hashlib suddenly broken
Christian Heimes
christian at python.org
Thu Sep 18 16:49:35 EDT 2014
On 18.09.2014 21:23, Larry Martell wrote:
> On Thu, Sep 18, 2014 at 11:18 AM, Chris Angelico <rosuav at gmail.com> wrote:
>> On Fri, Sep 19, 2014 at 3:07 AM, Steven D'Aprano
>> <steve+comp.lang.python at pearwood.info> wrote:
>>> but I expect that's probably not where the problem lies. My *wild guess* is
>>> that your system updated SSL, and removed some underlying SHA-1 library
>>> needed by hashlib. SHA-1 is pretty old, and there is now a known attack on
>>> it, so some over-zealous security update may have removed it.
>>
>> Or, more likely, the actual code for sha1 is imported from somewhere
>> else, and *that* module is what's been shadowed. What happens if you
>> change directory to something with absolutely no .py files in it, then
>> start interactive Python and try importing hashlib? Maybe you have an
>> openssl.py or something.
>
> I still get the same error.
The Python's implementation of SHA-1 either comes from _hashlib (which
wraps OpenSSL) or from _sha (which uses code from LibTomCrypt and
doesn't require external dependencies. Python 2.7 doesn't have a _sha
module if OpenSSL is available at compile time.
Please try to import _hashlib and see what happens. On Linux:
>>> import _hashlib
>>> _hashlib.__file__
'/usr/lib/python2.7/lib-dynload/_hashlib.x86_64-linux-gnu.so'
>>> _hashlib.openssl_sha1()
<sha1 HASH object @ 0x7eff3e5a8300>
>>> _hashlib.openssl_sha1().hexdigest()
'da39a3ee5e6b4b0d3255bfef95601890afd80709'
More information about the Python-list
mailing list