This seems to be an issue with how python (3.10) is interacting with openssl.
The list of supported hash algorithms that we get is not actually supported:
$ python3 -c "import hashlib; a = {(name, hashlib.new(name).digest_size) for name in hashlib.algorithms_available}"
Traceback (most recent call last):
File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "<string>", line 1, in <setcomp>
File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
return __get_builtin_constructor(name)(data)
File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type ripemd160
ripemd160 is in the list:
>>> hashlib.algorithms_available
{'shake_256', 'sha224', 'shake_128', 'sha512_224', 'blake2b', 'ripemd160', 'sha384', 'sha1', 'sha256', 'sha3_384', 'sha3_512', 'md5-sha1', 'sha512', 'whirlpool', 'sm3', 'md4', 'blake2s', 'sha512_256', 'sha3_224', 'sha3_256', 'md5'}
But like many others, unusable:
>>> hashlib.new("md4")
Traceback (most recent call last):
File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
return __get_builtin_constructor(name)(data)
File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type md4
The list of hash names begins with this, in hashlib.py:
__always_supported = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'blake2b', 'blake2s', 'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512', 'shake_128', 'shake_256')
It then gets potentially augmented with openssl's list:
import _hashlib
new = __hash_new
__get_hash = __get_openssl_constructor
algorithms_available = algorithms_available.union( _hashlib.openssl_md_meth_names)
And indeed, md4 and ripemd160 (and others) come from openssl's list:
>>> _hashlib.openssl_md_meth_names
frozenset({'shake_256', 'sha224', 'shake_128', 'sha512_224', 'blake2b', 'ripemd160', 'sha384', 'sha1', 'sha256', 'sha3_384', 'sha3_512', 'md5-sha1', 'sha512', 'whirlpool', 'sm3', 'md4', 'blake2s', 'sha512_256', 'sha3_256', 'sha3_224', 'md5'})
and it's unusable:
>>> _hashlib.new("md4")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: [digital envelope routines] unsupported
Looks like the openssl legacy provider is not fully loaded: it's there "enough" to spit out the legacy hash names when asked for a list, but when it comes to use it, the hash is unsupported.
This seems to be an issue with how python (3.10) is interacting with openssl.
The list of supported hash algorithms that we get is not actually supported:
$ python3 -c "import hashlib; a = {(name, hashlib. new(name) .digest_ size) for name in hashlib. algorithms_ available} " python3. 10/hashlib. py", line 160, in __hash_new
Traceback (most recent call last):
File "/usr/lib/
return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last): python3. 10/hashlib. py", line 166, in __hash_new constructor( name)(data) python3. 10/hashlib. py", line 123, in __get_builtin_ constructor 'unsupported hash type ' + name)
File "<string>", line 1, in <module>
File "<string>", line 1, in <setcomp>
File "/usr/lib/
return __get_builtin_
File "/usr/lib/
raise ValueError(
ValueError: unsupported hash type ripemd160
ripemd160 is in the list: algorithms_ available
>>> hashlib.
{'shake_256', 'sha224', 'shake_128', 'sha512_224', 'blake2b', 'ripemd160', 'sha384', 'sha1', 'sha256', 'sha3_384', 'sha3_512', 'md5-sha1', 'sha512', 'whirlpool', 'sm3', 'md4', 'blake2s', 'sha512_256', 'sha3_224', 'sha3_256', 'md5'}
But like many others, unusable: python3. 10/hashlib. py", line 160, in __hash_new
>>> hashlib.new("md4")
Traceback (most recent call last):
File "/usr/lib/
return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last): python3. 10/hashlib. py", line 166, in __hash_new constructor( name)(data) python3. 10/hashlib. py", line 123, in __get_builtin_ constructor 'unsupported hash type ' + name)
File "<stdin>", line 1, in <module>
File "/usr/lib/
return __get_builtin_
File "/usr/lib/
raise ValueError(
ValueError: unsupported hash type md4
The list of hash names begins with this, in hashlib.py:
'blake2b' , 'blake2s',
'sha3_ 224', 'sha3_256', 'sha3_384', 'sha3_512',
'shake_ 128', 'shake_256')
__always_supported = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512',
It then gets potentially augmented with openssl's list: constructor available = algorithms_ available. union(
_hashlib. openssl_ md_meth_ names)
import _hashlib
new = __hash_new
__get_hash = __get_openssl_
algorithms_
And indeed, md4 and ripemd160 (and others) come from openssl's list: openssl_ md_meth_ names {'shake_ 256', 'sha224', 'shake_128', 'sha512_224', 'blake2b', 'ripemd160', 'sha384', 'sha1', 'sha256', 'sha3_384', 'sha3_512', 'md5-sha1', 'sha512', 'whirlpool', 'sm3', 'md4', 'blake2s', 'sha512_256', 'sha3_256', 'sha3_224', 'md5'})
>>> _hashlib.
frozenset(
and it's unusable:
>>> _hashlib.new("md4")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: [digital envelope routines] unsupported
This was nicely summarized in https:/ /github. com/tlsfuzzer/ python- ecdsa/issues/ 285#issuecommen t-1040319586
Looks like the openssl legacy provider is not fully loaded: it's there "enough" to spit out the legacy hash names when asked for a list, but when it comes to use it, the hash is unsupported.