This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes
Date 2022-03-23.14:28:49
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1648045729.74.0.801918248822.issue47101@roundup.psfhosted.org>
In-reply-to
Content
Hubert Kario wrote in https://bugzilla.redhat.com/show_bug.cgi?id=2054702

Description of problem:
The hashlib.algorithms_available set includes algorithms like ripemd160 and whirlpool, those algorithms are not usable unless openssl legacy provider is loaded. Since it's not loaded, and the hashlib module won't load it, any attempt to use them fails.

Version-Release number of selected component (if applicable):
python3-3.9.10-1.el9.x86_64
openssl-3.0.1-5.el9.x86_64

How reproducible:
always

Steps to Reproduce:
0. start python3
1. from hashlib import algorithms_available 
2. algorithms_available
3. import hashlib
4. a = {(name, hashlib.new(name).digest_size) for name in algorithms_available}

Actual results:
{'sha3_384', 'blake2s', 'sha384', 'sha512_224', 'md5', 'sha3_512', 'md5-sha1', 'sha3_256', 'shake_128', 'sm3', 'sha256', 'sha512', 'sha1', 'shake_256', 'blake2b', 'whirlpool', 'sha512_256', 'sha3_224', 'sha224', 'ripemd160', 'md4'}

Traceback (most recent call last):
  File "/usr/lib64/python3.9/hashlib.py", line 164, in __hash_new
    return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<stdin>", line 1, in <setcomp>
  File "/usr/lib64/python3.9/hashlib.py", line 170, in __hash_new
    return __get_builtin_constructor(name)(data)
  File "/usr/lib64/python3.9/hashlib.py", line 127, in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type whirlpool


Expected results:
{'sha3_384', 'blake2s', 'sha384', 'sha512_224', 'md5', 'sha3_512', 'md5-sha1', 'sha3_256', 'shake_128', 'sm3', 'sha256', 'sha512', 'sha1', 'shake_256', 'blake2b', 'sha512_256', 'sha3_224', 'sha224'}

{('blake2b', 64), ('sha512', 64), ('md5-sha1', 36), ('sha3_512', 64), ('md5', 16), ('sha224', 28), ('shake_128', 0), ('sm3', 32), ('blake2s', 32), ('sha1', 20), ('shake_256', 0), ('sha512_256', 32), ('sha3_224', 28), ('sha3_256', 32), ('sha3_384', 48), ('sha384', 48), ('sha256', 32), ('sha512_224', 28)}

Additional info:
If the legacy provider is loaded, then the algorithms should be listed and should work.

It may be caused by Python using the deprecated EVP_MD_do_all() method instead of the EVP_MD_do_all_provided() method
History
Date User Action Args
2022-03-23 14:28:49christian.heimessetrecipients: + christian.heimes
2022-03-23 14:28:49christian.heimessetmessageid: <1648045729.74.0.801918248822.issue47101@roundup.psfhosted.org>
2022-03-23 14:28:49christian.heimeslinkissue47101 messages
2022-03-23 14:28:49christian.heimescreate