Hello,
we have recently switched PyPy to OpenSSL 3 in Fedora and we see an
inconsistent behavior wrt. unsupported hash types, such as md4.
This is CPython (OpenSSL 3):
======================================================================
Python 3.9.13 (main, Jul 22 2022, 00:00:00)
[GCC 12.1.1 20220628 (Red Hat 12.1.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> m = hashlib.new('md4')
Traceback (most recent call last):
File "/usr/lib64/python3.9/hashlib.py", line 160, in __hash_new
return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.9/hashlib.py", line 166, in __hash_new
return __get_builtin_constructor(name)(data)
File "/usr/lib64/python3.9/hashlib.py", line 123, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type md4
======================================================================
An exception is raised -- md4 is not supported.
And this is PyPy (OpenSSL 3):
======================================================================
Python 2.7.18 (f1d28f87e6d8, Jul 22 2022, 16:05:41)
[PyPy 7.3.9 with GCC 12.1.1 20220628 (Red Hat 12.1.1-3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>> import hashlib
>>>> m = hashlib.new('md4')
>>>> m.digest()
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
======================================================================
Python 3.9.12 (dd85a1aa7d80, Jul 22 2022, 16:05:26)
[PyPy 7.3.9 with GCC 12.1.1 20220628 (Red Hat 12.1.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>> import hashlib
>>>> m = hashlib.new('md4')
>>>> m.digest()
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
======================================================================
No exception here, returns all zeros, which is incorrect result, see bellow:
This is CPython and PyPy both with OpenSSL 1.1:
======================================================================
>>>> import hashlib
>>>> m=hashlib.new('md4')
>>>> m.digest()
b'1\xd6\xcf\xe0\xd1j\xe91\xb7<Y\xd7\xe0\xc0\x89\xc0'
======================================================================
As you can see, PyPy with OpenSSL 3.0 not only does not raise an exception, it
returns incorrect results.
Is this a bug? Or is it a known limitation?
Thanks,
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
pypy-dev mailing list -- pypy-dev@python.org
To unsubscribe send an email to pypy-dev-le...@python.org
https://mail.python.org/mailman3/lists/pypy-dev.python.org/
Member address: arch...@mail-archive.com
