Description of problem: The hashlib.algorithms_available set includes algorithms like ripemd160 and whirlpool, those algorithms are not usable unless openssl legacy provider is loaded. Since it's not loaded, and the hashlib module won't load it, any attempt to use them fails. Version-Release number of selected component (if applicable): python3-3.9.10-1.el9.x86_64 openssl-3.0.1-5.el9.x86_64 How reproducible: always Steps to Reproduce: 0. start python3 1. from hashlib import algorithms_available 2. algorithms_available 3. import hashlib 4. a = {(name, hashlib.new(name).digest_size) for name in algorithms_available} Actual results: {'sha3_384', 'blake2s', 'sha384', 'sha512_224', 'md5', 'sha3_512', 'md5-sha1', 'sha3_256', 'shake_128', 'sm3', 'sha256', 'sha512', 'sha1', 'shake_256', 'blake2b', 'whirlpool', 'sha512_256', 'sha3_224', 'sha224', 'ripemd160', 'md4'} Traceback (most recent call last): File "/usr/lib64/python3.9/hashlib.py", line 164, in __hash_new return _hashlib.new(name, data, **kwargs) ValueError: [digital envelope routines] unsupported During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<stdin>", line 1, in <setcomp> File "/usr/lib64/python3.9/hashlib.py", line 170, in __hash_new return __get_builtin_constructor(name)(data) File "/usr/lib64/python3.9/hashlib.py", line 127, in __get_builtin_constructor raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type whirlpool Expected results: {'sha3_384', 'blake2s', 'sha384', 'sha512_224', 'md5', 'sha3_512', 'md5-sha1', 'sha3_256', 'shake_128', 'sm3', 'sha256', 'sha512', 'sha1', 'shake_256', 'blake2b', 'sha512_256', 'sha3_224', 'sha224'} {('blake2b', 64), ('sha512', 64), ('md5-sha1', 36), ('sha3_512', 64), ('md5', 16), ('sha224', 28), ('shake_128', 0), ('sm3', 32), ('blake2s', 32), ('sha1', 20), ('shake_256', 0), ('sha512_256', 32), ('sha3_224', 28), ('sha3_256', 32), ('sha3_384', 48), ('sha384', 48), ('sha256', 32), ('sha512_224', 28)} Additional info: If the legacy provider is loaded, then the algorithms should be listed and should work.
It may be caused by Python using the deprecated EVP_MD_do_all() method instead of the EVP_MD_do_all_provided() method
Christian, do you want to fix this upstream?
I have created a new BPO for the issue and a PR. Hubert, could you please test the PR?
Seems to work: # git status On branch bpo-47101-legacynames # ./python Python 3.11.0a6+ (heads/bpo-47101-legacynames:e7a92d981b, Mar 23 2022, 14:32:04) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from hashlib import algorithms_available >>> algorithms_available {'sha3_224', 'sha3_384', 'sha512', 'shake_128', 'sha3_256', 'sha3_512', 'sha256', 'sha1', 'sha224', 'md5', 'blake2b', 'blake2s', 'shake_256', 'sha384'}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: python3.9 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8353