Some changes to FIPS compat since SLES implements it differently

9a7eb577 · Toshio Kuratomi · d4d23b1b · 9a7eb577 · 9a7eb577
Commit 9a7eb577 authored Nov 11, 2014 by Toshio Kuratomi
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 2 deletions

lib/ansible/module_utils/basic.py
+7 -1

lib/ansible/utils/__init__.py
+9 -1

No files found.
--- a/lib/ansible/module_utils/basic.py
+++ b/lib/ansible/module_utils/basic.py
@@ -95,7 +95,11 @@ except ImportError:
 try:
    from hashlib import md5 as _md5
 except ImportError:
-    from md5 import md5 as _md5
+    try:
+        from md5 import md5 as _md5
+    except ImportError:
+        # MD5 unavailable.  Possibly FIPS mode
+        _md5 = None

 try:
    from hashlib import sha256 as _sha256
@@ -1248,6 +1252,8 @@ class AnsibleModule(object):

        Most uses of this function can use the module.sha1 function instead.
        '''
+        if not _md5:
+            raise ValueError('MD5 not available.  Possibly running in FIPS mode')
        return self.digest_from_file(filename, _md5())

    def sha1(self, filename):

--- a/lib/ansible/utils/__init__.py
+++ b/lib/ansible/utils/__init__.py
@@ -79,7 +79,11 @@ except ImportError:
 try:
    from hashlib import md5 as _md5
 except ImportError:
-    from md5 import md5 as _md5
+    try:
+        from md5 import md5 as _md5
+    except ImportError:
+        # Assume we're running in FIPS mode here
+        _md5 = None

 PASSLIB_AVAILABLE = False
 try:
@@ -870,9 +874,13 @@ checksum_s = secure_hash_s
 #
 # MD5 will not work on systems which are FIPS-140-2 compliant.
 def md5s(data):
+    if not _md5:
+        raise ValueError('MD5 not available.  Possibly running in FIPS mode')
    return secure_hash_s(data, _md5)

 def md5(filename):
+    if not _md5:
+        raise ValueError('MD5 not available.  Possibly running in FIPS mode')
    return secure_hash(filename, _md5)

 def default(value, function):