New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

salt.utils.rsax931._init_libcrypto() fails to initialize libopenssl1_1-1.1.0h #46884

Closed
alexandergraul opened this Issue Apr 5, 2018 · 8 comments

Comments

Projects
None yet
7 participants
@alexandergraul

alexandergraul commented Apr 5, 2018

Description of Issue/Question

Importing salt.utils.rsax931 raises OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)") with latest version of libopenss1_1 that comes with openSUSE Tumbleweed (1.1.0h).

However, when the try/except block that calls libcrypto.OPENSSL_init_crypto() explicitly is removed, no error is raised, but libopenssl is initialized implicitly. Implicit initialization is mentioned in the manpage:

As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required.

It also mentions, that it may be called explicitly when needed

However, there way be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required.

Steps to Reproduce Issue

Install libopenssl1_1-1.1.0h (openSUSE Tumbleweed in my case):

sudo zypper install libopenssl1_1=1.1.0h

Create virtual environment:

python -m virtualenv bugreport
source ./bugreport/bin/activate
pip install salt

Run python and try to import salt.utils.rsax931:

Python 2.7.14 (default, Oct 12 2017, 15:50:02) [GCC] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import salt.utils.rsax931
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/alex/programming/salt-python/bugreport/lib/python2.7/site-packages/salt/utils/rsax931.py", line 86, in <module>
    libcrypto = _init_libcrypto()
  File "/home/alex/programming/salt-python/bugreport/lib/python2.7/site-packages/salt/utils/rsax931.py", line 77, in _init_libcrypto
    raise OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)")
OSError: Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)

With the explicit initialization commented out:

73     # try:                                                                                                                                                                               
74     #     if libcrypto.OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG |                                                                                                                 
75     #                                      OPENSSL_INIT_ADD_ALL_CIPHERS |                                                                                                                
76     #                                      OPENSSL_INIT_ADD_ALL_DIGESTS, None) != 1:                                                                                                     
77     #         raise OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)")                                                                                         
78     # except AttributeError:                                                                                                                                                             
79     #     # Support for OpenSSL < 1.1 (OPENSSL_API_COMPAT < 0x10100000L)                                                                                                                 
80     #     libcrypto.OPENSSL_no_config()                                                                                                                                                  
81     #     libcrypto.OPENSSL_add_all_algorithms_noconf() 
>>> import salt.utils.rsax931 as rsax931
>>> rsax931.libcrypto
<CDLL 'libcrypto.so.1.1', handle 564d2e3396f0 at 7febe0060d10>

Versions Report

Package information on libopenssl1_1:

zypper if libopenssl1_1                                                                                                                                                                 
Information for package libopenssl1_1:
--------------------------------------
Repository     : openSUSE-Tumbleweed-Oss                    
Name           : libopenssl1_1                              
Version        : 1.1.0h-1.1                                 
Arch           : x86_64                                     
Vendor         : openSUSE                                   
Installed Size : 3.0 MiB                                    
Installed      : Yes                                        
Status         : up-to-date                                 
Source package : openssl-1_1-1.1.0h-1.1.src                 
Summary        : Secure Sockets and Transport Layer Security
Description    :                                            
    OpenSSL is a software library to be used in applications that need to
    secure communications over computer networks against eavesdropping or
    need to ascertain the identity of the party at the other end.
    OpenSSL contains an implementation of the SSL and TLS protocols.

Python module information:

pip show salt
Name: salt
Version: 2018.3.0
Summary: Portable, distributed, remote execution and configuration management system
Home-page: http://saltstack.org
Author: Thomas S Hatch
Author-email: thatch45@gmail.com
License: Apache Software License 2.0
Location: /home/alex/programming/salt-python/bugreport/lib/python2.7/site-packages
Requires: Jinja2, msgpack-python, pycrypto, futures, MarkupSafe, PyYAML, tornado, requests, pyzmq
@garethgreenaway

This comment has been minimized.

Member

garethgreenaway commented Apr 5, 2018

@alexandergraul Thanks for the report. Looks like the try...except is looking for the wrong exception.

@absmith82

This comment has been minimized.

absmith82 commented May 15, 2018

It looks like this is an issue with pyopenssl. Was fixed 2 months ago but may not be in pypi yet.
pyca/pyopenssl#738

@rallytime

This comment has been minimized.

Contributor

rallytime commented Jul 13, 2018

@alexandergraul I have fixed this with #48580

@rallytime rallytime closed this in 736b382 Jul 25, 2018

cro added a commit to cro/salt that referenced this issue Jul 26, 2018

@jschmid1

This comment has been minimized.

jschmid1 commented Aug 16, 2018

The fix seemed to not have reached pypi. Looking at

git branch -r --contains 736b382e913e46bce69940350e32d530f7560dac

tells me that it should be in

  upstream/2017.7
  upstream/2017.7.8
  upstream/2018.3
  upstream/2018.3.3
  upstream/develop
  upstream/fluorine

from these branches I can find 2017.7.0 ( which resembles to 2017.7? ) and 2018.3 ( which resembles to 2018.3.0 ). If these assertions are truthful then we seem to miss the commit.

Otherwise the 3.3 and 7.8 are simply not yet released. Do you have any estimate about what those version will be on pypi? @Ch3LL @rallytime

@Ch3LL

This comment has been minimized.

Contributor

Ch3LL commented Aug 17, 2018

yeah we have not released 7.8 and 3.3 yet. we are trying to get it out by the end of this month :)

@jschmid1

This comment has been minimized.

jschmid1 commented Aug 17, 2018

yeah we have not released 7.8 and 3.3 yet. we are trying to get it out by the end of this month :)

thanks :)

@alem0lars

This comment has been minimized.

alem0lars commented Sep 15, 2018

Any workaround?

@Ch3LL

This comment has been minimized.

Contributor

Ch3LL commented Sep 25, 2018

you should be able to add the patch as a custom utils module and sync with https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.sync_utils

LukeCarrier added a commit to LukeCarrier/dotfiles that referenced this issue Oct 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment