Skip to content
This repository has been archived by the owner on Dec 11, 2022. It is now read-only.

Issue with Berryconda cryptography and OpenSSL #58

Closed
eric-nok opened this issue Jan 15, 2019 · 1 comment
Closed

Issue with Berryconda cryptography and OpenSSL #58

eric-nok opened this issue Jan 15, 2019 · 1 comment

Comments

@eric-nok
Copy link

eric-nok commented Jan 15, 2019
edited
Loading

I'm trying to get paramiko working with the Berryian 2.0.0 distribution. Using cryptography 2.3.1, OpenSSL 1.0.2p, and paramiko 2.4.2 to open an SSH connection givens the error:

cryptography.exceptions.UnsupportedAlgorithm: Backend object does not support secp256r1.

I checked with the cryptography contributors, and they said that the OpenSSL backend should provide support for secp256r1. See pyca/cryptography#4691. I'm wondering if there's any known reason why this might be happening.

Versions of Python, cryptography, cffi, pip, and setuptools you're using

Python: 3.6.1
cryptography: 2.3.1
cffi: 1.11.5
pip: 18.1
setup tools: 36.0.1
openssl: 1.0.2p

Running on Raspberry Pi 3+ with Raspbian Stretch and the Berryconda 2.0.0 distribution.

Clear steps for reproducing your bug

Installed Berryconda; pip installed paramiko; ran a simple example:

import paramiko
t = paramiko.Transport(("127.0.0.1", 22))
t.connect(username="pi", password=<password>)

This gives error:

Unknown exception: Backend object does not support secp256r1.
Traceback (most recent call last):
  File "/home/producer/berryconda3/lib/python3.6/site-packages/paramiko/transport.py", line 2010, in run
    self._handler_table[ptype](self, m)
  File "/home/producer/berryconda3/lib/python3.6/site-packages/paramiko/transport.py", line 2126, in _negotiate_keys
    self.kex_engine.start_kex()
  File "/home/producer/berryconda3/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py", line 32, in start_kex
    self._generate_key_pair()
  File "/home/producer/berryconda3/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py", line 53, in _generate_key_pair
    self.P = ec.generate_private_key(self.curve, default_backend())
  File "/home/producer/berryconda3/lib/python3.6/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py", line 287, in generate_private_key
    return backend.generate_elliptic_curve_private_key(curve)
  File "/home/producer/berryconda3/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1346, in generate_elliptic_curve_private_key
    _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
cryptography.exceptions.UnsupportedAlgorithm: Backend object does not support secp256r1.
@eric-nok eric-nok changed the title Problem with cryptography and OpenSSL packages Issue with Berryconda cryptography and OpenSSL Jan 15, 2019
@jjhelmus
Copy link
Owner

I looked at the OpenSSL package in Berryconda and it looks like the binary prefix replacement done by conda was interfering with the secp256r1 cipher. Rebuilding the package with the replacement turned off fixed the issue on my Pi. You will need to update the openssl package, either to 1.0.2p build 1 or 1.0.2q, the later should be installed if you run conda update openssl.

@eric-nok eric-nok mentioned this issue Jan 16, 2019
Closed
This was referenced Jun 20, 2020
Open
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jjhelmus @eric-nok