Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!hq-usenetpeers.eweka.nl!hq-usenetpeers.eweka.nl!xlned.com!feeder7.xlned.com!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!news.tele.dk!news.tele.dk!small.news.tele.dk!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'scripts': 0.03; 'root': 0.05; 'dynamically': 0.07; 'failing': 0.07; 'paths': 0.07; 'tries': 0.07; 'assuming': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'skip:/ 10': 0.09; 'valueerror:': 0.09; 'api': 0.11; 'python': 0.11; '2.7': 0.14; "'__file__',": 0.16; '2.7.2': 0.16; 'libraries.': 0.16; 'normally,': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'sha1': 0.16; 'skip:/ 70': 0.16; 'subject:broken': 0.16; 'suddenly,': 0.16; 'modification': 0.16; 'wrote:': 0.18; 'module': 0.19; 'thu,': 0.19; '>>>': 0.22; 'import': 0.22; 'header:User- Agent:1': 0.23; 'ssl': 0.24; "i've": 0.25; 'extension': 0.26; 'this:': 0.26; 'header:X-Complaints-To:1': 0.27; 'tried': 0.27; 'am,': 0.29; 'skip:( 20': 0.30; "i'm": 0.30; "skip:' 10": 0.31; '4.0': 0.31; "d'aprano": 0.31; 'larry': 0.31; 'libraries': 0.31; 'sep': 0.31; 'steven': 0.31; 'there.': 0.32; 'this.': 0.32; 'compatible': 0.32; 'python.org': 0.32; 'worked': 0.33; 'running': 0.33; '(e.g.': 0.33; 'mac': 0.33; 'older': 0.33; 'updated': 0.34; 'skip:_ 10': 0.34; 'could': 0.34; 'something': 0.35; 'but': 0.35; 'version': 0.36; 'installing': 0.36; 'url:support': 0.36; 'done': 0.36; 'charset:us-ascii': 0.36; 'similar': 0.36; 'should': 0.36; 'so,': 0.37; 'apple': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'anything': 0.39; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'how': 0.40; 'first': 0.61; 'today': 0.64; 'more': 0.64; 'linked': 0.65; 'latest': 0.67; 'received:204': 0.75; 'article': 0.77; '4.2.1': 0.84; 'productname:': 0.84; 'received:204.14': 0.84; 'skip:/ 30': 0.84; 'today;': 0.84; 'wheel': 0.84 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Ned Deily Subject: Re: hashlib suddenly broken Date: Thu, 18 Sep 2014 13:44:59 -0700 References: <541b1158$0$29967$c3e8da3$5496439d@news.astraweb.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: 204.14.154.216 User-Agent: MT-NewsWatcher/3.5.3b3 (Intel Mac OS X) X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 80 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1411073125 news.xs4all.nl 2941 [2001:888:2000:d::a6]:54661 X-Complaints-To: abuse@xs4all.nl X-Received-Bytes: 7047 X-Received-Body-CRC: 614318769 Xref: csiph.com comp.lang.python:78044 In article , Larry Martell wrote: > On Thu, Sep 18, 2014 at 1:22 PM, Larry Martell > wrote: > > On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano > > wrote: > >> Larry Martell wrote: > >>> I am on a mac running 10.8.5, python 2.7 > >>> Suddenly, many of my scripts started failing with: > >>> > >>> ValueError: unsupported hash type sha1 > >> [...] > >>> This just started happening yesterday, and I cannot think of anything > >>> that I've done that could cause this. [...] > > So you know how I could check and see if I have SHA-1 and when my SSL > > was updated? IIRC, the _sha1 extension module is only built for Python 2.7 if the necessary OpenSSL libraries (libssl and libcrypto) are not available when Python is built. They are available on OS X so, normally, you won't see an _sha1.so with Pythons there. hashlib.py first tries to import _hashlib.so and check that if it was built with the corresponding OpenSSL API and then calls it. On OS X many Python builds, including the Apple system Pythons and the python.org Pythons, are dynamically linked to the system OpenSSL libs in /usr/lib. From your original post, I'm assuming you are using the Apple-supplied system Python 2.7 on OS X 10.8.5. If so, you should see something like this: $ sw_vers ProductName: Mac OS X ProductVersion: 10.8.5 BuildVersion: 12F45 $ /usr/bin/python2.7 Python 2.7.2 (default, Oct 11 2012, 20:14:37) [GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import _hashlib >>> dir(_hashlib) ['__doc__', '__file__', '__name__', '__package__', 'new', 'openssl_md5', 'openssl_sha1', 'openssl_sha224', 'openssl_sha256', 'openssl_sha384', 'openssl_sha512'] >>> _hashlib.__file__ '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l ib-dynload/_hashlib.so' >>> ^D $ otool -L '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l ib-dynload/_hashlib.so' /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/li b-dynload/_hashlib.so: /usr/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current version 47.0.0) /usr/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current version 47.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 169.3.0) $ ls -l /usr/lib/libssl.0.9.8.dylib -rwxr-xr-x 1 root wheel 620848 Sep 18 13:13 /usr/lib/libssl.0.9.8.dylib $ ls -l /usr/lib/libcrypto.0.9.8.dylib -rwxr-xr-x 1 root wheel 2712368 Sep 18 13:13 /usr/lib/libcrypto.0.9.8.dylib Note that this was taken *after* installing the latest 10.8.5 Security Update for 10.8 (Security Update 2014-004, http://support.apple.com/kb/ht6443) which was just released today; that includes an updated OpenSSL. But, I tried this today just before installing the update and it worked the same way, with older modification dates. The python.org Python 2.7.x should look very similar but with /Library/Frameworks paths instead of /System/Library/Frameworks. Other Pythons (e.g. MacPorts or Homebrew) may be using their own copies of OpenSSL libraries. -- Ned Deily, nad@acm.org