Some changes to FIPS compat since SLES implements it differently

This commit is contained in:
Toshio Kuratomi 2014-11-11 20:23:03 -08:00
parent d4d23b1b1f
commit 9a7eb57718
2 changed files with 16 additions and 2 deletions

View file

@ -95,7 +95,11 @@ except ImportError:
try: try:
from hashlib import md5 as _md5 from hashlib import md5 as _md5
except ImportError: except ImportError:
from md5 import md5 as _md5 try:
from md5 import md5 as _md5
except ImportError:
# MD5 unavailable. Possibly FIPS mode
_md5 = None
try: try:
from hashlib import sha256 as _sha256 from hashlib import sha256 as _sha256
@ -1248,6 +1252,8 @@ class AnsibleModule(object):
Most uses of this function can use the module.sha1 function instead. Most uses of this function can use the module.sha1 function instead.
''' '''
if not _md5:
raise ValueError('MD5 not available. Possibly running in FIPS mode')
return self.digest_from_file(filename, _md5()) return self.digest_from_file(filename, _md5())
def sha1(self, filename): def sha1(self, filename):

View file

@ -79,7 +79,11 @@ except ImportError:
try: try:
from hashlib import md5 as _md5 from hashlib import md5 as _md5
except ImportError: except ImportError:
from md5 import md5 as _md5 try:
from md5 import md5 as _md5
except ImportError:
# Assume we're running in FIPS mode here
_md5 = None
PASSLIB_AVAILABLE = False PASSLIB_AVAILABLE = False
try: try:
@ -870,9 +874,13 @@ checksum_s = secure_hash_s
# #
# MD5 will not work on systems which are FIPS-140-2 compliant. # MD5 will not work on systems which are FIPS-140-2 compliant.
def md5s(data): def md5s(data):
if not _md5:
raise ValueError('MD5 not available. Possibly running in FIPS mode')
return secure_hash_s(data, _md5) return secure_hash_s(data, _md5)
def md5(filename): def md5(filename):
if not _md5:
raise ValueError('MD5 not available. Possibly running in FIPS mode')
return secure_hash(filename, _md5) return secure_hash(filename, _md5)
def default(value, function): def default(value, function):