openssl_* modules: prevent crash on fingerprint determination in FIPS mode (#67515)

* openssl_* modules: prevent crash on fingerprint determination in FIPS mode. * Add changelog.
4 years ago · ca57871954
parent 9f41d0e914
commit ca57871954
2 changed files with 8 additions and 1 deletions
--- a/changelogs/fragments/67515-openssl-fingerprint-fips.yml
+++ b/changelogs/fragments/67515-openssl-fingerprint-fips.yml
@ -0,0 +1,2 @@
+bugfixes:
+- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)."
--- a/lib/ansible/module_utils/crypto.py
+++ b/lib/ansible/module_utils/crypto.py
@ -155,7 +155,12 @@ def get_fingerprint_of_bytes(source):

    for algo in algorithms:
        f = getattr(hashlib, algo)
-        h = f(source)
+        try:
+            h = f(source)
+        except ValueError:
+            # This can happen for hash algorithms not supported in FIPS mode
+            # (https://github.com/ansible/ansible/issues/67213)
+            continue
        try:
            # Certain hash functions have a hexdigest() which expects a length parameter
            pubkey_digest = h.hexdigest()