Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #78047

Re: hashlib suddenly broken

Show all headers | View raw

On Thu, Sep 18, 2014 at 2:44 PM, Ned Deily <nad@acm.org> wrote:
> In article
> <CACwCsY7YfqRL-08qeywmYox8oQh5iwTcx_LCx5maaDzwsMDUeQ@mail.gmail.com>,
>  Larry Martell <larry.martell@gmail.com> wrote:
>> On Thu, Sep 18, 2014 at 1:22 PM, Larry Martell <larry.martell@gmail.com>
>> wrote:
>> > On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano
>> > <steve+comp.lang.python@pearwood.info> wrote:
>> >> Larry Martell wrote:
>> >>> I am on a mac running 10.8.5, python 2.7
>> >>> Suddenly, many of my scripts started failing with:
>> >>>
>> >>> ValueError: unsupported hash type sha1
>> >> [...]
>> >>> This just started happening yesterday, and I cannot think of anything
>> >>> that I've done that could cause this.
> [...]
>> > So you know how I could check and see if I have SHA-1 and when my SSL
>> > was updated?
>
> IIRC, the _sha1 extension module is only built for Python 2.7 if the
> necessary OpenSSL libraries (libssl and libcrypto) are not available
> when Python is built.  They are available on OS X so, normally, you
> won't see an _sha1.so with Pythons there.  hashlib.py first tries to
> import _hashlib.so and check that if it was built with the corresponding
> OpenSSL API and then calls it.  On OS X many Python builds, including
> the Apple system Pythons and the python.org Pythons, are dynamically
> linked to the system OpenSSL libs in /usr/lib.  From your original post,
> I'm assuming you are using the Apple-supplied system Python 2.7 on OS X
> 10.8.5.

Yes, I am using the Apple-supplied system Python 2.7 on OS X 10.8.5.

> If so, you should see something like this:
>
> $ sw_vers
> ProductName:   Mac OS X
> ProductVersion:   10.8.5
> BuildVersion:  12F45
> $ /usr/bin/python2.7
> Python 2.7.2 (default, Oct 11 2012, 20:14:37)
> [GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on
> darwin
> Type "help", "copyright", "credits" or "license" for more information.
>>>> import _hashlib
>>>> dir(_hashlib)
> ['__doc__', '__file__', '__name__', '__package__', 'new', 'openssl_md5',
> 'openssl_sha1', 'openssl_sha224', 'openssl_sha256', 'openssl_sha384',
> 'openssl_sha512']
>>>> _hashlib.__file__
> '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l
> ib-dynload/_hashlib.so'
>>>> ^D
> $ otool -L
> '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/l
> ib-dynload/_hashlib.so'
> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/li
> b-dynload/_hashlib.so:
>    /usr/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current
> version 47.0.0)
>    /usr/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current
> version 47.0.0)
>    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
> version 169.3.0)
> $ ls -l /usr/lib/libssl.0.9.8.dylib
> -rwxr-xr-x  1 root  wheel  620848 Sep 18 13:13
> /usr/lib/libssl.0.9.8.dylib
> $ ls -l /usr/lib/libcrypto.0.9.8.dylib
> -rwxr-xr-x  1 root  wheel  2712368 Sep 18 13:13
> /usr/lib/libcrypto.0.9.8.dylib

I get identical output, with the exception of the mod dates on those 2 files:

$ ls -l /usr/lib/libssl.0.9.8.dylib
-rwxr-xr-x  1 root  wheel  620768 Sep 19  2013 /usr/lib/libssl.0.9.8.dylib
$ ls -l /usr/lib/libcrypto.0.9.8.dylib
-rwxr-xr-x  1 root  wheel  2724720 Sep 19  2013 /usr/lib/libcrypto.0.9.8.dylib

> Note that this was taken *after* installing the latest 10.8.5 Security
> Update for 10.8 (Security Update 2014-004,
> http://support.apple.com/kb/ht6443) which was just released today; that
> includes an updated OpenSSL.

Do you think I should install this update? Perhaps that would restore
whatever is missing.

> But, I tried this today just before
> installing the update and it worked the same way, with older
> modification dates.  The python.org Python 2.7.x should look very
> similar but with /Library/Frameworks paths instead of
> /System/Library/Frameworks.  Other Pythons (e.g. MacPorts or Homebrew)
> may be using their own copies of OpenSSL libraries.

Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread

Thread

hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 10:27 -0600
  Re: hashlib suddenly broken John Gordon <gordon@panix.com> - 2014-09-18 16:47 +0000
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:18 -0600
      Re: hashlib suddenly broken John Gordon <gordon@panix.com> - 2014-09-18 20:21 +0000
        Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:30 -0600
  Re: hashlib suddenly broken Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-09-19 03:07 +1000
    Re: hashlib suddenly broken Chris Angelico <rosuav@gmail.com> - 2014-09-19 03:18 +1000
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:22 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:23 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:46 -0600
    Re: hashlib suddenly broken Ned Deily <nad@acm.org> - 2014-09-18 13:44 -0700
    Re: hashlib suddenly broken Christian Heimes <christian@python.org> - 2014-09-18 22:49 +0200
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:38 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:39 -0600
    Re: hashlib suddenly broken Christian Heimes <christian@python.org> - 2014-09-19 00:17 +0200
    Re: hashlib suddenly broken Ned Deily <nad@acm.org> - 2014-09-18 15:19 -0700
      Re: hashlib suddenly broken Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-09-19 15:00 +1000
        Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-19 09:09 -0600

csiph-web