, backend): private_key = RSA_KEY_2048.private_key(backend) @@ -2903,6 +2919,10 @@ class TestCertificateSigningRequestBuilder(object): assert isinstance(request.signature_hash_algorithm, hashes.MD5) @pytest.mark.requires_backend_interface(interface=DSABackend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_dsa_with_md5(self, backend): private_key = DSA_KEY_2048.private_key(backend) builder = x509.CertificateSigningRequestBuilder().subject_name( @@ -2914,6 +2934,10 @@ class TestCertificateSigningRequestBuilder(object): builder.sign(private_key, hashes.MD5(), backend) @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_ec_with_md5(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) private_key = EC_KEY_SECP256R1.private_key(backend) @@ -3375,7 +3399,7 @@ class TestCertificateSigningRequestBuilder(object): @pytest.mark.requires_backend_interface(interface=RSABackend) def test_rsa_key_too_small(self, backend): - private_key = rsa.generate_private_key(65537, 512, backend) + private_key = RSA_KEY_512.private_key(backend) builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) |