9

I have an issue related to Cryptography package in Python. Can you please help in resolving these, if possible ? (tried a lot, but couldnt figure out the exact solution)

The python code which initiates this error: 

print("Salt: %s" % salt)
server_key = pyelliptic.ECC(curve="prime256v1")  # ----->> Line2
print("Server_key: %s" % server_key)   # ----->> Line3
server_key_id = base64.urlsafe_b64encode(server_key.get_pubkey()[1:])

http_ece.keys[server_key_id] = server_key
http_ece.labels[server_key_id] = "P-256"
encrypted = http_ece.encrypt(data, salt=salt, keyid=server_key_id,
            dh=self.receiver_key, authSecret=self.auth_key)  # ----->> Line8

Value of "Salt" is getting displayed in 100% of the cases.

If Line3 gets executed successfully, I see the the following EntryPoint Error because of http_ece.encrypt() call (Line8):

AttributeError("'EntryPoint' object has no attribute 'resolve'",)

(Ref. File Link: https://github.com/martinthomson/encrypted-content-encoding/blob/master/python/http_ece/init.py#L128 )

Requirements.txt(partial):

cryptography==1.5
pyelliptic==1.5.7
pyOpenSSL==16.1.0

On Running the command: sudo pip freeze --all |grep setuptools, I get: setuptools==27.1.2

Please let me know if any more detail is required.

This problem seems to be basically due to some Old/Incompatible packages(related to PyElliptic, Cryptography, PyOpenSSL and/or setuptools) installed on the VM. For Reference: https://github.com/pyca/cryptography/issues/3149

Can someone please suggest a good solution to resolve this issue completely ?

Thanks,

Naveen
  • 677
  • 1
  • 11
  • 27
  • what is the version of pyelliptic? – e4c5 Sep 13 '16 at 12:54
  • pyelliptic==1.5.7, cryptography==1.5 – Naveen Sep 13 '16 at 12:56
  • next, what is the implementation and version of openssl? – e4c5 Sep 13 '16 at 12:59
  • pyOpenSSL==16.1.0. I am basically trying to encrypt web push notification data. (The same set of packages seems to be working fine on Local Server but not on Google Compute Engine VM) – Naveen Sep 13 '16 at 13:37
  • what is the openssl implementation on that VM? I am not talking of pyOpenSSL but the system library that came from yum or apt – e4c5 Sep 14 '16 at 05:59
  • @e4c5 Updated Python Code Snippet. I am not sure about how to check the openssl implementation on the VM. Any pointers for this ? – Naveen Sep 14 '16 at 10:59
  • Include the relevant parts of stacktrace with the error messages, they are almost useless without it unless one manages to reproduce your problem (which is nigh-impossible as we don't know what triggers it). – ivan_pozdeev Sep 14 '16 at 13:33
  • Besides, what's an "intermediate error"? In Python, an exception is typically either caught and handled (thus not manifesting itself), or terminates the execution. – ivan_pozdeev Sep 14 '16 at 13:38
  • These are the complete messages which I can see on the console. For example: if you look at https://github.com/yann2192/pyelliptic/blob/master/pyelliptic/ecc.py#L214 and see the return value, the same value is specified here. Is there any other way to get the complete stack trace ? (Renamed "Intermediate Error") – Naveen Sep 14 '16 at 14:22
  • @ivan_pozdeev This problem is basically due to some wrong/incomplete/old packages installed on the VM. For Reference: https://github.com/pyca/cryptography/issues/2838 – Naveen Sep 14 '16 at 14:25
  • Since you never gave the traceback for the error in title, I'm forced to guess. – ivan_pozdeev Sep 14 '16 at 20:48
  • these are the complete errors I got on my console. Had there been any line(or even character) extra on the console, I would have happily shared it over here. – Naveen Sep 15 '16 at 16:08

2 Answers2

3

The issue referenced in c66303382 has this traceback (you never gave your traceback so I have to assume yours ends the same way):

File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py", line 35, in default_backend
    _default_backend = MultiBackend(_available_backends())
File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py", line 22, in _available_backends
    "cryptography.backends"

The full line that triggers the error looks like this:

_available_backends_list = [
        ep.resolve()
        for ep in pkg_resources.iter_entry_points(
            "cryptography.backends"
        )
    ]

Searching the repository for EntryPoint definition, then blaming pkg_resources/__init__.py where it is reveals that pkg_resources.EntryPoint.resolve() was added in commit 92a553d3adeb431cdf92b136ac9ccc3f2ef98bf1 (2015-01-05) that went into setuptools v11.3.

Thus you'll see this error if you use an older version.

Community
  • 1
  • 1
ivan_pozdeev
  • 33,874
  • 19
  • 107
  • 152
  • yes, this is the issue for one of the Errors (Attribute 'EntryPoint'). But the Cryptography team has again replaced this code back to support old versions. Ref. Link: https://github.com/pyca/cryptography/issues/3150 – Naveen Sep 15 '16 at 11:39
  • @Naveen they have... _10 hours ago._ – ivan_pozdeev Sep 15 '16 at 13:08
  • @Naveen the other errors are a completely unrelated matter. At first glance, the first part of the first message is produced by `pyelliptic.ECC._generate()`. But, it throws an exception with that message! If your program doesn't terminate as a result, this means somthing else up the stack - possibly in your own code - masks the error - which is in general not a good thing to do. I cannot find the source of the `error:00000000<...>` part, this may be your code, so you'd better debug and/or search your codebase for this. – ivan_pozdeev Sep 15 '16 at 13:28
  • @Naveen the 2nd message seems to be covered by http://stackoverflow.com/questions/35546513/django-application-504-error-after-saving-model – ivan_pozdeev Sep 15 '16 at 13:28
  • I see. I didn't trust your source links (you didn't explicitly state which version you use, so it could be anything) and ended up looking at an older version of the code. – ivan_pozdeev Sep 15 '16 at 16:40
  • Anyway, this is irrelevant to the problem in title - which has been resolved - so [this should go into a separate question](http://meta.stackexchange.com/questions/43478/exit-strategies-for-chameleon-questions). – ivan_pozdeev Sep 15 '16 at 16:41
2

Ran Following Commands from the project path /opt/projects/myproject-google/myproject and it resolved the Attribute EntryPoint Error Issue:

(Assuming project virtual env path as: /opt/projects/myproject-google/venv)

Command: (from path: /opt/projects/myproject-google/myproject)

export PYTHONPATH=      # [Blank]
sudo pip install --upgrade virtualenv setuptools
sudo rm -rf ../venv
sudo virtualenv ../venv
source ../venv/bin/activate
sudo pip install --upgrade -r requirements.txt
deactivate

Running the above commands upgraded the virtual environment & the setuptools version inside the virtual Env. located at path: /opt/projects/myproject-google/venv/lib/python2.7/site-packages. To test if setuptools have upgraded successfully, try some of these commands:

  1. Command: sudo virtualenv --version Output: 15.0.3
  2. Command: echo $PYTHONPATH Output: [blank]
  3. Command: python -c 'import pkg_resources; print(pkg_resources.__file__)' Output: ~/.local/lib/python2.7/site-packages/pkg_resources/__init__.pyc
  4. Command: python -c 'import sys; print(sys.path)' Output: ['', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '~/.local/lib/python2.7/site-packages', '/usr/local/lib/python2.7/dist-packages', '/opt/projects/myproject-google/myproject', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages/PILcompat']
  5. Command: ls /opt/projects/myproject-google/venv/lib/python2.7/site-packages Output: easy_install.py pip pkg_resources setuptools-27.2.0.dist-info wheel-0.30.0a0.dist-info easy_install.pyc pip-8.1.2.dist-info setuptools wheel
  6. Command: python -c 'from cryptography.hazmat.backends import default_backend; print(default_backend())' Output: <cryptography.hazmat.backends.multibackend.MultiBackend object at 0x7ff83a838d50>
  7. Command /opt/projects/myproject-google/venv/bin/python -c 'from cryptography.hazmat.backends import default_backend; print(default_backend())' Output Traceback (most recent call last): File "<string>", line 1, in <module> ImportError: No module named cryptography.hazmat.backends
  8. Command: /opt/projects/myproject-google/venv/bin/python -c "import pkg_resources; print(pkg_resources.__file__)" Output: /opt/projects/myproject-google/venv/local/lib/python2.7/site-packages/pkg_resources/__init__.pyc

Ref Link: https://github.com/pyca/cryptography/issues/3149

These Steps resolved the Attribute EntryPoint Issue completely with an updated version of cryptography package & the setuptools.

Update As on 15 September 2016, The Cryptography Team has again added the workaround for supporting old packages too. (Ref. Link: https://github.com/pyca/cryptography/issues/3150 )

Naveen
  • 677
  • 1
  • 11
  • 27