use list instead of tuple and remove md5 on ValueError (#51357)

* use list instead of tuple and remove md5 on ValueError

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* convert algorithms to list and add comment

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* only convert to list if algorithms is not None

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* new fragment for PR 51357

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* fix lint: remove blank line
This commit is contained in:
Mike Sgarbossa 2019-02-07 09:23:11 -07:00 committed by Sam Doran
parent d40f0313e2
commit c459f040da
2 changed files with 7 additions and 2 deletions

View file

@ -0,0 +1,3 @@
---
bugfixes:
- ansible.module_utils.basic - fix handling of md5 in algorithms tuple for FIPS compatibility (https://github.com/ansible/ansible/issues/51355)

View file

@ -128,10 +128,12 @@ try:
for attribute in ('available_algorithms', 'algorithms'):
algorithms = getattr(hashlib, attribute, None)
if algorithms:
# convert algorithms to list instead of immutable tuple so md5 can be removed if not available
algorithms = list(algorithms)
break
if algorithms is None:
# python 2.5+
algorithms = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512')
algorithms = ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']
for algorithm in algorithms:
AVAILABLE_HASH_ALGORITHMS[algorithm] = getattr(hashlib, algorithm)
@ -139,7 +141,7 @@ try:
try:
hashlib.md5()
except ValueError:
algorithms.pop('md5', None)
algorithms.remove('md5')
except Exception:
import sha
AVAILABLE_HASH_ALGORITHMS = {'sha1': sha.sha}