hashlib suddenly broken
Ned Deily
nad at acm.org
Thu Sep 18 16:44:59 EDT 2014
In article
<CACwCsY7YfqRL-08qeywmYox8oQh5iwTcx_LCx5maaDzwsMDUeQ at mail.gmail.com>,
Larry Martell <larry.martell at gmail.com> wrote:
> On Thu, Sep 18, 2014 at 1:22 PM, Larry Martell <larry.martell at gmail.com>
> wrote:
> > On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano
> > <steve+comp.lang.python at pearwood.info> wrote:
> >> Larry Martell wrote:
> >>> I am on a mac running 10.8.5, python 2.7
> >>> Suddenly, many of my scripts started failing with:
> >>>
> >>> ValueError: unsupported hash type sha1
> >> [...]
> >>> This just started happening yesterday, and I cannot think of anything
> >>> that I've done that could cause this.
[...]
> > So you know how I could check and see if I have SHA-1 and when my SSL
> > was updated?
IIRC, the _sha1 extension module is only built for Python 2.7 if the
necessary OpenSSL libraries (libssl and libcrypto) are not available
when Python is built. They are available on OS X so, normally, you
won't see an _sha1.so with Pythons there. hashlib.py first tries to
import _hashlib.so and check that if it was built with the corresponding
OpenSSL API and then calls it. On OS X many Python builds, including
the Apple system Pythons and the python.org Pythons, are dynamically
linked to the system OpenSSL libs in /usr/lib. From your original post,
I'm assuming you are using the Apple-supplied system Python 2.7 on OS X
10.8.5. If so, you should see something like this:
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.8.5
BuildVersion: 12F45
$ /usr/bin/python2.7
Python 2.7.2 (default, Oct 11 2012, 20:14:37)
[GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on
darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import _hashlib
>>> dir(_hashlib)
['__doc__', '__file__', '__name__', '__package__', 'new', 'openssl_md5',
'openssl_sha1', 'openssl_sha224', 'openssl_sha256', 'openssl_sha384',
'openssl_sha512']
>>> _hashlib.__file__
'/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l
ib-dynload/_hashlib.so'
>>> ^D
$ otool -L
'/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l
ib-dynload/_hashlib.so'
/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/li
b-dynload/_hashlib.so:
/usr/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current
version 47.0.0)
/usr/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current
version 47.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
version 169.3.0)
$ ls -l /usr/lib/libssl.0.9.8.dylib
-rwxr-xr-x 1 root wheel 620848 Sep 18 13:13
/usr/lib/libssl.0.9.8.dylib
$ ls -l /usr/lib/libcrypto.0.9.8.dylib
-rwxr-xr-x 1 root wheel 2712368 Sep 18 13:13
/usr/lib/libcrypto.0.9.8.dylib
Note that this was taken *after* installing the latest 10.8.5 Security
Update for 10.8 (Security Update 2014-004,
http://support.apple.com/kb/ht6443) which was just released today; that
includes an updated OpenSSL. But, I tried this today just before
installing the update and it worked the same way, with older
modification dates. The python.org Python 2.7.x should look very
similar but with /Library/Frameworks paths instead of
/System/Library/Frameworks. Other Pythons (e.g. MacPorts or Homebrew)
may be using their own copies of OpenSSL libraries.
--
Ned Deily,
nad at acm.org
More information about the Python-list
mailing list