hashlib suddenly broken
Larry Martell
larry.martell at gmail.com
Thu Sep 18 17:38:10 EDT 2014
On Thu, Sep 18, 2014 at 2:44 PM, Ned Deily <nad at acm.org> wrote:
> In article
> <CACwCsY7YfqRL-08qeywmYox8oQh5iwTcx_LCx5maaDzwsMDUeQ at mail.gmail.com>,
> Larry Martell <larry.martell at gmail.com> wrote:
>> On Thu, Sep 18, 2014 at 1:22 PM, Larry Martell <larry.martell at gmail.com>
>> wrote:
>> > On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano
>> > <steve+comp.lang.python at pearwood.info> wrote:
>> >> Larry Martell wrote:
>> >>> I am on a mac running 10.8.5, python 2.7
>> >>> Suddenly, many of my scripts started failing with:
>> >>>
>> >>> ValueError: unsupported hash type sha1
>> >> [...]
>> >>> This just started happening yesterday, and I cannot think of anything
>> >>> that I've done that could cause this.
> [...]
>> > So you know how I could check and see if I have SHA-1 and when my SSL
>> > was updated?
>
> IIRC, the _sha1 extension module is only built for Python 2.7 if the
> necessary OpenSSL libraries (libssl and libcrypto) are not available
> when Python is built. They are available on OS X so, normally, you
> won't see an _sha1.so with Pythons there. hashlib.py first tries to
> import _hashlib.so and check that if it was built with the corresponding
> OpenSSL API and then calls it. On OS X many Python builds, including
> the Apple system Pythons and the python.org Pythons, are dynamically
> linked to the system OpenSSL libs in /usr/lib. From your original post,
> I'm assuming you are using the Apple-supplied system Python 2.7 on OS X
> 10.8.5.
Yes, I am using the Apple-supplied system Python 2.7 on OS X 10.8.5.
> If so, you should see something like this:
>
> $ sw_vers
> ProductName: Mac OS X
> ProductVersion: 10.8.5
> BuildVersion: 12F45
> $ /usr/bin/python2.7
> Python 2.7.2 (default, Oct 11 2012, 20:14:37)
> [GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on
> darwin
> Type "help", "copyright", "credits" or "license" for more information.
>>>> import _hashlib
>>>> dir(_hashlib)
> ['__doc__', '__file__', '__name__', '__package__', 'new', 'openssl_md5',
> 'openssl_sha1', 'openssl_sha224', 'openssl_sha256', 'openssl_sha384',
> 'openssl_sha512']
>>>> _hashlib.__file__
> '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l
> ib-dynload/_hashlib.so'
>>>> ^D
> $ otool -L
> '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l
> ib-dynload/_hashlib.so'
> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/li
> b-dynload/_hashlib.so:
> /usr/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current
> version 47.0.0)
> /usr/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current
> version 47.0.0)
> /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
> version 169.3.0)
> $ ls -l /usr/lib/libssl.0.9.8.dylib
> -rwxr-xr-x 1 root wheel 620848 Sep 18 13:13
> /usr/lib/libssl.0.9.8.dylib
> $ ls -l /usr/lib/libcrypto.0.9.8.dylib
> -rwxr-xr-x 1 root wheel 2712368 Sep 18 13:13
> /usr/lib/libcrypto.0.9.8.dylib
I get identical output, with the exception of the mod dates on those 2 files:
$ ls -l /usr/lib/libssl.0.9.8.dylib
-rwxr-xr-x 1 root wheel 620768 Sep 19 2013 /usr/lib/libssl.0.9.8.dylib
$ ls -l /usr/lib/libcrypto.0.9.8.dylib
-rwxr-xr-x 1 root wheel 2724720 Sep 19 2013 /usr/lib/libcrypto.0.9.8.dylib
> Note that this was taken *after* installing the latest 10.8.5 Security
> Update for 10.8 (Security Update 2014-004,
> http://support.apple.com/kb/ht6443) which was just released today; that
> includes an updated OpenSSL.
Do you think I should install this update? Perhaps that would restore
whatever is missing.
> But, I tried this today just before
> installing the update and it worked the same way, with older
> modification dates. The python.org Python 2.7.x should look very
> similar but with /Library/Frameworks paths instead of
> /System/Library/Frameworks. Other Pythons (e.g. MacPorts or Homebrew)
> may be using their own copies of OpenSSL libraries.
More information about the Python-list
mailing list