Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

import pgpy is failing with an error - cryptography.utils has no attribute register_interface #402

Open
pradeepravi87 opened this issue Sep 7, 2022 · 13 comments

Comments

@pradeepravi87
Copy link

pradeepravi87 commented Sep 7, 2022

We started facing this issue in the Databricks notebook environment, we realized this is because of cryptography library was upgraded a few hours back.

This breaks the compatibility to use the recent version of pgpy in our environment

Stack Trace -

AttributeError: module 'cryptography.utils' has no attribute 'register_interface'

AttributeError Traceback (most recent call last)
in
----> 1 import pgpy

/databricks/python_shell/dbruntime/PythonPackageImportsInstrumentation/init.py in import_patch(name, globals, locals, fromlist, level)
165 # Import the desired module. If you’re seeing this while debugging a failed import,
166 # look at preceding stack frames for relevant error information.
--> 167 original_result = python_builtin_import(name, globals, locals, fromlist, level)
168
169 is_root_import = thread_local._nest_level == 1

/local_disk0/.ephemeral_nfs/envs/pythonEnv-4001c277-1e53-462b-91f8-060b1edfc8c6/lib/python3.8/site-packages/pgpy/init.py in
2 """
3
----> 4 from .pgp import PGPKey
5 from .pgp import PGPKeyring
6 from .pgp import PGPMessage

/databricks/python_shell/dbruntime/PythonPackageImportsInstrumentation/init.py in import_patch(name, globals, locals, fromlist, level)
165 # Import the desired module. If you’re seeing this while debugging a failed import,
166 # look at preceding stack frames for relevant error information.
--> 167 original_result = python_builtin_import(name, globals, locals, fromlist, level)
168
169 is_root_import = thread_local._nest_level == 1

/local_disk0/.ephemeral_nfs/envs/pythonEnv-4001c277-1e53-462b-91f8-060b1edfc8c6/lib/python3.8/site-packages/pgpy/pgp.py in
25 from cryptography.hazmat.primitives import hashes
26
---> 27 from .constants import CompressionAlgorithm
28 from .constants import Features
29 from .constants import HashAlgorithm

/databricks/python_shell/dbruntime/PythonPackageImportsInstrumentation/init.py in import_patch(name, globals, locals, fromlist, level)
165 # Import the desired module. If you’re seeing this while debugging a failed import,
166 # look at preceding stack frames for relevant error information.
--> 167 original_result = python_builtin_import(name, globals, locals, fromlist, level)
168
169 is_root_import = thread_local._nest_level == 1

/local_disk0/.ephemeral_nfs/envs/pythonEnv-4001c277-1e53-462b-91f8-060b1edfc8c6/lib/python3.8/site-packages/pgpy/constants.py in
21 from .decorators import classproperty
22 from .types import FlagEnum
---> 23 from ._curves import BrainpoolP256R1, BrainpoolP384R1, BrainpoolP512R1, X25519, Ed25519
24
25 all = ['Backend',

/databricks/python_shell/dbruntime/PythonPackageImportsInstrumentation/init.py in import_patch(name, globals, locals, fromlist, level)
165 # Import the desired module. If you’re seeing this while debugging a failed import,
166 # look at preceding stack frames for relevant error information.
--> 167 original_result = python_builtin_import(name, globals, locals, fromlist, level)
168
169 is_root_import = thread_local._nest_level == 1

/local_disk0/.ephemeral_nfs/envs/pythonEnv-4001c277-1e53-462b-91f8-060b1edfc8c6/lib/python3.8/site-packages/pgpy/_curves.py in
35
36
---> 37 @utils.register_interface(ec.EllipticCurve)
38 class BrainpoolP256R1(object):
39 name = 'brainpoolP256r1'

@mitgr81
Copy link

mitgr81 commented Sep 7, 2022

This looks to be the relevant change in cryptography: pyca/cryptography#7234

@hofrob
Copy link
Contributor

hofrob commented Sep 7, 2022

Seeing the same issue after upgrading cryptography to V38.*

project/foo.py:9: in <module>
    import pgpy
venv/lib/python3.10/site-packages/pgpy/__init__.py:4: in <module>
    from .pgp import PGPKey
venv/lib/python3.10/site-packages/pgpy/pgp.py:27: in <module>
    from .constants import CompressionAlgorithm
venv/lib/python3.10/site-packages/pgpy/constants.py:23: in <module>
    from ._curves import BrainpoolP256R1, BrainpoolP384R1, BrainpoolP512R1, X25519, Ed25519
venv/lib/python3.10/site-packages/pgpy/_curves.py:37: in <module>
    @utils.register_interface(ec.EllipticCurve)
E   AttributeError: module 'cryptography.utils' has no attribute 'register_interface'

@swadeesh
Copy link

swadeesh commented Sep 7, 2022

You can try the version 37.0. See the install log, pgpy is using version 37 which should fix your problem.

%pip install cryptography==37.0
%pip install PGPy

import pgpy

Python interpreter will be restarted.
Collecting cryptography==37.0
Downloading cryptography-37.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (4.0 MB)
Requirement already satisfied: cffi>=1.12 in /databricks/python3/lib/python3.8/site-packages (from cryptography==37.0) (1.14.5)
Requirement already satisfied: pycparser in /databricks/python3/lib/python3.8/site-packages (from cffi>=1.12->cryptography==37.0) (2.20)
Installing collected packages: cryptography
Attempting uninstall: cryptography
Found existing installation: cryptography 38.0.1
Not uninstalling cryptography at /databricks/python3/lib/python3.8/site-packages, outside environment /local_disk0/.ephemeral_nfs/envs/pythonEnv-fcff4e9f-8cfa-4383-98ad-989b91570005
Can't uninstall 'cryptography'. No files were found to uninstall.
Successfully installed cryptography-37.0.0
Python interpreter will be restarted.
Python interpreter will be restarted.
Requirement already satisfied: PGPy in /databricks/python3/lib/python3.8/site-packages (0.5.4)
Requirement already satisfied: six>=1.9.0 in /databricks/python3/lib/python3.8/site-packages (from PGPy) (1.15.0)
Requirement already satisfied: cryptography>=2.6 in /local_disk0/.ephemeral_nfs/envs/pythonEnv-fcff4e9f-8cfa-4383-98ad-989b91570005/lib/python3.8/site-packages (from PGPy) (37.0.0)
Requirement already satisfied: pyasn1 in /databricks/python3/lib/python3.8/site-packages (from PGPy) (0.4.8)
Requirement already satisfied: cffi>=1.12 in /databricks/python3/lib/python3.8/site-packages (from cryptography>=2.6->PGPy) (1.14.5)
Requirement already satisfied: pycparser in /databricks/python3/lib/python3.8/site-packages (from cffi>=1.12->cryptography>=2.6->PGPy) (2.20)
Python interpreter will be restarted.

@vgopinathlal
Copy link

yes with cryptography==37.0.4 it works well..

@reaperhulk
Copy link

reaperhulk commented Sep 7, 2022

This can be fixed by switching from register_interface to subclassing (sigh) the ec.EllipticCurve abstract base class and will work in all versions of cryptography including 38.0. That will require a PR against this project + new release of course.

@hofrob
Copy link
Contributor

hofrob commented Sep 7, 2022

I created a PR that does exactly what you proposed (and what they did internally in the cryptography library). I'm not sure if this is helpful though, since I have no idea what I'm doing 😬.

@pradeepravi87
Copy link
Author

You can try the version 37.0. See the install log, pgpy is using version 37 which should fix your problem.

%pip install cryptography==37.0 %pip install PGPy

import pgpy

Python interpreter will be restarted. Collecting cryptography==37.0 Downloading cryptography-37.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (4.0 MB) Requirement already satisfied: cffi>=1.12 in /databricks/python3/lib/python3.8/site-packages (from cryptography==37.0) (1.14.5) Requirement already satisfied: pycparser in /databricks/python3/lib/python3.8/site-packages (from cffi>=1.12->cryptography==37.0) (2.20) Installing collected packages: cryptography Attempting uninstall: cryptography Found existing installation: cryptography 38.0.1 Not uninstalling cryptography at /databricks/python3/lib/python3.8/site-packages, outside environment /local_disk0/.ephemeral_nfs/envs/pythonEnv-fcff4e9f-8cfa-4383-98ad-989b91570005 Can't uninstall 'cryptography'. No files were found to uninstall. Successfully installed cryptography-37.0.0 Python interpreter will be restarted. Python interpreter will be restarted. Requirement already satisfied: PGPy in /databricks/python3/lib/python3.8/site-packages (0.5.4) Requirement already satisfied: six>=1.9.0 in /databricks/python3/lib/python3.8/site-packages (from PGPy) (1.15.0) Requirement already satisfied: cryptography>=2.6 in /local_disk0/.ephemeral_nfs/envs/pythonEnv-fcff4e9f-8cfa-4383-98ad-989b91570005/lib/python3.8/site-packages (from PGPy) (37.0.0) Requirement already satisfied: pyasn1 in /databricks/python3/lib/python3.8/site-packages (from PGPy) (0.4.8) Requirement already satisfied: cffi>=1.12 in /databricks/python3/lib/python3.8/site-packages (from cryptography>=2.6->PGPy) (1.14.5) Requirement already satisfied: pycparser in /databricks/python3/lib/python3.8/site-packages (from cffi>=1.12->cryptography>=2.6->PGPy) (2.20) Python interpreter will be restarted.

@swadeesh - I already applied the workaround by downgrading the crypto library, I have raised this issue because at some point we would need to upgrade the cryptography version

n-oden added a commit to memory/python-dpkg that referenced this issue Sep 19, 2022
- pin the dependency on pycrypto back to 37.0.4 due to
  SecurityInnovation/PGPy#402

- drop support for python 3.6, which is past its EOL date

- replace flakehell (abandoned) with flakeheaven (not);
  set up basic exclusions in pyproject.toml

- clean up some cruft in the Makefile
n-oden added a commit to memory/python-dpkg that referenced this issue Sep 19, 2022
This addresses #8

- pin the dependency on pycrypto back to 37.0.4 due to
  SecurityInnovation/PGPy#402

- drop support for python 3.6, which is past its EOL date

- replace flakehell (abandoned) with flakeheaven (not);
  set up basic exclusions in pyproject.toml

- clean up some cruft in the Makefile
n-oden added a commit to memory/python-dpkg that referenced this issue Sep 19, 2022
This addresses #8

- pin the dependency on pycrypto back to 37.0.4 due to
  SecurityInnovation/PGPy#402

- drop support for python 3.6, which is past its EOL date

- replace flakehell (abandoned) with flakeheaven (not);
  set up basic exclusions in pyproject.toml

- clean up some cruft in the Makefile
n-oden added a commit to memory/python-dpkg that referenced this issue Sep 19, 2022
This addresses #8

- pin the dependency on pycrypto back to 37.0.4 due to
  SecurityInnovation/PGPy#402

- drop support for python 3.6, which is past its EOL date

- replace flakehell (abandoned) with flakeheaven (not);
  set up basic exclusions in pyproject.toml

- clean up some cruft in the Makefile
n-oden added a commit to memory/python-dpkg that referenced this issue Sep 19, 2022
This addresses #8

- pin the dependency on pycrypto back to 37.0.4 due to
  SecurityInnovation/PGPy#402

- drop support for python 3.6, which is past its EOL date

- replace flakehell (abandoned) with flakeheaven (not);
  set up basic exclusions in pyproject.toml

- clean up some cruft in the Makefile
rclement added a commit to rclement/mailer that referenced this issue Oct 3, 2022
PGPy is not yet compatible with cryptography >= 38.0.0

SecurityInnovation/PGPy#402
rclement added a commit to rclement/mailer that referenced this issue Oct 3, 2022
PGPy is not yet compatible with cryptography >= 38.0.0

SecurityInnovation/PGPy#402
@thesuperzapper
Copy link
Contributor

thesuperzapper commented Nov 1, 2022

I have raised #408 (and associated PR #408) to suggest that we release a version of PGPy that pins the maximum cryptography version to less than 38.0.0 (which is the first version which has this issue).

Until a version of PGPy is released with this fix, you can install by manually pinning cryptography<38:

pip install pgpy "cryptography<38"

NOTE: because cryptography version 37.0.4 has issues with its pyOpenSSL versions (see issue: pyca/pyopenssl#1143), you may ALSO need to explicitly install pyOpenSSL>=22.0.0.

@paunovic
Copy link

paunovic commented Nov 23, 2022

Any updates on this? It's causing dependency mismatch in our code and preventing us to update other indirectly related packages that require cryptography>=38.0 (i.e. playwright)

@Commod0re
Copy link
Contributor

This should be fixed with v0.6.0 which I just released

dkg added a commit to dkg/PGPy that referenced this issue Jun 14, 2023
OpenSSL 1.0.2 is ancient at this point -- Brainpool is part of the standard
distribution.  At any rate, we need 1.1.0 for X25519 and 1.1.1 for Ed25519.

And python's cryptography module has supported Brainpool since version 2.2
(also ancient).

Registering subclasses with the cryptography module is complicated across
versions (see pyca/cryptography#7234 which removed
register_interface), but we don't need any of that functionality as long as
we depend on non-ancient modules.

At the same time, we don't need pyasn1 any longer if we just treat the OID
as a bytestring label.

As this also drops all the shenanigans around
cryptography.utils.register_interface, we can also say it
Closes: SecurityInnovation#402
dkg added a commit to dkg/PGPy that referenced this issue Jun 16, 2023
OpenSSL 1.0.2 is ancient at this point -- Brainpool is part of the standard
distribution.  At any rate, we need 1.1.0 for X25519 and 1.1.1 for Ed25519.

And python's cryptography module has supported Brainpool since version 2.2
(also ancient).

Registering subclasses with the cryptography module is complicated across
versions (see pyca/cryptography#7234 which removed
register_interface), but we don't need any of that functionality as long as
we depend on non-ancient modules.

At the same time, we don't need pyasn1 any longer if we just treat the OID
as a bytestring label.

As this also drops all the shenanigans around
cryptography.utils.register_interface, we can also say it
Closes: SecurityInnovation#402
dkg added a commit to dkg/PGPy that referenced this issue Jun 16, 2023
OpenSSL 1.0.2 is ancient at this point -- Brainpool is part of the standard
distribution.  At any rate, we need 1.1.0 for X25519 and 1.1.1 for Ed25519.

And python's cryptography module has supported Brainpool since version 2.2
(also ancient).

Registering subclasses with the cryptography module is complicated across
versions (see pyca/cryptography#7234 which removed
register_interface), but we don't need any of that functionality as long as
we depend on non-ancient modules.

At the same time, we don't need pyasn1 any longer if we just treat the OID
as a bytestring label.

As this also drops all the shenanigans around
cryptography.utils.register_interface, we can also say it
Closes: SecurityInnovation#402
dkg added a commit to dkg/PGPy that referenced this issue Jun 16, 2023
OpenSSL 1.0.2 is ancient at this point -- Brainpool is part of the standard
distribution.  At any rate, we need 1.1.0 for X25519 and 1.1.1 for Ed25519.

And python's cryptography module has supported Brainpool since version 2.2
(also ancient).

Registering subclasses with the cryptography module is complicated across
versions (see pyca/cryptography#7234 which removed
register_interface), but we don't need any of that functionality as long as
we depend on non-ancient modules.

At the same time, we don't need pyasn1 any longer if we just treat the OID
as a bytestring label.

As this also drops all the shenanigans around
cryptography.utils.register_interface, we can also say it
Closes: SecurityInnovation#402
@hingston
Copy link

Is there a timescale for upgrading past cryptography < 38.0.0? There are a number of high risk vulnerabilities now.

@hofrob
Copy link
Contributor

hofrob commented Jun 28, 2023

You should be able to upgrade to the latest version. No idea why this was reopened, but I didn't really have time to read and comprehend what the other issue is about 😉

dkg added a commit to dkg/PGPy that referenced this issue Jun 28, 2023
OpenSSL 1.0.2 is ancient at this point -- Brainpool is part of the standard
distribution.  At any rate, we need 1.1.0 for X25519 and 1.1.1 for Ed25519.

And python's cryptography module has supported Brainpool since version 2.2
(also ancient).

Registering subclasses with the cryptography module is complicated across
versions (see pyca/cryptography#7234 which removed
register_interface), but we don't need any of that functionality as long as
we depend on non-ancient modules.

At the same time, we don't need pyasn1 any longer if we just treat the OID
as a bytestring label.

As this also drops all the shenanigans around
cryptography.utils.register_interface, we can also say it
Closes: SecurityInnovation#402
@supmir
Copy link

supmir commented Sep 1, 2023

You should be able to upgrade to the latest version. No idea why this was reopened, but I didn't really have time to read and comprehend what the other issue is about 😉

It's probably because pgpy hasn't been updated on conda(0.5.4). At least that's what happened to me.

arbgjr added a commit to arbgjr/BADGE that referenced this issue Jan 31, 2024
 Your branch is behind 'origin/2-swagger' by 1 commit, and can be fast-forwarded.
   (use "git pull" to update your local branch)

 Changes to be committed:
	modified:   requirements.txt

Necessário ficar assim devido: SecurityInnovation/PGPy#402
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests