On 9/25/22 21:14, Sebastian Andrzej Siewior wrote:
See the man page for OSSL_PROVIDER-legacy.
Having to add a the extra option -provider legacy breaks otherwise flawless existing software.
There are no good reasons to break openssl dgst -rmd160, since RIPEMD160 is a hash algorithm with still good security properties. It is used by a lot of crypto software (e.g. BitCoin...) Here is how this breaks Python's HashLib:
$ python Python 3.10.7 (main, Sep 8 2022, 14:34:29) [GCC 12.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import hashlib >>> h = hashlib.new('ripemd160') Traceback (most recent call last): File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new return _hashlib.new(name, data, **kwargs) ValueError: [digital envelope routines] unsupported During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new return __get_builtin_constructor(name)(data)File "/usr/lib/python3.10/hashlib.py", line 123, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type ripemd160 -richy. -- Richard B. Kreckel <https://in.terlu.de/~kreckel/>
OpenPGP_signature
Description: OpenPGP digital signature