[New-bugs-announce] [issue47101] hashlib.algorithms_available lists algorithms that are not available in OpenSSL 3.0 default provider

Christian Heimes report at bugs.python.org
Wed Mar 23 10:28:49 EDT 2022 

New submission from Christian Heimes <lists at cheimes.de>:

Hubert Kario wrote in https://bugzilla.redhat.com/show_bug.cgi?id=2054702

Description of problem:
The hashlib.algorithms_available set includes algorithms like ripemd160 and whirlpool, those algorithms are not usable unless openssl legacy provider is loaded. Since it's not loaded, and the hashlib module won't load it, any attempt to use them fails.

Version-Release number of selected component (if applicable):
python3-3.9.10-1.el9.x86_64
openssl-3.0.1-5.el9.x86_64

How reproducible:
always

Steps to Reproduce:
0. start python3
1. from hashlib import algorithms_available 
2. algorithms_available
3. import hashlib
4. a = {(name, hashlib.new(name).digest_size) for name in algorithms_available}

Actual results:
{'sha3_384', 'blake2s', 'sha384', 'sha512_224', 'md5', 'sha3_512', 'md5-sha1', 'sha3_256', 'shake_128', 'sm3', 'sha256', 'sha512', 'sha1', 'shake_256', 'blake2b', 'whirlpool', 'sha512_256', 'sha3_224', 'sha224', 'ripemd160', 'md4'}

Traceback (most recent call last):
  File "/usr/lib64/python3.9/hashlib.py", line 164, in __hash_new
    return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<stdin>", line 1, in <setcomp>
  File "/usr/lib64/python3.9/hashlib.py", line 170, in __hash_new
    return __get_builtin_constructor(name)(data)
  File "/usr/lib64/python3.9/hashlib.py", line 127, in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type whirlpool


Expected results:
{'sha3_384', 'blake2s', 'sha384', 'sha512_224', 'md5', 'sha3_512', 'md5-sha1', 'sha3_256', 'shake_128', 'sm3', 'sha256', 'sha512', 'sha1', 'shake_256', 'blake2b', 'sha512_256', 'sha3_224', 'sha224'}

{('blake2b', 64), ('sha512', 64), ('md5-sha1', 36), ('sha3_512', 64), ('md5', 16), ('sha224', 28), ('shake_128', 0), ('sm3', 32), ('blake2s', 32), ('sha1', 20), ('shake_256', 0), ('sha512_256', 32), ('sha3_224', 28), ('sha3_256', 32), ('sha3_384', 48), ('sha384', 48), ('sha256', 32), ('sha512_224', 28)}

Additional info:
If the legacy provider is loaded, then the algorithms should be listed and should work.

It may be caused by Python using the deprecated EVP_MD_do_all() method instead of the EVP_MD_do_all_provided() method

----------
components: Extension Modules, Library (Lib)
messages: 415877
nosy: christian.heimes
priority: normal
severity: normal
status: open
title: hashlib.algorithms_available lists algorithms that are not available in OpenSSL 3.0 default provider
type: behavior
versions: Python 3.10, Python 3.11, Python 3.9

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue47101>
_______________________________________

More information about the New-bugs-announce mailing list