This seems to be an issue with how python (3.10) is interacting with
openssl.
The list of supported hash algorithms that we get is not actually
supported:
$ python3 -c "import hashlib; a = {(name, hashlib.new(name).digest_size) for
name in hashlib.algorithms_available}"
Traceback (most recent call last):
File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "<string>", line 1, in <setcomp>
File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
return __get_builtin_constructor(name)(data)
File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type ripemd160
ripemd160 is in the list:
>>> hashlib.algorithms_available
{'shake_256', 'sha224', 'shake_128', 'sha512_224', 'blake2b', 'ripemd160',
'sha384', 'sha1', 'sha256', 'sha3_384', 'sha3_512', 'md5-sha1', 'sha512',
'whirlpool', 'sm3', 'md4', 'blake2s', 'sha512_256', 'sha3_224', 'sha3_256',
'md5'}
But like many others, unusable:
>>> hashlib.new("md4")
Traceback (most recent call last):
File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
return __get_builtin_constructor(name)(data)
File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type md4
The list of hash names begins with this, in hashlib.py:
__always_supported = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512',
'blake2b', 'blake2s',
'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512',
'shake_128', 'shake_256')
It then gets potentially augmented with openssl's list:
import _hashlib
new = __hash_new
__get_hash = __get_openssl_constructor
algorithms_available = algorithms_available.union(
_hashlib.openssl_md_meth_names)
And indeed, md4 and ripemd160 (and others) come from openssl's list:
>>> _hashlib.openssl_md_meth_names
frozenset({'shake_256', 'sha224', 'shake_128', 'sha512_224', 'blake2b',
'ripemd160', 'sha384', 'sha1', 'sha256', 'sha3_384', 'sha3_512', 'md5-sha1',
'sha512', 'whirlpool', 'sm3', 'md4', 'blake2s', 'sha512_256', 'sha3_256',
'sha3_224', 'md5'})
and it's unusable:
>>> _hashlib.new("md4")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: [digital envelope routines] unsupported
This was nicely summarized in
https://github.com/tlsfuzzer/python-ecdsa/issues/285#issuecomment-1040319586
Looks like the openssl legacy provider is not fully loaded: it's there
"enough" to spit out the legacy hash names when asked for a list, but
when it comes to use it, the hash is unsupported.
** Also affects: python3.10 (Ubuntu)
Importance: Undecided
Status: New
** Bug watch added: github.com/python/cpython/issues #91257
https://github.com/python/cpython/issues/91257
** Also affects: python3 via
https://github.com/python/cpython/issues/91257
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1976299
Title:
hashlib.algorithms_available lists algorithms that cannot be used
To manage notifications about this bug go to:
https://bugs.launchpad.net/python3/+bug/1976299/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
