[Bug 1971580] Re: md4 hash does not work for Python in Jammy

vmex 1971580 at bugs.launchpad.net
Wed May 4 16:27:29 UTC 2022 

I see. So, it is not a Ubuntu bug although it is not that obvious.

In short:
1) Some hashing algorithms with MD4 among them were disabled as obsoleted.
2) Cpython shows disabled hashing algorithms as available. Technically it is correct because they are can be enabled and used. But it does not mean that they can be used right away. Moreover, the exception you get is too generic and provides no help whatsoever.


This workaround does the job:

--- /etc/ssl/openssl.cnf.dist   2022-05-04 19:03:33.253072785 +0300
+++ /etc/ssl/openssl.cnf        2022-05-04 19:08:48.828690506 +0300
@@ -56,6 +56,7 @@
 # List of providers to load
 [provider_sect]
 default = default_sect
+legacy = legacy_sect
 # The fips section name should match the section name inside the
 # included fipsmodule.cnf.
 # fips = fips_sect
@@ -71,6 +72,9 @@
 [default_sect]
 # activate = 1
 
+[legacy_sect]
+activate = 1
+

After that MD4 hash started working:

$ python3.10
Python 3.10.4 (main, Apr  2 2022, 09:04:19) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> hashlib.new('md4', b"text")
<md4 _hashlib.HASH object @ 0x7f4636104d30>


Sebastien, thanks a lot!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.10 in Ubuntu.
https://bugs.launchpad.net/bugs/1971580

Title:
  md4 hash does not work for Python in Jammy

Status in python3.10 package in Ubuntu:
  New

Bug description:
  I found out that md4 algorithm does not work while being reported as
  available.

  Test Python script:
  ```
  import hashlib
  hashlib.algorithms_available
  assert 'md4' in hashlib.algorithms_available
  hashlib.new('md4', b"text")
  ```
  This script should produce report like this:
  ```
  $ python3
  Python 3.8.10 (default, Nov 26 2021, 20:14:08) 
  [GCC 9.3.0] on linux
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import hashlib
  >>> hashlib.algorithms_available
  {'blake2s', 'sha3_224', 'sha512_224', 'sha224', 'md4', 'sha3_256', 'sha512', 'sha3_512', 'blake2b', 'shake_128', 'whirlpool', 'sha3_384', 'sha256', 'sha1', 'md5-sha1', 'sha384', 'shake_256', 'sm3', 'ripemd160', 'sha512_256', 'md5'}
  >>> assert 'md4' in hashlib.algorithms_available
  >>> hashlib.new('md4', b"text")
  <md4 HASH object @ 0x7fc374058f30>
  >>> 
  ```

  But for Jammy it crashes:

  ```
  $ python3
  Python 3.10.4 (main, Apr  2 2022, 09:04:19) [GCC 11.2.0] on linux
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import hashlib
  >>> hashlib.algorithms_available
  {'sm3', 'sha512_224', 'md5-sha1', 'sha512_256', 'sha1', 'blake2s', 'sha3_512', 'sha3_224', 'sha384', 'ripemd160', 'whirlpool', 'md4', 'sha512', 'sha224', 'sha3_384', 'md5', 'shake_256', 'sha3_256', 'blake2b', 'sha256', 'shake_128'}
  >>> assert 'md4' in hashlib.algorithms_available
  >>> hashlib.new('md4', b"text")
  Traceback (most recent call last):
    File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
      return _hashlib.new(name, data, **kwargs)
  ValueError: [digital envelope routines] unsupported

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
      return __get_builtin_constructor(name)(data)
    File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
      raise ValueError('unsupported hash type ' + name)
  ValueError: unsupported hash type md4
  ```

  Ubuntu release: Ubuntu 22.04 LTS
  Python version:
  python3.10:
    Installed: 3.10.4-3
    Candidate: 3.10.4-3

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: python3.10 3.10.4-3
  ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30
  Uname: Linux 5.15.0-27-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Wed May  4 13:16:28 2022
  InstallationDate: Installed on 2022-05-04 (0 days ago)
  InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220421)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: python3.10
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.10/+bug/1971580/+subscriptions

More information about the foundations-bugs mailing list