From e05b22e0d1b60e873f9c69c4b123378f243f7f76 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Wed, 12 Nov 2014 11:47:11 -0800 Subject: [PATCH] Skip some md5 related unit tests when running in fips mode --- test/units/TestUtils.py | 27 +++++++++++++++++++++------ test/units/TestVault.py | 13 ++++++++++++- 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/test/units/TestUtils.py b/test/units/TestUtils.py index 178eaae50c..3929ed0788 100644 --- a/test/units/TestUtils.py +++ b/test/units/TestUtils.py @@ -28,9 +28,18 @@ sys.setdefaultencoding("utf8") class TestUtils(unittest.TestCase): + def _is_fips(self): + try: + data = open('/proc/sys/crypto/fips_enabled').read().strip() + except: + return False + if data != '1': + return False + return True + def test_before_comment(self): ''' see if we can detect the part of a string before a comment. Used by INI parser in inventory ''' - + input = "before # comment" expected = "before " actual = ansible.utils.before_comment(input) @@ -357,10 +366,14 @@ class TestUtils(unittest.TestCase): dict(foo=dict(bar='qux'))) def test_md5s(self): + if self._is_fips(): + raise SkipTest('MD5 unavailable on FIPs enabled systems') self.assertEqual(ansible.utils.md5s('ansible'), '640c8a5376aa12fa15cf02130ce239a6') # Need a test that causes UnicodeEncodeError See 4221 def test_md5(self): + if self._is_fips(): + raise SkipTest('MD5 unavailable on FIPs enabled systems') self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cfg')), 'fb7b5b90ea63f04bde33e804b6fad42c') self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cf')), @@ -373,7 +386,7 @@ class TestUtils(unittest.TestCase): def test_checksum(self): self.assertEqual(ansible.utils.checksum(os.path.join(os.path.dirname(__file__), 'ansible.cfg')), '658b67c8ac7595adde7048425ff1f9aba270721a') - self.assertEqual(ansible.utils.md5(os.path.join(os.path.dirname(__file__), 'ansible.cf')), + self.assertEqual(ansible.utils.checksum(os.path.join(os.path.dirname(__file__), 'ansible.cf')), None) def test_default(self): @@ -443,10 +456,6 @@ class TestUtils(unittest.TestCase): hash = ansible.utils.do_encrypt('ansible', 'sha256_crypt') self.assertTrue(passlib.hash.sha256_crypt.verify('ansible', hash)) - hash = ansible.utils.do_encrypt('ansible', 'md5_crypt', salt_size=4) - self.assertTrue(passlib.hash.md5_crypt.verify('ansible', hash)) - - try: ansible.utils.do_encrypt('ansible', 'ansible') except ansible.errors.AnsibleError: @@ -454,6 +463,12 @@ class TestUtils(unittest.TestCase): else: raise AssertionError('Incorrect exception, expected AnsibleError') + def test_do_encrypt_md5(self): + if self._is_fips: + raise SkipTest('MD5 unavailable on FIPS systems') + hash = ansible.utils.do_encrypt('ansible', 'md5_crypt', salt_size=4) + self.assertTrue(passlib.hash.md5_crypt.verify('ansible', hash)) + def test_last_non_blank_line(self): self.assertEqual(ansible.utils.last_non_blank_line('a\n\nb\n\nc'), 'c') self.assertEqual(ansible.utils.last_non_blank_line(''), '') diff --git a/test/units/TestVault.py b/test/units/TestVault.py index 415d5c14aa..b720d72e84 100644 --- a/test/units/TestVault.py +++ b/test/units/TestVault.py @@ -36,6 +36,15 @@ except ImportError: class TestVaultLib(TestCase): + def _is_fips(self): + try: + data = open('/proc/sys/crypto/fips_enabled').read().strip() + except: + return False + if data != '1': + return False + return True + def test_methods_exist(self): v = VaultLib('ansible') slots = ['is_encrypted', @@ -77,6 +86,8 @@ class TestVaultLib(TestCase): assert v.version == "9.9" def test_encrypt_decrypt_aes(self): + if self._is_fips(): + raise SkipTest('MD5 not available on FIPS enabled systems') if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: raise SkipTest v = VaultLib('ansible') @@ -84,7 +95,7 @@ class TestVaultLib(TestCase): enc_data = v.encrypt("foobar") dec_data = v.decrypt(enc_data) assert enc_data != "foobar", "encryption failed" - assert dec_data == "foobar", "decryption failed" + assert dec_data == "foobar", "decryption failed" def test_encrypt_decrypt_aes256(self): if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: