From 25efc646152c3b9e3e4d2ffcd81ccb52055782f3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 27 Jul 2019 14:42:42 -0500 Subject: some test improvements (#4954) detect md5 and don't generate short RSA keys these changes will help if we actually try to run FIPS enabled --- tests/x509/test_x509.py | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index cd756b6b..20e23d5f 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -2184,6 +2184,10 @@ class TestCertificateBuilder(object): @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_rsa_with_md5(self, backend): private_key = RSA_KEY_2048.private_key(backend) builder = x509.CertificateBuilder() @@ -2205,6 +2209,10 @@ class TestCertificateBuilder(object): @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_dsa_with_md5(self, backend): private_key = DSA_KEY_2048.private_key(backend) builder = x509.CertificateBuilder() @@ -2226,6 +2234,10 @@ class TestCertificateBuilder(object): @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_ec_with_md5(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) private_key = EC_KEY_SECP256R1.private_key(backend) @@ -2891,6 +2903,10 @@ class TestCertificateSigningRequestBuilder(object): builder.sign(private_key, 'NotAHash', backend) @pytest.mark.requires_backend_interface(interface=RSABackend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_rsa_with_md5(self, backend): private_key = RSA_KEY_2048.private_key(backend) @@ -2903,6 +2919,10 @@ class TestCertificateSigningRequestBuilder(object): assert isinstance(request.signature_hash_algorithm, hashes.MD5) @pytest.mark.requires_backend_interface(interface=DSABackend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_dsa_with_md5(self, backend): private_key = DSA_KEY_2048.private_key(backend) builder = x509.CertificateSigningRequestBuilder().subject_name( @@ -2914,6 +2934,10 @@ class TestCertificateSigningRequestBuilder(object): builder.sign(private_key, hashes.MD5(), backend) @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) + @pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5()), + skip_message="Requires OpenSSL with MD5 support" + ) def test_sign_ec_with_md5(self, backend): _skip_curve_unsupported(backend, ec.SECP256R1()) private_key = EC_KEY_SECP256R1.private_key(backend) @@ -3375,7 +3399,7 @@ class TestCertificateSigningRequestBuilder(object): @pytest.mark.requires_backend_interface(interface=RSABackend) def test_rsa_key_too_small(self, backend): - private_key = rsa.generate_private_key(65537, 512, backend) + private_key = RSA_KEY_512.private_key(backend) builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, u'US')]) -- cgit v1.2.3