'[pypy-dev] OpenSSL 3: Inconsistent CPython/PyPy behavior wrt. unsupported hash types: incorrect resu'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pypy-dev
Subject:    [pypy-dev] OpenSSL 3: Inconsistent CPython/PyPy behavior wrt. unsupported hash types: incorrect resu
From:       Miro_Hrončok <mhroncok () redhat ! com>
Date:       2022-08-04 11:37:43
Message-ID: efe95847-32ba-b4b2-7e1d-36c340c33a6a () redhat ! com
[Download RAW message or body]

Hello,
we have recently switched PyPy to OpenSSL 3 in Fedora and we see an 
inconsistent behavior wrt. unsupported hash types, such as md4.

This is CPython (OpenSSL 3):

======================================================================
Python 3.9.13 (main, Jul 22 2022, 00:00:00)
[GCC 12.1.1 20220628 (Red Hat 12.1.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
 >>> import hashlib
 >>> m = hashlib.new('md4')
Traceback (most recent call last):
   File "/usr/lib64/python3.9/hashlib.py", line 160, in __hash_new
     return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
   File "/usr/lib64/python3.9/hashlib.py", line 166, in __hash_new
     return __get_builtin_constructor(name)(data)
   File "/usr/lib64/python3.9/hashlib.py", line 123, in __get_builtin_constructor
     raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type md4
======================================================================

An exception is raised -- md4 is not supported.




And this is PyPy (OpenSSL 3):

======================================================================
Python 2.7.18 (f1d28f87e6d8, Jul 22 2022, 16:05:41)
[PyPy 7.3.9 with GCC 12.1.1 20220628 (Red Hat 12.1.1-3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
 >>>> import hashlib
 >>>> m = hashlib.new('md4')
 >>>> m.digest()
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
======================================================================
Python 3.9.12 (dd85a1aa7d80, Jul 22 2022, 16:05:26)
[PyPy 7.3.9 with GCC 12.1.1 20220628 (Red Hat 12.1.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
 >>>> import hashlib
 >>>> m = hashlib.new('md4')
 >>>> m.digest()
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
======================================================================


No exception here, returns all zeros, which is incorrect result, see bellow:



This is CPython and PyPy both with OpenSSL 1.1:

======================================================================
 >>>> import hashlib
 >>>> m=hashlib.new('md4')
 >>>> m.digest()
b'1\xd6\xcf\xe0\xd1j\xe91\xb7<Y\xd7\xe0\xc0\x89\xc0'
======================================================================


As you can see, PyPy with OpenSSL 3.0 not only does not raise an exception, it 
returns incorrect results.


Is this a bug? Or is it a known limitation?

Thanks,
-- 
Miro Hrončok
-- 
Phone: +420777974800
IRC: mhroncok

_______________________________________________
pypy-dev mailing list -- pypy-dev@python.org
To unsubscribe send an email to pypy-dev-leave@python.org
https://mail.python.org/mailman3/lists/pypy-dev.python.org/
Member address: pypy-dev@progressive-comp.com

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic