1295459 – python-2.7.5-34 breaks hashlib (md4)

Bug 1295459 - python-2.7.5-34 breaks hashlib (md4)

Summary: python-2.7.5-34 breaks hashlib (md4)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	python
Sub Component:
Version:	7.1
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Charalampos Stratakis
QA Contact:	Branislav Náter
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1316629 (view as bug list)
Depends On:
Blocks:	1203710 1289025 1305230
TreeView+	depends on / blocked

Reported:	2016-01-04 15:15 UTC by Thomas Lang
Modified:	2019-12-16 05:14 UTC (History)
CC List:	10 users (show)
Fixed In Version:	python-2.7.5-38.el7
Doc Type:	Bug Fix
Doc Text:	Cause: Uninitialized function in _hashlib library Consequence: Some hashlib algorithms do not work Fix: Initialize OpenSSL_add_all_digests function in _hashlib library Result: Hashlib algorithms work
Clone Of:
Clones:	1318319 1371132 (view as bug list)
Environment:
Last Closed:	2016-11-03 20:15:52 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Initialize OpenSSL_add_all_digests in _hashlib (484 bytes, patch) 2016-01-05 10:05 UTC, Robert Kuska	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	2572551	0	None	None	None	2016-08-25 13:11:16 UTC
Red Hat Product Errata	RHSA-2016:2586	0	normal	SHIPPED_LIVE	Low: python security, bug fix, and enhancement update	2016-11-03 12:09:15 UTC

Description Thomas Lang 2016-01-04 15:15:08 UTC

We have updated our Python from python-2.7.5-18 to python-2.7.5-34, which breaks some hashlib algorithms (md4).

Python 2.7.5-18:
>>> import hashlib
>>> hashlib.new('md4', 'foo')
<md4 HASH object @ 0x7f91907e9d50>
>>>

Python 2.7.5-34:
>>> import hashlib
>>> hashlib.new('md4', 'foo')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/hashlib.py", line 111, in __hash_new
    return _hashlib.new(name, string, usedforsecurity)
ValueError: unsupported hash type

Reverting back to 2.7.5-18 fixes the problem for now.

Comment 2 Robert Kuska 2016-01-05 10:05:03 UTC

Created attachment 1111776 [details]
Initialize OpenSSL_add_all_digests in _hashlib

Comment 3 Robert Kuska 2016-01-05 10:05:57 UTC

This is caused by not initializing OpenSSL_add_all_digests function in _hashlib library, I've attached patch which will fix the issue.

Comment 4 Charalampos Stratakis 2016-03-10 16:31:33 UTC

*** Bug 1316629 has been marked as a duplicate of this bug. ***

Comment 8 Thomas Lang 2016-08-23 05:43:09 UTC

I just got the Update of python-2.7.5-38.el7 on RHEL 7.2 and this is still not fixed.

Comment 9 Branislav Náter 2016-08-23 08:11:51 UTC

Hi,

This fix will be released in rhel-7.3. It is not present in current rhel-7.2 version of python (python-2.7.5-38.el7_2). Latest released python package contains mainly security fixes.

Comment 16 errata-xmlrpc 2016-11-03 20:15:52 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2586.html

Note You need to log in before you can comment on or make changes to this bug.