Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!ecngs!feeder2.ecngs.de!novso.com!newsfeed.xs4all.nl!newsfeed4a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <christian@python.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=python.org; s=200901; t=1411073378; bh=NSDsuBrZDu4fWtOCMssH5eFzuBFgpilfuFH3h8nxca4=; h=Date:From:To:Subject:References:In-Reply-To:From; b=Ndin5MSDFVdQXwPjJb6NSCT7fjIklQ/+wVGJjxtC1R7EAP1xyYAGRs6Pn3j4MQSM1 ajjbJC0SDHHZ7IEW/6lFSxpj8HSGh9Ay4kNuhbBr+CQddySUrsX9oEtMBcxgFwpBJN 5iNOVmIBJTOaOB7dS5WR1ntSlzPp3n9MiHMpXH+c=
Date: Thu, 18 Sep 2014 22:49:35 +0200
From: Christian Heimes <christian@python.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1
MIME-Version: 1.0
To: Larry Martell <larry.martell@gmail.com>, "python-list@python.org" <python-list@python.org>
Subject: Re: hashlib suddenly broken
References: <mailman.14109.1411057681.18130.python-list@python.org> <541b1158$0$29967$c3e8da3$5496439d@news.astraweb.com> <CAPTjJmrRpkWfkOKVaDQXCJ4cB1KXxKc2F9DLAV2es=dEKfhkyQ@mail.gmail.com> <CACwCsY5kG9AyE9V8SAC09mg=WqX8JZhCoKy7bxkVc0QJBPWQGw@mail.gmail.com>
In-Reply-To: <CACwCsY5kG9AyE9V8SAC09mg=WqX8JZhCoKy7bxkVc0QJBPWQGw@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.14125.1411073379.18130.python-list@python.org>
Lines: 31
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1411073379 news.xs4all.nl 2943 [2001:888:2000:d::a6]:57303
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:78045

On 18.09.2014 21:23, Larry Martell wrote:
> On Thu, Sep 18, 2014 at 11:18 AM, Chris Angelico <rosuav@gmail.com> wrote:
>> On Fri, Sep 19, 2014 at 3:07 AM, Steven D'Aprano
>> <steve+comp.lang.python@pearwood.info> wrote:
>>> but I expect that's probably not where the problem lies. My *wild guess* is
>>> that your system updated SSL, and removed some underlying SHA-1 library
>>> needed by hashlib. SHA-1 is pretty old, and there is now a known attack on
>>> it, so some over-zealous security update may have removed it.
>>
>> Or, more likely, the actual code for sha1 is imported from somewhere
>> else, and *that* module is what's been shadowed. What happens if you
>> change directory to something with absolutely no .py files in it, then
>> start interactive Python and try importing hashlib? Maybe you have an
>> openssl.py or something.
> 
> I still get the same error.

The Python's implementation of SHA-1 either comes from _hashlib (which
wraps OpenSSL) or from _sha (which uses code from LibTomCrypt and
doesn't require external dependencies. Python 2.7 doesn't have a _sha
module if OpenSSL is available at compile time.

Please try to import _hashlib and see what happens. On Linux:

>>> import _hashlib
>>> _hashlib.__file__
'/usr/lib/python2.7/lib-dynload/_hashlib.x86_64-linux-gnu.so'
>>> _hashlib.openssl_sha1()
<sha1 HASH object @ 0x7eff3e5a8300>
>>> _hashlib.openssl_sha1().hexdigest()
'da39a3ee5e6b4b0d3255bfef95601890afd80709'