Opened 3 years ago

Closed 3 years ago

#63905 closed defect (fixed)

py38-cryptography problem with default_backend

Reported by: aaronm6 Owned by: stromnov (Andrey Stromnov)
Priority: Normal Milestone:
Component: ports Version: 2.7.1
Keywords: pyca cryptography Cc: mascguy (Christopher Nielsen), reneeotten (Renee Otten), cjones051073 (Chris Jones)
Port: py38-cryptography

Description

I recently upgraded to py38-cryptography @35.0.0_1. default_backend from cryptography.hazmat.backends now gives an error when called. Any encryption/decryption which requires this method now crashes. Here is the error:

>>> from cryptography.hazmat.backends import default_backend
>>> default_backend()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/cryptography/hazmat/backends/__init__.py", line 16, in default_backend
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 6, in <module>
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 82, in <module>
    from cryptography.hazmat.bindings.openssl import binding
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: dlopen(/opt/local/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so, 2): Symbol not found: _ERR_new
  Referenced from: /opt/local/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
  Expected in: flat namespace
 in /opt/local/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so

Change History (5)

comment:1 Changed 3 years ago by mascguy (Christopher Nielsen)

Cc: mascguy reneeotten cjones051073 added

Looks like it could be related to our OpenSSL migration.

@reneeotten and @cjones, thoughts on this?

comment:2 Changed 3 years ago by mascguy (Christopher Nielsen)

Owner: set to stromnov
Status: newassigned

comment:3 Changed 3 years ago by aaronm6

Dependencies of py38-cryptography which got upgraded on my system at the same time as it are:

openssl @3_1
openssl3 @3.0.0_5+legacy
py38-setuptools @58.5.3_0
python38 @3.8.12_3+optimizations
cargo @0.57.0_3

Though openssl at the bash command line to do aes en(de)cryption works fine, as before. Please let me know if there's any additional information I can provide which might help diagnose the issue. Thanks!

comment:4 Changed 3 years ago by cjones051073 (Chris Jones)

Looks like the rust build needs to also roll back to openssl 1.1

https://github.com/macports/macports-ports/commit/2fcca2001454305d0ed8b12c8d3a62ce42f00193

Oberon ~/Projects/MacPorts/ports > python3.8                             
Python 3.8.12 (default, Nov 10 2021, 05:25:30) 
[Clang 13.0.0 (clang-1300.0.29.3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.backends import default_backend
>>> default_backend()
<OpenSSLBackend(version: OpenSSL 1.1.1l  24 Aug 2021, FIPS: False)>

I don't know though if this is intrinsic to this particular port, or a consequence of the pythonX ports themselves being rolled back to 1.1....

comment:5 Changed 3 years ago by cjones051073 (Chris Jones)

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.