salt.utils.rsax931._init_libcrypto() fails to initialize libopenssl1_1-1.1.0h

Created on 5 Apr 2018  路  8Comments  路  Source: saltstack/salt

Description of Issue/Question

Importing salt.utils.rsax931 raises OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)") with latest version of libopenss1_1 that comes with openSUSE Tumbleweed (1.1.0h).

However, when the try/except block that calls libcrypto.OPENSSL_init_crypto() explicitly is removed, no error is raised, but libopenssl is initialized implicitly. Implicit initialization is mentioned in the manpage:

As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required.

It also mentions, that it may be called explicitly when needed

However, there way be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required.

Steps to Reproduce Issue

Install libopenssl1_1-1.1.0h (openSUSE Tumbleweed in my case):

sudo zypper install libopenssl1_1=1.1.0h

Create virtual environment:

python -m virtualenv bugreport
source ./bugreport/bin/activate
pip install salt

Run python and try to import salt.utils.rsax931:

Python 2.7.14 (default, Oct 12 2017, 15:50:02) [GCC] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import salt.utils.rsax931
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/alex/programming/salt-python/bugreport/lib/python2.7/site-packages/salt/utils/rsax931.py", line 86, in <module>
    libcrypto = _init_libcrypto()
  File "/home/alex/programming/salt-python/bugreport/lib/python2.7/site-packages/salt/utils/rsax931.py", line 77, in _init_libcrypto
    raise OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)")
OSError: Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)

With the explicit initialization commented out:

73     # try:                                                                                                                                                                               
74     #     if libcrypto.OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG |                                                                                                                 
75     #                                      OPENSSL_INIT_ADD_ALL_CIPHERS |                                                                                                                
76     #                                      OPENSSL_INIT_ADD_ALL_DIGESTS, None) != 1:                                                                                                     
77     #         raise OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)")                                                                                         
78     # except AttributeError:                                                                                                                                                             
79     #     # Support for OpenSSL < 1.1 (OPENSSL_API_COMPAT < 0x10100000L)                                                                                                                 
80     #     libcrypto.OPENSSL_no_config()                                                                                                                                                  
81     #     libcrypto.OPENSSL_add_all_algorithms_noconf() 

>>> import salt.utils.rsax931 as rsax931
>>> rsax931.libcrypto
<CDLL 'libcrypto.so.1.1', handle 564d2e3396f0 at 7febe0060d10>



md5-493c726fb08986b56691fd8787ea32b7



zypper if libopenssl1_1                                                                                                                                                                 
Information for package libopenssl1_1:
--------------------------------------
Repository     : openSUSE-Tumbleweed-Oss                    
Name           : libopenssl1_1                              
Version        : 1.1.0h-1.1                                 
Arch           : x86_64                                     
Vendor         : openSUSE                                   
Installed Size : 3.0 MiB                                    
Installed      : Yes                                        
Status         : up-to-date                                 
Source package : openssl-1_1-1.1.0h-1.1.src                 
Summary        : Secure Sockets and Transport Layer Security
Description    :                                            
    OpenSSL is a software library to be used in applications that need to
    secure communications over computer networks against eavesdropping or
    need to ascertain the identity of the party at the other end.
    OpenSSL contains an implementation of the SSL and TLS protocols.



md5-e4c9e834c5574f07c547abd47392bcfc



pip show salt
Name: salt
Version: 2018.3.0
Summary: Portable, distributed, remote execution and configuration management system
Home-page: http://saltstack.org
Author: Thomas S Hatch
Author-email: [email protected]
License: Apache Software License 2.0
Location: /home/alex/programming/salt-python/bugreport/lib/python2.7/site-packages
Requires: Jinja2, msgpack-python, pycrypto, futures, MarkupSafe, PyYAML, tornado, requests, pyzmq
Bug P2 fixed-pending-your-verification severity-medium
Source
picture agraul

All 8 comments

@alexandergraul Thanks for the report. Looks like the try...except is looking for the wrong exception.

garethgreenaway picture garethgreenaway on 5 Apr 2018

It looks like this is an issue with pyopenssl. Was fixed 2 months ago but may not be in pypi yet.
https://github.com/pyca/pyopenssl/issues/738

absmith82 picture absmith82 on 15 May 2018

@alexandergraul I have fixed this with #48580

rallytime picture rallytime on 13 Jul 2018
👍1

The fix seemed to not have reached pypi. Looking at

git branch -r --contains 736b382e913e46bce69940350e32d530f7560dac

tells me that it should be in 

  upstream/2017.7
  upstream/2017.7.8
  upstream/2018.3
  upstream/2018.3.3
  upstream/develop
  upstream/fluorine

from these branches I can find 2017.7.0 ( which resembles to 2017.7? ) and 2018.3 ( which resembles to 2018.3.0 ). If these assertions are truthful then we seem to miss the commit.

Otherwise the 3.3 and 7.8 are simply not yet released. Do you have any estimate about what those version will be on pypi? @Ch3LL @rallytime

jschmid1 picture jschmid1 on 16 Aug 2018

yeah we have not released 7.8 and 3.3 yet. we are trying to get it out by the end of this month :)

Ch3LL picture Ch3LL on 17 Aug 2018

yeah we have not released 7.8 and 3.3 yet. we are trying to get it out by the end of this month :)

thanks :)

jschmid1 picture jschmid1 on 17 Aug 2018

Any workaround?

alem0lars picture alem0lars on 15 Sep 2018

you should be able to add the patch as a custom utils module and sync with https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.sync_utils

Ch3LL picture Ch3LL on 25 Sep 2018
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

commutecat picture commutecat  路  3Comments
qiushics picture qiushics  路  3Comments
udf2457 picture udf2457  路  3Comments
sfozz picture sfozz  路  3Comments
saurabhnemade picture saurabhnemade  路  3Comments