0

I'm getting the above error while using pyelliptic (versions given below).

The python code which triggers it: 

print("Salt: %s" % salt)
server_key = pyelliptic.ECC(curve="prime256v1")  # ----->> Line2
print("Server_key: %s" % server_key)   # ----->> Line3
server_key_id = base64.urlsafe_b64encode(server_key.get_pubkey()[1:])

The "Salt: ..." message is displayed okay, the error is in the pyelliptic.ECC() call.

Traceback:

File "/usr/local/lib/python2.7/dist-packages/pyelliptic/ecc.py", line 89, in __init__
self.privkey, self.pubkey_x, self.pubkey_y = self._generate()
File "/usr/local/lib/python2.7/dist-packages/pyelliptic/ecc.py", line 231, in _generate
raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ... " + OpenSSL.get_error())

The error(s) I get are (the 2nd one may or may not be relevant):

  1. Exception('[OpenSSL] EC_KEY_generate_key FAIL ... error:00000000:lib(0):func(0):reason(0)',) (Ref. File Link: https://github.com/yann2192/pyelliptic/blob/master/pyelliptic/ecc.py#L214 )
  2. extern "Python": function Cryptography_rand_bytes() called, but @ffi.def_extern() was not called in the current subinterpreter. Returning 0.

Requirements.txt (partial):

setuptools==27.1.2
cryptography==1.5
pyelliptic==1.5.7
pyOpenSSL==16.1.0

https://github.com/yann2192/pyelliptic/issues/39 says that pyelliptic v1.5.7 has some issues with old versions (Not sure if this is applicable here).

Other Details:

Python Version: 2.7.

Getting this error only on Google Compute Engine VM Instance.

Working Fine on Local Development Server. Working Fine from python shell too Google Compute Engine VM.

(The question is a follow-up of 'EntryPoint' object has no attribute 'resolve' when using Google Compute Engine, the discussion there might be of use)

Community
  • 1
  • 1
Naveen
  • 677
  • 1
  • 11
  • 27
  • Okay, here we go. You say that you get an exception, but the code does not stop? Is the following line (`print("Server_key:<...>`) executed? If the "error" is actually a Django error log entry, [here's how you include a stacktrace into it](http://stackoverflow.com/questions/5886275/print-a-stack-trace-to-stdout-on-errors-in-django-while-using-manage-py-runserve). – ivan_pozdeev Sep 15 '16 at 17:29
  • The code stopped at Line2 itself. Line3 is not executed at all. (Actually sometimes, maybe 1 out of 10 times, this code executes absolutely fine without any errors at all) – Naveen Sep 15 '16 at 17:32
  • This means that the 2nd error is produced by some unrelated chunk of code (it may or may not be a consequence of the first), so a stack trace would be most helpful here. – ivan_pozdeev Sep 15 '16 at 17:34
  • The easiest way to tackle the first error is to run the entire Django under `pdb`, break on the faulting line and investigate what's happening. Only you can do that; yet I'll try to reproduce the issue here. – ivan_pozdeev Sep 15 '16 at 17:34
  • I am not sure how to run the entire django under pdb as the code is executed from the browser "Execute" button. Also, this issue doesn't seem to be because of the Python Code. It seems to be the issue related to the pyelliptic library & maybe some other related packages. – Naveen Sep 15 '16 at 17:37
  • The 1st few links in google on "run django under pdb", incl. https://mike.tig.as/blog/2010/09/14/pdb/ . Whererver the issue is, it's your job to identify (and, if possible with reasonable effort, fix) it, isn't it? Python emphasizes the inclusion of source code everywhere specifically to make this kind of troubleshooting possible and practical. – ivan_pozdeev Sep 15 '16 at 17:45
  • Btw, is this Python 2 or Python 3? – ivan_pozdeev Sep 15 '16 at 17:48
  • Updated this info in question. Btw, getting this error only on Google Compute Engine(GCE) VM Instance only. Working absolutely fine with no such errors at all on Local Development Server. – Naveen Sep 15 '16 at 17:52
  • From what I can see, `pyelliptic` uses a standalone version of `OpenSSL` locally installed on the system - `libcrypto` in linux and `libeay32.dll` in windows. So, your results may (and most probably will) depend on it and its setup in the system. While `pyopenssl` uses a statically compiled version in `cryptography`. Both advertize themselves as "openssl wrappers", so they're basically competing products. Since you appear to be already using `pyopenssl`, why not use it all the way? – ivan_pozdeev Sep 15 '16 at 18:05
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/123469/discussion-between-naveen-and-ivan-pozdeev). – Naveen Sep 15 '16 at 18:09
  • @ivan_pozdeev Issue still not resolved. Any solution please ? – Naveen Sep 20 '16 at 05:45
  • Debugging, debugging and more debugging. I cannot so that since I don't use the Google Compute Engine. If the problem is not specific to your system (is it?), someone else with the same setup might be able to do that for you. – ivan_pozdeev Sep 21 '16 at 04:11
  • Just added " WSGIApplicationGroup %{GLOBAL}" in my default-ssl.conf file and this error got resolved. :P . Thanks a lot @ivan_pozdeev for your guidance. – Naveen Sep 21 '16 at 10:53

1 Answers1

0

Just added the following:WSGIApplicationGroup %{GLOBAL}

in /etc/apache2/sites-available/default-ssl.conf file and all these errors got resolved.

Naveen
  • 677
  • 1
  • 11
  • 27
  • Then related: http://stackoverflow.com/questions/755070/what-is-the-purpose-of-the-sub-interpreter-api-in-cpython – ivan_pozdeev Sep 21 '16 at 18:18
  • Didn't got exactly what you were trying to convey ? Can you please explain in simple terms if possible ? :P – Naveen Sep 24 '16 at 16:09
  • The line you have given [makes the code run in the main interpreter instance](http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html). This means that the root cause is that `pyelliptic` is incompatible with CPython's subinterpreter architecture (this doesn't mean it's bad, that CPython feature is currently rather incomplete and even virtually undocumented). The gist here is that this solution can also apply to many other C extensions. – ivan_pozdeev Sep 25 '16 at 02:47