openssl_* modules: prevent crash on fingerprint determination in FIPS…

… mode (ansible#67515) * openssl_* modules: prevent crash on fingerprint determination in FIPS mode. * Add changelog.
vpvishal · Feb 18, 2020 · ca57871 · ca57871
1 parent 9f41d0e
commit ca57871
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/changelogs/fragments/67515-openssl-fingerprint-fips.yml b/changelogs/fragments/67515-openssl-fingerprint-fips.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)."
diff --git a/lib/ansible/module_utils/crypto.py b/lib/ansible/module_utils/crypto.py
@@ -155,7 +155,12 @@ def get_fingerprint_of_bytes(source):
 
     for algo in algorithms:
         f = getattr(hashlib, algo)
-        h = f(source)
+        try:
+            h = f(source)
+        except ValueError:
+            # This can happen for hash algorithms not supported in FIPS mode
+            # (https://github.com/ansible/ansible/issues/67213)
+            continue
         try:
             # Certain hash functions have a hexdigest() which expects a length parameter
             pubkey_digest = h.hexdigest()
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- "openssl_* modules - prevent crash on fingerprint determination in FIPS mode (https://github.com/ansible/ansible/issues/67213)."