hashlib suddenly broken

Larry Martell larry.martell at gmail.com
Thu Sep 18 17:39:54 EDT 2014 

On Thu, Sep 18, 2014 at 2:49 PM, Christian Heimes <christian at python.org> wrote:
> On 18.09.2014 21:23, Larry Martell wrote:
>> On Thu, Sep 18, 2014 at 11:18 AM, Chris Angelico <rosuav at gmail.com> wrote:
>>> On Fri, Sep 19, 2014 at 3:07 AM, Steven D'Aprano
>>> <steve+comp.lang.python at pearwood.info> wrote:
>>>> but I expect that's probably not where the problem lies. My *wild guess* is
>>>> that your system updated SSL, and removed some underlying SHA-1 library
>>>> needed by hashlib. SHA-1 is pretty old, and there is now a known attack on
>>>> it, so some over-zealous security update may have removed it.
>>>
>>> Or, more likely, the actual code for sha1 is imported from somewhere
>>> else, and *that* module is what's been shadowed. What happens if you
>>> change directory to something with absolutely no .py files in it, then
>>> start interactive Python and try importing hashlib? Maybe you have an
>>> openssl.py or something.
>>
>> I still get the same error.
>
> The Python's implementation of SHA-1 either comes from _hashlib (which
> wraps OpenSSL) or from _sha (which uses code from LibTomCrypt and
> doesn't require external dependencies. Python 2.7 doesn't have a _sha
> module if OpenSSL is available at compile time.
>
> Please try to import _hashlib and see what happens. On Linux:
>
>>>> import _hashlib
>>>> _hashlib.__file__
> '/usr/lib/python2.7/lib-dynload/_hashlib.x86_64-linux-gnu.so'
>>>> _hashlib.openssl_sha1()
> <sha1 HASH object @ 0x7eff3e5a8300>
>>>> _hashlib.openssl_sha1().hexdigest()
> 'da39a3ee5e6b4b0d3255bfef95601890afd80709'


$ python
Python 2.7.2 (default, Oct 11 2012, 20:14:37)
[GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import _hashlib
>>> _hashlib.__file__
'/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-dynload/_hashlib.so'
>>> _hashlib.openssl_sha1()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: unsupported hash type
>>> _hashlib.openssl_sha1().hexdigest()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: unsupported hash type

More information about the Python-list mailing list