OpenSSL 3: Inconsistent CPython/PyPy behavior wrt. unsupported hash types: incorrect results
Hello, we have recently switched PyPy to OpenSSL 3 in Fedora and we see an inconsistent behavior wrt. unsupported hash types, such as md4. This is CPython (OpenSSL 3): ====================================================================== Python 3.9.13 (main, Jul 22 2022, 00:00:00) [GCC 12.1.1 20220628 (Red Hat 12.1.1-3)] on linux Type "help", "copyright", "credits" or "license" for more information.
During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib64/python3.9/hashlib.py", line 166, in __hash_new return __get_builtin_constructor(name)(data) File "/usr/lib64/python3.9/hashlib.py", line 123, in __get_builtin_constructor raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type md4 ====================================================================== An exception is raised -- md4 is not supported. And this is PyPy (OpenSSL 3): ====================================================================== Python 2.7.18 (f1d28f87e6d8, Jul 22 2022, 16:05:41) [PyPy 7.3.9 with GCC 12.1.1 20220628 (Red Hat 12.1.1-3)] on linux2 Type "help", "copyright", "credits" or "license" for more information.
No exception here, returns all zeros, which is incorrect result, see bellow: This is CPython and PyPy both with OpenSSL 1.1: ======================================================================
As you can see, PyPy with OpenSSL 3.0 not only does not raise an exception, it returns incorrect results. Is this a bug? Or is it a known limitation? Thanks, -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok
participants (1)
-
Miro Hrončok