openssl_* modules: prevent crash on fingerprint determination in FIPS mode (#67515) (#67519)

* openssl_* modules: prevent crash on fingerprint determination in FIPS mode.

* Add changelog.

(cherry picked from commit ca57871954)
pull/67986/head
Felix Fontein 5 years ago committed by GitHub
parent e40e05576b
commit e64b120bff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,2 @@
bugfixes:
- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)."

@ -154,7 +154,12 @@ def get_fingerprint_of_bytes(source):
for algo in algorithms: for algo in algorithms:
f = getattr(hashlib, algo) f = getattr(hashlib, algo)
h = f(source) try:
h = f(source)
except ValueError:
# This can happen for hash algorithms not supported in FIPS mode
# (https://github.com/ansible/ansible/issues/67213)
continue
try: try:
# Certain hash functions have a hexdigest() which expects a length parameter # Certain hash functions have a hexdigest() which expects a length parameter
pubkey_digest = h.hexdigest() pubkey_digest = h.hexdigest()

Loading…
Cancel
Save