openssl_* modules: prevent crash on fingerprint determination in FIPS mode (#67515)

* openssl_* modules: prevent crash on fingerprint determination in FIPS mode.

* Add changelog.
This commit is contained in:
Felix Fontein 2020-02-18 09:43:22 +01:00 committed by GitHub
parent 9f41d0e914
commit ca57871954
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)."

View file

@ -155,7 +155,12 @@ def get_fingerprint_of_bytes(source):
for algo in algorithms: for algo in algorithms:
f = getattr(hashlib, algo) f = getattr(hashlib, algo)
h = f(source) try:
h = f(source)
except ValueError:
# This can happen for hash algorithms not supported in FIPS mode
# (https://github.com/ansible/ansible/issues/67213)
continue
try: try:
# Certain hash functions have a hexdigest() which expects a length parameter # Certain hash functions have a hexdigest() which expects a length parameter
pubkey_digest = h.hexdigest() pubkey_digest = h.hexdigest()