ed25519 is not supported cryptography version: 3.2

[nick2525]

cryptography Version: 3.2 reports that ed25519 is not supported by this version of OpenSSL, but in OpenSSL 1.1.1f ed25519 already supported.

My docker container is
lsb_release -a

Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal

uname -a

Linux raspberrypi 5.4.83-v7+ armv7l armv7l armv7l GNU/Linux
Debug in Python, Python is in virtualenv

Python 3.9.0 (default, Oct 28 2020, 23:50:03)
[GCC 7.4.0] on linux

from cryptography.hazmat.backends import default_backend
default_backend().openssl_version_text()
'OpenSSL 1.1.1f 31 Mar 2020'

So, I have openssl version 1.1.1f
when I try in python

from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
Ed25519PrivateKey.generate()

Traceback (most recent call last):
File "", line 1, in
File "/home/nick252/homeassistant/lib/python3.9/site-packages/cryptography/hazmat/primitives/asymmetric/ed25519.py", line 52, in generate
raise UnsupportedAlgorithm(
cryptography.exceptions.UnsupportedAlgorithm: ed25519 is not supported by this version of OpenSSL.

More info home-assistant/core#45363 and also created bug in OpenSSL openssl/openssl#13974

Sadness is that OpenSSL 1.1.1f is included in ubuntu 20.04 LTS and is unlikely to be updated, and now it's not even clear which side of the bug is on

[alex]

That's bizzare, ed25519 should be supported with any OpenSSL >=1.1.1b.

Can you tell me what happens when you run:

from cryptography.hazmat.bakends import default_backend
b = default_backend()
print(b._fips_enabled, b._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B)

[alex]

Sigh, let's try again but without typos:

from cryptography.hazmat.backends import default_backend
b = default_backend()
print((b._fips_enabled, b._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B))

[nick2525]

@alex (homeassistant) root@raspberrypi:/home/nick252/homeassistant# python3
Python 3.9.0 (default, Oct 28 2020, 23:50:03)
[GCC 7.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.

from cryptography.hazmat.backends import default_backend
b = default_backend()
print((b._fips_enabled, b._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B))
(False, 1)

[tiran]

Ubuntu 20.04 should have OpenSSL 1.1.1f. What's output of print(hex(b._lib.OPENSSL_VERSION_NUMBER))?

Did you perhaps compile cryptography on Ubuntu 18.04 and then copy the files to a 20.04 box?

[alex]

This looks to me like your cryptography was compiled against one version of OpenSSL, but linked against another. How did you install it?

[nick2525]

@tiran >>> print(hex(b._lib.OPENSSL_VERSION_NUMBER))
0x1010100f
I upgraded version of Ubuntu by
rename in /etc/apt/sources.list
sudo sed -i 's/bionic/focal/g' /etc/apt/sources.list
and when upgrade

@alex I installed it on Ubuntu 18.04, and I think in was upgraded during migrate to 20.04

[alex]

Yes, you need to reinstall (re-compile) cryptography if you upgrade the OpenSSL its linked against.

[nick2525]

Yes remove python cache ./.cache/pip/wheels/ everywhere fixes it