Dave Malcolm <dmalc...@redhat.com> added the comment:
Attached patch checks for errors in the initialization of _hashlib, and only
registers the names that are actually available.
It also contains the ssl init from the first patch.
I added a _hashlib._errors dict, containing errors, so that you can examine
them at runtime:
$ OPENSSL_FORCE_FIPS_MODE=1 ./python
Python 2.7rc2+ (trunk:82445, Jul 2 2010, 14:00:30)
[GCC 4.4.3 20100422 (Red Hat 4.4.3-18)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import _hashlib
[35786 refs]
>>> _hashlib._errors
{'md5': '_hashopenssl.c:541: error:060800A0:digital envelope
routines:EVP_DigestInit_ex:unknown cipher'}
[35825 refs]
>>> dir (_hashlib)
['__doc__', '__file__', '__name__', '__package__', '_errors', 'new',
'openssl_sha1', 'openssl_sha224', 'openssl_sha256', 'openssl_sha384',
'openssl_sha512']
[35838 refs]
(note the absence of openssl_md5)
Note that hashlib (as opposed to _hashlib) seems to gracefully fall back to
Python's _md5 module when in this state:
>>> import hashlib
[36107 refs]
>>> m = m = hashlib.md5(); m.update('abc\n'); print m.hexdigest()
0bee89b07a248e27c83fc3d5951213c1
[36109 refs]
This seems to be option (A) from my initial message.
----------
stage: -> patch review
Added file:
http://bugs.python.org/file17846/remove-unusable-hashes-from-hashopenssl.patch
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue9146>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
