cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

openssl_* modules: prevent crash on fingerprint determination in FIPS mode (#67515)

Browse source 
* openssl_* modules: prevent crash on fingerprint determination in FIPS mode.

* Add changelog.
This commit is contained in:
Felix Fontein 2020-02-18 09:43:22 +01:00 committed by GitHub
parent 9f41d0e914
commit ca57871954
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/67515-openssl-fingerprint-fips.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)."

7
lib/ansible/module_utils/crypto.py
View file

@ -155,7 +155,12 @@ def get_fingerprint_of_bytes(source):
for algo in algorithms:
f = getattr(hashlib, algo)
h = f(source)
try:
h = f(source)
except ValueError:
# This can happen for hash algorithms not supported in FIPS mode
# (https://github.com/ansible/ansible/issues/67213)
continue
try:
# Certain hash functions have a hexdigest() which expects a length parameter
pubkey_digest = h.hexdigest()