5 files changed, 19 insertions, 9 deletions

diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
index d261c8f215..7c7596f193 100644
--- a/test/openssl/test_pkey_dh.rb
+++ b/test/openssl/test_pkey_dh.rb
@@ -3,15 +3,19 @@ require_relative 'utils'
 if defined?(OpenSSL)
 
 class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+
+  # improve test performance for non-FIPS installations
+  NEW_KEYLEN = OpenSSL::OPENSSL_FIPS ? 1024 : 256
+
   def test_new
-    dh = OpenSSL::PKey::DH.new(1024)
+    dh = OpenSSL::PKey::DH.new(NEW_KEYLEN)
     assert_key(dh)
   end
 
   def test_new_break
-    assert_nil(OpenSSL::PKey::DH.new(1024) { break })
+    assert_nil(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break })
     assert_raises(RuntimeError) do
-      OpenSSL::PKey::DH.new(1024) { raise }
+      OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise }
     end
   end
 
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
index 80c31f4d13..1c47b2b42b 100644
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@@ -39,8 +39,10 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
 
     sha1 = OpenSSL::Digest::SHA1.new
     dss1 = OpenSSL::Digest::DSS1.new
+    dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new
+
     [
-      [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dss1], [@dsa512, dss1],
+      [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest]
     ].each{|pk, digest|
       cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts,
                         nil, nil, digest)
@@ -145,7 +147,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase
     assert_equal(false, cert.verify(@rsa2048))
 
     cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
-                      nil, nil, OpenSSL::Digest::DSS1.new)
+                      nil, nil, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
     assert_equal(false, certificate_error_returns_false { cert.verify(@rsa1024) })
     assert_equal(false, certificate_error_returns_false { cert.verify(@rsa2048) })
     assert_equal(false, cert.verify(@dsa256))
diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb
index 56508e0a12..c321c00083 100644
--- a/test/openssl/test_x509crl.rb
+++ b/test/openssl/test_x509crl.rb
@@ -198,9 +198,9 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase
     assert_equal(false, crl.verify(@rsa2048))
 
     cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
-                      nil, nil, OpenSSL::Digest::DSS1.new)
+                      nil, nil, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
     crl = issue_crl([], 1, Time.now, Time.now+1600, [],
-                    cert, @dsa512, OpenSSL::Digest::DSS1.new)
+                    cert, @dsa512, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
     assert_equal(false, crl_error_returns_false { crl.verify(@rsa1024) })
     assert_equal(false, crl_error_returns_false { crl.verify(@rsa2048) })
     assert_equal(false, crl.verify(@dsa256))
diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb
index 882a1d7356..e6c89c5e81 100644
--- a/test/openssl/test_x509req.rb
+++ b/test/openssl/test_x509req.rb
@@ -26,7 +26,7 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
     req = OpenSSL::X509::Request.new(req.to_der)
     assert_equal(@rsa1024.public_key.to_der, req.public_key.to_der)
 
-    req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
+    req = issue_csr(0, @dn, @dsa512, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
     assert_equal(@dsa512.public_key.to_der, req.public_key.to_der)
     req = OpenSSL::X509::Request.new(req.to_der)
     assert_equal(@dsa512.public_key.to_der, req.public_key.to_der)
@@ -115,7 +115,7 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase
     req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
     assert_equal(false, req.verify(@rsa2048))
 
-    req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
+    req = issue_csr(0, @dn, @dsa512, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
     assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
     assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
     assert_equal(false, req.verify(@dsa256))
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index f95179636c..ae33aa998c 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -109,6 +109,10 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
 
   TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)
 
+  DSA_SIGNATURE_DIGEST = OpenSSL::OPENSSL_FIPS ? 
+                         OpenSSL::Digest::SHA1 :
+                         OpenSSL::Digest::DSS1
+
   module_function
 
   def issue_cert(dn, key, serial, not_before, not_after, extensions,