From ab00904e275c25b84c28ef3da85bbc117886cac1 Mon Sep 17 00:00:00 2001 From: Julia Kreger <juliaashleykreger@gmail.com> Date: Tue, 18 Feb 2020 10:45:23 -0800 Subject: [PATCH] Catch ValueError for FIPS 140-2 mode In FIPS 140-2 mode, the underlying operating system will prevent the loading of certian algorithms for hasing and encryption. Python hashlib returns a ValueError exception when the type cannot be instantiated. This change catches the error and returns a relatively user understandable reason as to why a failure has occured. Change-Id: Id1a144b906303caa92ce88793fba8d1b14def738 Story: 2007306 Task: 38788 --- ironic_python_agent/extensions/standby.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/ironic_python_agent/extensions/standby.py b/ironic_python_agent/extensions/standby.py index 7b911ead0..94480dde1 100644 --- a/ironic_python_agent/extensions/standby.py +++ b/ironic_python_agent/extensions/standby.py @@ -269,7 +269,16 @@ class ImageDownload(object): self._hash_algo = hashlib.new(algo) self._expected_hash_value = image_info.get('os_hash_value') elif image_info.get('checksum'): - self._hash_algo = hashlib.md5() + try: + self._hash_algo = hashlib.md5() + except ValueError as e: + message = ('Unable to proceed with image {} as the legacy ' + 'checksum indicator has been used, which makes use ' + 'the MD5 algorithm. This algorithm failed to load ' + 'due to the underlying operating system. Error: ' + '{}').format(image_info['id'], str(e)) + LOG.error(message) + raise errors.RESTError(details=message) self._expected_hash_value = image_info['checksum'] else: message = ('Unable to verify image {} with available checksums. '