Merge pull request #257 from evgenyz/fix-hashes-fips

Do not rely on hashlib.algorithms_available
OpenSCAP · Nov 6, 2024 · eced57b · eced57b
2 parents 5f71100 + 7fdd6b2
commit eced57b
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/org_fedora_oscap/utils.py b/org_fedora_oscap/utils.py
@@ -148,7 +148,16 @@ def get_hashing_algorithm(fingerprint):
 
     expected_hash_ids = {'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'}
     available_hash_ids = expected_hash_ids.intersection(hashlib.algorithms_available)
-    hashes = (hashlib.new(hash_id) for hash_id in available_hash_ids)
+
+    hashes = []
+    for hash_id in available_hash_ids:
+        try:
+            hash_obj = hashlib.new(hash_id)
+            hashes.append(hash_obj)
+        except ValueError as e:
+            # We have an unavailable algorithm, that is a part of hashlib.algorithms_available,
+            # for example see https://github.com/python/cpython/issues/91257.
+            pass
 
     if len(fingerprint) % 2 == 1:
         return None