Python3

  1. Bug #1976299
  2. Comment #2

Comment 2 for bug 1976299

Revision history for this message
Andreas Hasenack (ahasenack) wrote : Re: FTBFS: unsupported hash type whirlpool

This seems to be an issue with how python (3.10) is interacting with openssl.

The list of supported hash algorithms that we get is not actually supported:

$ python3 -c "import hashlib; a = {(name, hashlib.new(name).digest_size) for name in hashlib.algorithms_available}"
Traceback (most recent call last):
  File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
    return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "<string>", line 1, in <setcomp>
  File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
    return __get_builtin_constructor(name)(data)
  File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type ripemd160

ripemd160 is in the list:
>>> hashlib.algorithms_available
{'shake_256', 'sha224', 'shake_128', 'sha512_224', 'blake2b', 'ripemd160', 'sha384', 'sha1', 'sha256', 'sha3_384', 'sha3_512', 'md5-sha1', 'sha512', 'whirlpool', 'sm3', 'md4', 'blake2s', 'sha512_256', 'sha3_224', 'sha3_256', 'md5'}

But like many others, unusable:
>>> hashlib.new("md4")
Traceback (most recent call last):
  File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
    return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
    return __get_builtin_constructor(name)(data)
  File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type md4

The list of hash names begins with this, in hashlib.py:
__always_supported = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512',
                      'blake2b', 'blake2s',
                      'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512',
                      'shake_128', 'shake_256')

It then gets potentially augmented with openssl's list:
    import _hashlib
    new = __hash_new
    __get_hash = __get_openssl_constructor
    algorithms_available = algorithms_available.union(
            _hashlib.openssl_md_meth_names)

And indeed, md4 and ripemd160 (and others) come from openssl's list:
>>> _hashlib.openssl_md_meth_names
frozenset({'shake_256', 'sha224', 'shake_128', 'sha512_224', 'blake2b', 'ripemd160', 'sha384', 'sha1', 'sha256', 'sha3_384', 'sha3_512', 'md5-sha1', 'sha512', 'whirlpool', 'sm3', 'md4', 'blake2s', 'sha512_256', 'sha3_256', 'sha3_224', 'md5'})

and it's unusable:
>>> _hashlib.new("md4")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: [digital envelope routines] unsupported

This was nicely summarized in https://github.com/tlsfuzzer/python-ecdsa/issues/285#issuecomment-1040319586

Looks like the openssl legacy provider is not fully loaded: it's there "enough" to spit out the legacy hash names when asked for a list, but when it comes to use it, the hash is unsupported.