Re: hashlib suddenly broken

Path	csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsreader4.netcologne.de!news.netcologne.de!novso.com!newsfeed.xs4all.nl!newsfeed4a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path	<larry.martell@gmail.com>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.001
X-Spam-Evidence	'H': 1.00; 'S': 0.00; 'scripts': 0.03; 'root': 0.05; 'dynamically': 0.07; 'failing': 0.07; 'paths': 0.07; 'tries': 0.07; 'assuming': 0.09; 'output,': 0.09; 'skip:/ 10': 0.09; 'valueerror:': 0.09; 'api': 0.11; 'python': 0.11; '2.7': 0.14; "'__file__',": 0.16; '2.7.2': 0.16; 'files:': 0.16; 'libraries.': 0.16; 'normally,': 0.16; 'sha1': 0.16; 'skip:/ 70': 0.16; 'subject:broken': 0.16; 'suddenly,': 0.16; 'exception': 0.16; 'modification': 0.16; 'wrote:': 0.18; 'module': 0.19; 'thu,': 0.19; '>>>': 0.22; 'import': 0.22; 'to:name:python- list@python.org': 0.22; 'install': 0.23; 'ssl': 0.24; "i've": 0.25; 'extension': 0.26; 'this:': 0.26; 'header:In-Reply-To:1': 0.27; 'tried': 0.27; 'am,': 0.29; 'message-id:@mail.gmail.com': 0.30; 'skip:( 20': 0.30; "i'm": 0.30; "skip:' 10": 0.31; '4.0': 0.31; '>>>>': 0.31; "d'aprano": 0.31; 'larry': 0.31; 'libraries': 0.31; 'mod': 0.31; 'sep': 0.31; 'steven': 0.31; 'there.': 0.32; 'this.': 0.32; 'compatible': 0.32; 'python.org': 0.32; 'worked': 0.33; 'running': 0.33; '(e.g.': 0.33; 'mac': 0.33; 'older': 0.33; 'updated': 0.34; 'skip:_ 10': 0.34; 'could': 0.34; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'version': 0.36; 'dates': 0.36; 'installing': 0.36; 'url:support': 0.36; 'done': 0.36; 'similar': 0.36; 'should': 0.36; 'so,': 0.37; 'apple': 0.38; 'whatever': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'anything': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'first': 0.61; 'today': 0.64; 'more': 0.64; 'linked': 0.65; 'latest': 0.67; 'article': 0.77; 'restore': 0.78; '4.2.1': 0.84; 'missing.': 0.84; 'productname:': 0.84; 'skip:/ 30': 0.84; 'today;': 0.84; 'wheel': 0.84; '2013': 0.98
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=qv8rRTNDqzeZXZklwVDyOcbD0SHNN8hVdJLaquMIXoE=; b=xpHV1xnWanKV71SPWX/pmh510WpKg5rMpTUs7KNp550FOm14eJRZqKeSUiTxPBqsA6 UoPipNL8ifmqFMJ0E8dujrTF4K4H4dNgQkoO4VwDCKrK8R61vYuTA5no3Q0MqpKrE3iN ZlRqQUpLBrww2m7aIeIZ4opavkq6YfThTDbx5ZRE2QlP+mmzWMbw5SZKgPHFYsQ3+t2O 3T3vfIc5C+oGmj9xT3LGmJ4svEq3hMA4D5BUpYn5eK0xrYxvT0g3JXXMZd+oG+XbKCwI /UoDQbP742I9xWIYLjKMbpAjB1pvWDVFYkSKiYrs3VQWGDqJKkwOT9xlTRl4Vl2VAMxh gj/Q==
MIME-Version	1.0
X-Received	by 10.194.78.170 with SMTP id c10mr7897099wjx.22.1411076290384; Thu, 18 Sep 2014 14:38:10 -0700 (PDT)
In-Reply-To	<nad-728A79.13445918092014@news.gmane.org>
References	<mailman.14109.1411057681.18130.python-list@python.org> <541b1158$0$29967$c3e8da3$5496439d@news.astraweb.com> <CACwCsY7Q2SoZCr1w8k+fH=cV0zhfxBhyYDXJQZW5+VUus0k+5g@mail.gmail.com> <CACwCsY7YfqRL-08qeywmYox8oQh5iwTcx_LCx5maaDzwsMDUeQ@mail.gmail.com> <nad-728A79.13445918092014@news.gmane.org>
Date	Thu, 18 Sep 2014 15:38:10 -0600
Subject	Re: hashlib suddenly broken
From	Larry Martell <larry.martell@gmail.com>
To	"python-list@python.org" <python-list@python.org>
Content-Type	text/plain; charset=UTF-8
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.15
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list/>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.14127.1411076297.18130.python-list@python.org> (permalink)
Lines	92
NNTP-Posting-Host	2001:888:2000:d::a6
X-Trace	1411076297 news.xs4all.nl 2846 [2001:888:2000:d::a6]:41524
X-Complaints-To	abuse@xs4all.nl
Xref	csiph.com comp.lang.python:78047

Show key headers only | View raw

On Thu, Sep 18, 2014 at 2:44 PM, Ned Deily <nad@acm.org> wrote:
> In article
> <CACwCsY7YfqRL-08qeywmYox8oQh5iwTcx_LCx5maaDzwsMDUeQ@mail.gmail.com>,
>  Larry Martell <larry.martell@gmail.com> wrote:
>> On Thu, Sep 18, 2014 at 1:22 PM, Larry Martell <larry.martell@gmail.com>
>> wrote:
>> > On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano
>> > <steve+comp.lang.python@pearwood.info> wrote:
>> >> Larry Martell wrote:
>> >>> I am on a mac running 10.8.5, python 2.7
>> >>> Suddenly, many of my scripts started failing with:
>> >>>
>> >>> ValueError: unsupported hash type sha1
>> >> [...]
>> >>> This just started happening yesterday, and I cannot think of anything
>> >>> that I've done that could cause this.
> [...]
>> > So you know how I could check and see if I have SHA-1 and when my SSL
>> > was updated?
>
> IIRC, the _sha1 extension module is only built for Python 2.7 if the
> necessary OpenSSL libraries (libssl and libcrypto) are not available
> when Python is built.  They are available on OS X so, normally, you
> won't see an _sha1.so with Pythons there.  hashlib.py first tries to
> import _hashlib.so and check that if it was built with the corresponding
> OpenSSL API and then calls it.  On OS X many Python builds, including
> the Apple system Pythons and the python.org Pythons, are dynamically
> linked to the system OpenSSL libs in /usr/lib.  From your original post,
> I'm assuming you are using the Apple-supplied system Python 2.7 on OS X
> 10.8.5.

Yes, I am using the Apple-supplied system Python 2.7 on OS X 10.8.5.

> If so, you should see something like this:
>
> $ sw_vers
> ProductName:   Mac OS X
> ProductVersion:   10.8.5
> BuildVersion:  12F45
> $ /usr/bin/python2.7
> Python 2.7.2 (default, Oct 11 2012, 20:14:37)
> [GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on
> darwin
> Type "help", "copyright", "credits" or "license" for more information.
>>>> import _hashlib
>>>> dir(_hashlib)
> ['__doc__', '__file__', '__name__', '__package__', 'new', 'openssl_md5',
> 'openssl_sha1', 'openssl_sha224', 'openssl_sha256', 'openssl_sha384',
> 'openssl_sha512']
>>>> _hashlib.__file__
> '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l
> ib-dynload/_hashlib.so'
>>>> ^D
> $ otool -L
> '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l
> ib-dynload/_hashlib.so'
> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/li
> b-dynload/_hashlib.so:
>    /usr/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current
> version 47.0.0)
>    /usr/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current
> version 47.0.0)
>    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
> version 169.3.0)
> $ ls -l /usr/lib/libssl.0.9.8.dylib
> -rwxr-xr-x  1 root  wheel  620848 Sep 18 13:13
> /usr/lib/libssl.0.9.8.dylib
> $ ls -l /usr/lib/libcrypto.0.9.8.dylib
> -rwxr-xr-x  1 root  wheel  2712368 Sep 18 13:13
> /usr/lib/libcrypto.0.9.8.dylib

I get identical output, with the exception of the mod dates on those 2 files:

$ ls -l /usr/lib/libssl.0.9.8.dylib
-rwxr-xr-x  1 root  wheel  620768 Sep 19  2013 /usr/lib/libssl.0.9.8.dylib
$ ls -l /usr/lib/libcrypto.0.9.8.dylib
-rwxr-xr-x  1 root  wheel  2724720 Sep 19  2013 /usr/lib/libcrypto.0.9.8.dylib

> Note that this was taken *after* installing the latest 10.8.5 Security
> Update for 10.8 (Security Update 2014-004,
> http://support.apple.com/kb/ht6443) which was just released today; that
> includes an updated OpenSSL.

Do you think I should install this update? Perhaps that would restore
whatever is missing.

> But, I tried this today just before
> installing the update and it worked the same way, with older
> modification dates.  The python.org Python 2.7.x should look very
> similar but with /Library/Frameworks paths instead of
> /System/Library/Frameworks.  Other Pythons (e.g. MacPorts or Homebrew)
> may be using their own copies of OpenSSL libraries.

Thread

hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 10:27 -0600
  Re: hashlib suddenly broken John Gordon <gordon@panix.com> - 2014-09-18 16:47 +0000
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:18 -0600
      Re: hashlib suddenly broken John Gordon <gordon@panix.com> - 2014-09-18 20:21 +0000
        Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:30 -0600
  Re: hashlib suddenly broken Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-09-19 03:07 +1000
    Re: hashlib suddenly broken Chris Angelico <rosuav@gmail.com> - 2014-09-19 03:18 +1000
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:22 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:23 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:46 -0600
    Re: hashlib suddenly broken Ned Deily <nad@acm.org> - 2014-09-18 13:44 -0700
    Re: hashlib suddenly broken Christian Heimes <christian@python.org> - 2014-09-18 22:49 +0200
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:38 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:39 -0600
    Re: hashlib suddenly broken Christian Heimes <christian@python.org> - 2014-09-19 00:17 +0200
    Re: hashlib suddenly broken Ned Deily <nad@acm.org> - 2014-09-18 15:19 -0700
      Re: hashlib suddenly broken Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-09-19 15:00 +1000
        Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-19 09:09 -0600

csiph-web