From 9a7eb577187bf77999b1ffc9b89259176266421f Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Tue, 11 Nov 2014 20:23:03 -0800 Subject: [PATCH] Some changes to FIPS compat since SLES implements it differently --- lib/ansible/module_utils/basic.py | 8 +++++++- lib/ansible/utils/__init__.py | 10 +++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/lib/ansible/module_utils/basic.py b/lib/ansible/module_utils/basic.py index b8118ed5586..4b23ccfa913 100644 --- a/lib/ansible/module_utils/basic.py +++ b/lib/ansible/module_utils/basic.py @@ -95,7 +95,11 @@ except ImportError: try: from hashlib import md5 as _md5 except ImportError: - from md5 import md5 as _md5 + try: + from md5 import md5 as _md5 + except ImportError: + # MD5 unavailable. Possibly FIPS mode + _md5 = None try: from hashlib import sha256 as _sha256 @@ -1248,6 +1252,8 @@ class AnsibleModule(object): Most uses of this function can use the module.sha1 function instead. ''' + if not _md5: + raise ValueError('MD5 not available. Possibly running in FIPS mode') return self.digest_from_file(filename, _md5()) def sha1(self, filename): diff --git a/lib/ansible/utils/__init__.py b/lib/ansible/utils/__init__.py index 770e9be6a83..06ca8144cc8 100644 --- a/lib/ansible/utils/__init__.py +++ b/lib/ansible/utils/__init__.py @@ -79,7 +79,11 @@ except ImportError: try: from hashlib import md5 as _md5 except ImportError: - from md5 import md5 as _md5 + try: + from md5 import md5 as _md5 + except ImportError: + # Assume we're running in FIPS mode here + _md5 = None PASSLIB_AVAILABLE = False try: @@ -870,9 +874,13 @@ checksum_s = secure_hash_s # # MD5 will not work on systems which are FIPS-140-2 compliant. def md5s(data): + if not _md5: + raise ValueError('MD5 not available. Possibly running in FIPS mode') return secure_hash_s(data, _md5) def md5(filename): + if not _md5: + raise ValueError('MD5 not available. Possibly running in FIPS mode') return secure_hash(filename, _md5) def default(value, function):