Skip to content

0.17.0: pytest is failing #285

New issue
New issue
Open
Open
0.17.0: pytest is failing#285
Labels
not a bug
@kloczek

Description

@kloczek
kloczek
opened on Feb 11, 2022

I'm trying to package your module as an rpm package. So I'm using the typical PEP517 based build, install and test cycle used on building packages from non-root account.

  • python3 -sBm build -w --no-isolation
  • because I'm calling build with --no-isolation I'm using during all processes only locally installed modules
  • install .whl file in </install/prefix>
  • run pytest with PYTHONPATH pointing to sitearch and sitelib inside </install/prefix>

Here is pytest output:

+ PYTHONPATH=/home/tkloczko/rpmbuild/BUILDROOT/python-ecdsa-0.17.0-5.fc35.x86_64/usr/lib64/python3.8/site-packages:/home/tkloczko/rpmbuild/BUILDROOT/python-ecdsa-0.17.0-5.fc35.x86_64/usr/lib/python3.8/site-packages
+ /usr/bin/pytest -ra
=========================================================================== test session starts ============================================================================
platform linux -- Python 3.8.12, pytest-6.2.5, py-1.11.0, pluggy-1.0.0
rootdir: /home/tkloczko/rpmbuild/BUILD/python-ecdsa-python-ecdsa-0.17.0
plugins: hypothesis-6.36.0
collected 1464 items / 1 error / 1463 selected

================================================================================== ERRORS ==================================================================================
____________________________________________________________ ERROR collecting src/ecdsa/test_malformed_sigs.py _____________________________________________________________
/usr/lib64/python3.8/hashlib.py:157: in __hash_new
    return _hashlib.new(name, data)
E   ValueError: [digital envelope routines] initialization error

During handling of the above exception, another exception occurred:
src/ecdsa/test_malformed_sigs.py:41: in <module>
    hash_and_size = [
src/ecdsa/test_malformed_sigs.py:42: in <listcomp>
    (name, hashlib.new(name).digest_size) for name in algorithms_available
/usr/lib64/python3.8/hashlib.py:163: in __hash_new
    return __get_builtin_constructor(name)(data)
/usr/lib64/python3.8/hashlib.py:120: in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
E   ValueError: unsupported hash type whirlpool
========================================================================= short test summary info ==========================================================================
ERROR src/ecdsa/test_malformed_sigs.py - ValueError: unsupported hash type whirlpool
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Interrupted: 1 error during collection !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
============================================================================= 1 error in 1.17s =============================================================================

Activity

tomato42

tomato42 commented on Feb 11, 2022

@tomato42
tomato42
on Feb 11, 2022 · edited by tomato42
Member

That seems like a misconfigured environment.

The list of tested algorithms is taken from algorithms_available list:

python-ecdsa/src/ecdsa/test_malformed_sigs.py

Line 43 in 3b49fbe

(name, hashlib.new(name).digest_size) for name in algorithms_available

And that list is imported from hashlib:

python-ecdsa/src/ecdsa/test_malformed_sigs.py

Lines 5 to 15 in 3b49fbe

try:
from hashlib import algorithms_available
except ImportError: # pragma: no cover
algorithms_available = [
"md5",
"sha1",
"sha224",
"sha256",
"sha384",
"sha512",
]

the fallback doesn't include whirlpool...

So it's the hashlib module that provides incorrect information

tomato42

tomato42 commented on Feb 11, 2022

@tomato42
tomato42
on Feb 11, 2022
Member

Also, can't reproduce it on a clean Fedora 35 machine:

[root@fedora ~]# python3.8
Python 3.8.12 (default, Aug 30 2021, 00:00:00) 
[GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from hashlib import algorithms_available 
>>> algorithms_available
{'sha512_224', 'sha3_224', 'sha3_512', 'sm3', 'sha3_384', 'ripemd160', 'md5-sha1', 'sha512', 'sha256', 'sha224', 'sha512_256', 'sha1', 'blake2s', 'sha384', 'md4', 'whirlpool', 'md5', 'sha3_256', 'shake_128', 'blake2b', 'shake_256'}
>>> import hashlib
>>> a = {(name, hashlib.new(name).digest_size) for name in algorithms_available}
>>> a
{('blake2b', 64), ('sm3', 32), ('sha3_384', 48), ('blake2s', 32), ('md5-sha1', 36), ('md5', 16), ('shake_128', 0), ('sha512_256', 32), ('sha3_224', 28), ('sha256', 32), ('sha512_224', 28), ('sha512', 64), ('md4', 16), ('sha224', 28), ('sha3_256', 32), ('ripemd160', 20), ('sha384', 48), ('whirlpool', 64), ('sha1', 20), ('sha3_512', 64), ('shake_256', 0)}
kloczek

kloczek commented on Feb 14, 2022

@kloczek
kloczek
on Feb 14, 2022 · Hidden as abuse
Author
tomato42

tomato42 commented on Feb 14, 2022

@tomato42
tomato42
on Feb 14, 2022
Member

The compilation date is different... are you sure that you are using the distribution provided python?
Not some local version, compiled against openssl 3.0 instead of the 1.1.1 version?

kloczek

kloczek commented on Feb 15, 2022

@kloczek
kloczek
on Feb 15, 2022 · Hidden as abuse
Author
tomato42

tomato42 commented on Feb 15, 2022

@tomato42
tomato42
on Feb 15, 2022
Member

The issue is that algorithms like ripemd160 and whirlpool have been relegated to legacy provider in OpenSSL. That means that unless the legacy provider is explicitly loaded, they're not available. But Python should detect that and not list them as available.

I know that there have been quite a few changes around OpenSSL 3.0.0 compatibility: python/cpython#30455 so it's likely that not everything was backported to 3.8 branch.

In general, the upstream Python bug is still open: https://bugs.python.org/issue40479

tomato42
added
not a bug
on Feb 15, 2022
panlinux

panlinux commented on May 30, 2022

@panlinux
panlinux
on May 30, 2022

This is the python3 bug: python/cpython#91257

It has a few PRs listed in the comments, for different branches.

tomato42

tomato42 commented on Jun 25, 2022

@tomato42
tomato42
on Jun 25, 2022 · edited by tomato42
Member

For now I've filtered the problematic hashes in 82da89c, but we'll want to re-enable them in the future, when python fixes its bug.

kloczek

kloczek commented on Jun 25, 2022

@kloczek
kloczek
on Jun 25, 2022 · Hidden as abuse
Author
tomato42

tomato42 commented on Jun 25, 2022

@tomato42
tomato42
on Jun 25, 2022
Member

python/cpython#91257

kloczek

kloczek commented on Jul 9, 2022

@kloczek
kloczek
on Jul 9, 2022 · Hidden as abuse
Author
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    not a bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @tomato42@panlinux@kloczek

        Issue actions
          0.17.0: pytest is failing · Issue #285 · tlsfuzzer/python-ecdsa