[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Raymond Hettinger added the comment: New changeset d914596a671c4b0f13641359cf43aa0d6fc05070 by Raymond Hettinger (Christian Heimes) in branch 'master': bpo-36559: random module: optimize sha512 import (GH-12742)

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Change by Raymond Hettinger : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Inada Naoki added the comment: * Is hashlib large, slow to import library? -- Yes. * random module use hashlib only for specific (rare) use case? -- Yes. * Does user of random module needs hashlib in most case? -- No. For example, tmpfile user may not need hashlib. I'm +1 on PR 12728.

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Raymond Hettinger added the comment: > You could also use the internal _sha512 module. > It's always present, small, lean and provides a SHA512 > implementation with sufficient performance. I suppose we could do this but it borders on telling folks that we're worried about using our own

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

STINNER Victor added the comment: Note: *Technically*, you can disable the compilation of the _sha512 module using "*disabled*" in Modules/Setup, but I'm not sure if it's a common use case. At least, it makes sense to me when we are sure that OpenSSL and _hashlib are available ;-) I didn't

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Christian Heimes added the comment: Thanks for pointing to the other issue. This is clearly a regression and should be fixed ASAP. I have ACKed your PR and pushed it. -- ___ Python tracker

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Xavier de Gaye added the comment: > You could also use the internal _sha512 module. It's always present This is not true at the moment, the _sha512 module is not present when openssl is missing. This is a bug in setup.py that prevents building the _sha512 module when openssl is missing. See

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Change by Christian Heimes : -- pull_requests: +12665 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Christian Heimes added the comment: You could also use the internal _sha512 module. It's always present, small, lean and provides a SHA512 implementation with sufficient performance. -- nosy: +christian.heimes ___ Python tracker

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Raymond Hettinger added the comment: One other thought. This code has been present for over a decade. There is no evidence that anyone has ever wanted random to defer one of its imports. This seems like an invented problem. -- ___ Python tracker

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Raymond Hettinger added the comment: In general, deferred imports are code smell that should avoided unless really necessary. They create an on-going maintenance burden (there's a reason most modules don't do this and put their imports at the top). FWIW, a broken hashlib is a localized bug,

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

STINNER Victor added the comment: Raymond: > Why do we care about this particular import? It doesn't see slow in any way. I ran a benchmark: $ ./python -m perf command -o ref.json -v -- ./python -c 'import random' $ # apply patch $ ./python -m perf command -o patch.json -v -- ./python -c

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

STINNER Victor added the comment: Raymond: > In general, we don't do deferred imports unless there is a compelling reason > (i.e. it is very slow or it is sometimes unavailable). While I was working on adding OpenSSL 1.1.1 to Python 3.4, my _hashopenssl module was broken. In that case,

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Brett Cannon added the comment: Could you explain a bit more, Victor, about why you want to avoid importing hashlib and OpenSSL so much? -- nosy: +brett.cannon ___ Python tracker

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Raymond Hettinger added the comment: Why do we care about this particular import? It doesn't see slow in any way. In general, we don't do deferred imports unless there is a compelling reason (i.e. it is very slow or it is sometimes unavailable). Otherwise, it is a false optimization.

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

STINNER Victor added the comment: In the past, some developers complained when an import has been removed in a stdlib module. I vaguely recall code using "import os" to get the "errno" module from "os.errno". That's "What's New in Python 3.7" contains: "Several undocumented internal imports

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

Change by STINNER Victor : -- keywords: +patch pull_requests: +12651 stage: -> patch review ___ Python tracker ___ ___

[issue36559] "import random" should import hashlib on demand (nor load OpenSSL)

New submission from STINNER Victor : Currently, when the random module is imported, the hashlib module is always imported which loads the OpenSSL library, whereas hashlib is only needed when a Random() instance is created with a string seed. For example, "rnd = random.Random()" and "rnd =