Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed2a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <larry.martell@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.003
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'importing': 0.05; 'happens.': 0.09; 'imported': 0.09; 'valueerror:': 0.09; 'python': 0.11; '2.7': 0.14; '.py': 0.16; '2.7.2': 0.16; '_sha': 0.16; 'sha1': 0.16; "skip:' 60": 0.16; 'ssl,': 0.16; 'subject:broken': 0.16; 'underlying': 0.16; 'wraps': 0.16; 'wrote:': 0.18; 'library': 0.18; 'module': 0.19; 'else,': 0.19; "python's": 0.19; 'thu,': 0.19; '>>>': 0.22; 'import': 0.22; 'to:name:python- list@python.org': 0.22; 'somewhere': 0.26; 'skip:_ 20': 0.27; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'external': 0.29; 'am,': 0.29; "doesn't": 0.30; 'message-id:@mail.gmail.com': 0.30; 'skip:( 20': 0.30; '(which': 0.31; 'code': 0.31; '"",': 0.31; '4.0': 0.31; '>>>>': 0.31; "d'aprano": 0.31; 'larry': 0.31; 'sep': 0.31; "skip:' 40": 0.31; 'steven': 0.31; 'file': 0.32; 'probably': 0.32; 'compatible': 0.32; '(most': 0.33; 'fri,': 0.33; 'actual': 0.34; 'updated': 0.34; 'skip:_ 10': 0.34; 'maybe': 0.34; 'problem': 0.35; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'error.': 0.37; 'christian': 0.38; 'apple': 0.38; 'needed': 0.38; 'to:addr:python- list': 0.38; 'files': 0.38; 'pm,': 0.38; 'recent': 0.39; 'skip:_ 30': 0.39; 'expect': 0.39; 'to:addr:python.org': 0.39; 'either': 0.39; 'more': 0.64; '4.2.1': 0.84; 'old,': 0.85; 'absolutely': 0.87
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=s0DZIZZ9/JdRbTCUI3pVE+d/E7uhslVDlcMwlRvLgo8=; b=o5nfJRsuf1hySo6froJECfhD0lSdS2O0/p90dUMip23OeD/GdIVnL4r2gqCf9HJ7Nq SSquJxqHScf21e9fb8fHyhDEOD7Gvn1zS/qvW3r0GHq6qHij0sgE797XDVvKTrpw16Xs mTBeQxA4p9ewfQt15pvOOebfpTCHj85J0crlQrMJbAliwOohIrtKI2mJtqeL8Tg9Be+G PD6M7cRy/2Czv5BOHAOa0cnwGlg+gAtOjjZwkCJDZjXAHAJ8Ctsob2HTrCffyEhmblHX mDHGWC7M6XLBhirGaTRCePmMwJBdOLcQeGA73kkSH5ucR6l8WboM2AYVfaHgQtnaytNg EWiw==
MIME-Version: 1.0
X-Received: by 10.194.78.243 with SMTP id e19mr25670wjx.119.1411076394771; Thu, 18 Sep 2014 14:39:54 -0700 (PDT)
In-Reply-To: <541B455F.3040401@python.org>
References: <mailman.14109.1411057681.18130.python-list@python.org> <541b1158$0$29967$c3e8da3$5496439d@news.astraweb.com> <CAPTjJmrRpkWfkOKVaDQXCJ4cB1KXxKc2F9DLAV2es=dEKfhkyQ@mail.gmail.com> <CACwCsY5kG9AyE9V8SAC09mg=WqX8JZhCoKy7bxkVc0QJBPWQGw@mail.gmail.com> <541B455F.3040401@python.org>
Date: Thu, 18 Sep 2014 15:39:54 -0600
Subject: Re: hashlib suddenly broken
From: Larry Martell <larry.martell@gmail.com>
To: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.14128.1411076401.18130.python-list@python.org>
Lines: 49
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1411076401 news.xs4all.nl 2918 [2001:888:2000:d::a6]:43584
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:78048

On Thu, Sep 18, 2014 at 2:49 PM, Christian Heimes <christian@python.org> wrote:
> On 18.09.2014 21:23, Larry Martell wrote:
>> On Thu, Sep 18, 2014 at 11:18 AM, Chris Angelico <rosuav@gmail.com> wrote:
>>> On Fri, Sep 19, 2014 at 3:07 AM, Steven D'Aprano
>>> <steve+comp.lang.python@pearwood.info> wrote:
>>>> but I expect that's probably not where the problem lies. My *wild guess* is
>>>> that your system updated SSL, and removed some underlying SHA-1 library
>>>> needed by hashlib. SHA-1 is pretty old, and there is now a known attack on
>>>> it, so some over-zealous security update may have removed it.
>>>
>>> Or, more likely, the actual code for sha1 is imported from somewhere
>>> else, and *that* module is what's been shadowed. What happens if you
>>> change directory to something with absolutely no .py files in it, then
>>> start interactive Python and try importing hashlib? Maybe you have an
>>> openssl.py or something.
>>
>> I still get the same error.
>
> The Python's implementation of SHA-1 either comes from _hashlib (which
> wraps OpenSSL) or from _sha (which uses code from LibTomCrypt and
> doesn't require external dependencies. Python 2.7 doesn't have a _sha
> module if OpenSSL is available at compile time.
>
> Please try to import _hashlib and see what happens. On Linux:
>
>>>> import _hashlib
>>>> _hashlib.__file__
> '/usr/lib/python2.7/lib-dynload/_hashlib.x86_64-linux-gnu.so'
>>>> _hashlib.openssl_sha1()
> <sha1 HASH object @ 0x7eff3e5a8300>
>>>> _hashlib.openssl_sha1().hexdigest()
> 'da39a3ee5e6b4b0d3255bfef95601890afd80709'


$ python
Python 2.7.2 (default, Oct 11 2012, 20:14:37)
[GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import _hashlib
>>> _hashlib.__file__
'/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-dynload/_hashlib.so'
>>> _hashlib.openssl_sha1()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: unsupported hash type
>>> _hashlib.openssl_sha1().hexdigest()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: unsupported hash type