Naveen Naveen - 2 months ago 79
Python Question

"OpenSSL: EC_KEY_generate_key FAIL ... error:00000000:lib(0):func(0):reason(0)" on pyelliptic.ECC()

I'm getting the above error while using

pyelliptic
(versions given below).

The python code which triggers it:

print("Salt: %s" % salt)
server_key = pyelliptic.ECC(curve="prime256v1") # ----->> Line2
print("Server_key: %s" % server_key) # ----->> Line3
server_key_id = base64.urlsafe_b64encode(server_key.get_pubkey()[1:])


The
"Salt: ..."
message is displayed okay, the error is in the
pyelliptic.ECC()
call.

Traceback:

File "/usr/local/lib/python2.7/dist-packages/pyelliptic/ecc.py", line 89, in __init__
self.privkey, self.pubkey_x, self.pubkey_y = self._generate()
File "/usr/local/lib/python2.7/dist-packages/pyelliptic/ecc.py", line 231, in _generate
raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ... " + OpenSSL.get_error())


The error(s) I get are (the 2nd one may or may not be relevant):


  1. Exception('[OpenSSL] EC_KEY_generate_key FAIL ... error:00000000:lib(0):func(0):reason(0)',)

    (Ref. File Link: https://github.com/yann2192/pyelliptic/blob/master/pyelliptic/ecc.py#L214 )

  2. extern "Python": function Cryptography_rand_bytes() called, but @ffi.def_extern() was not called in the current subinterpreter. Returning 0.



Requirements.txt (partial):

setuptools==27.1.2
cryptography==1.5
pyelliptic==1.5.7
pyOpenSSL==16.1.0


https://github.com/yann2192/pyelliptic/issues/39 says that
pyelliptic
v1.5.7
has some issues with old versions (Not sure if this is applicable here).

Other Details:

Python Version: 2.7.

Getting this error only on Google Compute Engine VM Instance.

Working Fine on Local Development Server.
Working Fine from python shell too Google Compute Engine VM.

(The question is a follow-up of 'EntryPoint' object has no attribute 'resolve' when using Google Compute Engine, the discussion there might be of use)

Answer

Just added the following:WSGIApplicationGroup %{GLOBAL}

in /etc/apache2/sites-available/default-ssl.conf file and all these errors got resolved.