Christian Heimes added the comment:
Your patch gets the work done, but it's even slower than my WIP patch set.
Hashing is a performance critical path. The new fetch() API in OpenSSL 3.0.0 is
substantially slower than the old OpenSSL 1.1.1 APIs.
Python 3.9 and earlier still support OpenSSL 1.
Florin Spătar added the comment:
I was able to get past this issue with minimal changes:
https://github.com/florinspatar/cpython/commit/3b16c65eb3e54c0be40413ebabf504356e303e8a
I see the issue you linked, handles multiple OpenSSL 3.0.0 problems.
AFAIK, python 3 no longer supports OpenSSL 1.0.2
Christian Heimes added the comment:
This is a known issue, see #40479. OpenSSL 3.0.0 new provider system requires a
major redesign of hashlib module's internals. It's not a trivial change. My
first attempt GH-19878 has some flaws and introduces a performance regression.
--
superseder
New submission from Florin Spătar :
I added christian.heimes to the nosy list; I hope that's OK
usedforsecurity flag is based on setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
flag. However this flag has no effect in OpenSSL 3.0.0.
[root@lambada ~]# /opt/opsware/bin/python3
Python 3.10.0 (
