1

I am getting exactly the same error as mentioned in -> The library libcrypto could not be found

I understood the issue, however, I could not figure out the resolution. Do I need to update my lambda configuration or do I need to upgrade my Python libraries?

PFB my requriements.txt files

cryptography==36.0.2
botocore==1.20.0
azure-storage-blob==2.1.0
azure-storage-common==2.1.0
boto3==1.17.0
asn1crypto==1.5.1
certifi==2022.9.14
cffi==1.15.1
charset-normalizer==2.1.1
filelock==3.8.0
idna==3.4
oscrypto==1.3.0
pycparser==2.21
pycryptodomex==3.15.0
PyJWT==2.5.0
pyOpenSSL==22.0.0
pytz==2022.2.1
requests==2.28.1
typing_extensions==4.3.0
urllib3==1.26.12

My docker file -

FROM python:3.9-alpine3.16

COPY requirements.txt requirements.txt

RUN apk --update --no-cache add --virtual build-dependencies gcc python3-dev musl-dev libc-dev linux-headers libxslt-dev libxml2-dev py-pip ca-certificates wget libffi-dev openssl-dev python3-dev expat==2.4.9-r0 py-pip build-base zlib zlib-dev libressl libressl-dev \
&& apk add python3 make g++ \
&& pip install --upgrade pip \
&& pip install --upgrade pip setuptools \
&& pip install -r requirements.txt \
&& apk del build-dependencies

RUN pip install snowflake-connector-python==2.8.0 --no-use-pep517
RUN python -c 'from oscrypto import asymmetric'

Attempting docker build with the Dockerfile above results in a failure with:

Step 4/4 : RUN python -c 'from oscrypto import asymmetric'
 ---> Running in dc8f8b8920ac
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/local/lib/python3.9/site-packages/oscrypto/asymmetric.py", line 19, in <module>
    from ._asymmetric import _unwrap_private_key_info
  File "/usr/local/lib/python3.9/site-packages/oscrypto/_asymmetric.py", line 27, in <module>
    from .kdf import pbkdf1, pbkdf2, pkcs12_kdf
  File "/usr/local/lib/python3.9/site-packages/oscrypto/kdf.py", line 9, in <module>
    from .util import rand_bytes
  File "/usr/local/lib/python3.9/site-packages/oscrypto/util.py", line 14, in <module>
    from ._openssl.util import rand_bytes
  File "/usr/local/lib/python3.9/site-packages/oscrypto/_openssl/util.py", line 6, in <module>
    from ._libcrypto import libcrypto, libcrypto_version_info, handle_openssl_error
  File "/usr/local/lib/python3.9/site-packages/oscrypto/_openssl/_libcrypto.py", line 9, in <module>
    from ._libcrypto_cffi import (
  File "/usr/local/lib/python3.9/site-packages/oscrypto/_openssl/_libcrypto_cffi.py", line 27, in <module>
    raise LibraryNotFoundError('The library libcrypto could not be found')
oscrypto.errors.LibraryNotFoundError: The library libcrypto could not be found
The command '/bin/sh -c python -c 'from oscrypto import asymmetric'' returned a non-zero code: 1
Charles Duffy
  • 280,126
  • 43
  • 390
  • 441
tech-guru
  • 13
  • 4
  • 2
    We need enough information to reproduce the problem (in a manner identical enough to your deployment environment that fixing the [mre] you provide will also constitute solving your problem). If this is Docker, which base image are you using? Can you give us a Dockerfile that, when run, shows the issue? – Charles Duffy Oct 06 '22 at 16:28
  • libcrypto is not a Python library; it's one of the components of OpenSSL. As such, how it's installed depends on your distro. – Charles Duffy Oct 06 '22 at 16:28
  • @CharlesDuffy I added my docker image and requirements.txt file for your reference. Can you help me how can I install the libcrypto in my docker image? – tech-guru Oct 06 '22 at 16:52
  • That Dockerfile comes with a perfectly good libcrypto.so.1.1 -- but I don't have your `service_commitment_metrics.py`, so I can't run your exact code to see the exception. Again, a [mre] needs to cause the exact problem when run without changes (and your question should show the problem -- I don't any stack trace right now, so even if I _did_ get an exception about libcrypto running your Dockerfile, I wouldn't know if all the details -- stack trace etc -- were identical). – Charles Duffy Oct 06 '22 at 17:07
  • @CharlesDuffy Added code snippet & traceback – tech-guru Oct 06 '22 at 17:24
  • Great -- knowing that it's libcrypto-cffi that's failing was a critical piece of the puzzle, and only with the new edit is that part of your question. – Charles Duffy Oct 06 '22 at 17:30
  • @CharlesDuffy Could you please help me with the resolution? I have been struggling with this since ages now. I would really appreciate. TIA! – tech-guru Oct 06 '22 at 17:48
  • I'm away from the keyboard for a while, unfortunately. If this is still unanswered when I'm back at a proper computer I'll poke at it some more. – Charles Duffy Oct 06 '22 at 17:51
  • Ran it down. Does the answer include enough for you to be able to help yourself next time you run into a similar bug, or is there more I should add? – Charles Duffy Oct 07 '22 at 00:07

2 Answers2

1

The exception is taking place at https://github.com/wbond/oscrypto/blob/1.3.0/oscrypto/_openssl/_libcrypto_cffi.py

Tracking through oscrypto._ffi, the problem comes down to an issue opening libcrypto with the ctypes library:

>>> import ctypes.util
>>> ctypes.util.find_library('crypto')
>>>

Why? Because /usr/lib has only libcrypto.so.1.1, and not a libcrypto.so symlink pointing to it. Easily fixed by adding an extra line to your Dockerfile:

RUN ln -s libcrypto.so.1.1 /usr/lib/libcrypto.so

...after which Python's ctypes behaves:

>>> from ctypes.util import find_library
>>> find_library('crypto')
'libcrypto.so.1.1'

...and so does oscrypto:

>>> from oscrypto import asymmetric
>>>
Charles Duffy
  • 280,126
  • 43
  • 390
  • 441
0

According to oscrypto docs you should call oscrypto.use_openssl() with libcrypto and libssl path to the corresponding .so files:

oscrypto.use_openssl(libcrypto_path="/usr/lib/libcrypto.so", libssl_path="/usr/lib/libssl.so")
Joaquín L. Robles
  • 6,261
  • 10
  • 66
  • 96