This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: _hashlib: register Python names as OpenSSL aliases
Type: behavior Stage: resolved
Components: Library (Lib), SSL Versions: Python 3.9, Python 3.8, Python 3.7
Status: closed Resolution: rejected
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, gregory.p.smith
Priority: normal Keywords: patch

Created on 2020-05-03 10:52 by christian.heimes, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 19880 closed christian.heimes, 2020-05-03 10:55
Messages (4)
msg367968 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-05-03 10:52
Python uses valid Python identifiers for hashing algorithms while OpenSSL uses slightly different default names. For example OpenSSL uses "SHA3-256" while Python has "sha3_256". The function py_digest_by_name() in _hashopenssl.c maps from Python names to EVP_MD pointer.

It's possible to simplify the lookup by registering Python's aliases with OpenSSL, e.g. EVP_add_digest_alias(SN_sha3_512, "sha3_512").

Also see
msg367979 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2020-05-03 15:53
Adding aliases in openssl is presumably process global right? Is that wise
given it'd mean other openssl using c/c++ code in the process would now see
the same aliases and could behave differently when used with python vs

On Sun, May 3, 2020, 3:55 AM Christian Heimes <>

> Change by Christian Heimes <>:
> ----------
> keywords: +patch
> pull_requests: +19193
> pull_request:
> _______________________________________
> Python tracker <>
> <>
> _______________________________________
msg367980 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2020-05-03 16:10
Yes, it changes the global state of libcrypto.

I consider the risk to other application slim to non-existing. Two cases are problematic:

1) an application relies on the fact that EVP_get_digestbyname("sha3_256") fails.
2) an application also uses EVP_add_digest_alias() but registers a different digest algorithm.

Both cases seem highly unlikely to me.
msg391311 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-04-17 19:41
I decided against the approach.
Date User Action Args
2022-04-11 14:59:30adminsetgithub: 84662
2021-04-17 19:41:03christian.heimessetstatus: open -> closed
resolution: rejected
messages: + msg391311

stage: patch review -> resolved
2020-05-03 16:10:24christian.heimessetmessages: + msg367980
2020-05-03 15:53:30gregory.p.smithsetmessages: + msg367979
2020-05-03 10:55:47christian.heimessetkeywords: + patch
pull_requests: + pull_request19193
2020-05-03 10:52:09christian.heimescreate