On 9/25/22 21:14, Sebastian Andrzej Siewior wrote:
See the man page for OSSL_PROVIDER-legacy.
Having to add a the extra option -provider legacy breaks otherwise flawless existing software.
There are no good reasons to break openssl dgst -rmd160, since RIPEMD160 is a hash algorithm with still good security properties. It is used by a lot of crypto software (e.g. BitCoin...) Here is how this breaks Python's HashLib:
$ python
Python 3.10.7 (main, Sep 8 2022, 14:34:29) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> h = hashlib.new('ripemd160')
Traceback (most recent call last):
File "/usr/lib/python3.10/hashlib.py", line 160, in __hash_new
return _hashlib.new(name, data, **kwargs)
ValueError: [digital envelope routines] unsupported
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/hashlib.py", line 166, in __hash_new
return __get_builtin_constructor(name)(data)
File "/usr/lib/python3.10/hashlib.py", line 123, in
__get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type ripemd160
-richy.
--
Richard B. Kreckel
<https://in.terlu.de/~kreckel/>
OpenPGP_signature
Description: OpenPGP digital signature
