openssl_* modules: prevent crash on fingerprint determination in FIPS mode (#67515)
* openssl_* modules: prevent crash on fingerprint determination in FIPS mode. * Add changelog.
This commit is contained in:
parent
9f41d0e914
commit
ca57871954
2 changed files with 8 additions and 1 deletions
2
changelogs/fragments/67515-openssl-fingerprint-fips.yml
Normal file
2
changelogs/fragments/67515-openssl-fingerprint-fips.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)."
|
|
@ -155,7 +155,12 @@ def get_fingerprint_of_bytes(source):
|
||||||
|
|
||||||
for algo in algorithms:
|
for algo in algorithms:
|
||||||
f = getattr(hashlib, algo)
|
f = getattr(hashlib, algo)
|
||||||
h = f(source)
|
try:
|
||||||
|
h = f(source)
|
||||||
|
except ValueError:
|
||||||
|
# This can happen for hash algorithms not supported in FIPS mode
|
||||||
|
# (https://github.com/ansible/ansible/issues/67213)
|
||||||
|
continue
|
||||||
try:
|
try:
|
||||||
# Certain hash functions have a hexdigest() which expects a length parameter
|
# Certain hash functions have a hexdigest() which expects a length parameter
|
||||||
pubkey_digest = h.hexdigest()
|
pubkey_digest = h.hexdigest()
|
||||||
|
|
Loading…
Reference in a new issue