Bug 1419299

Summary: python2-crypto-2.6.1-13 breaks duplicity SSH backend
Product: [Fedora] Fedora Reporter: Sina Sadeghi <sina.sa>
Component: python-cryptoAssignee: Paul Howarth <paul>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 24CC: athmanem, bkabrda, cstratak, dmalcolm, mhroncok, paul, pviktori, rkuska, s.adam, sina.sa, tomspur, torsava
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-08 07:56:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sina Sadeghi 2017-02-05 01:04:17 UTC 
Description of problem:
Upgrade from python2-crypto-2.6.1-10.fc24.x86_64 to python2-crypto-2.6.1-13.fc24.x86_64 causes duplicity SSH backend to fail.

Running "dnf downgrade python2-crypto" reverts to python2-crypto-2.6.1-10.fc24.x86_64 and backups succeed.

Version-Release number of selected component (if applicable):
python2-crypto-2.6.1-13.fc24.x86_64

How reproducible:
Easily.

Steps to Reproduce:
1. "dnf upgrade" on F24 causes update of python2-crypto to python2-crypto-2.6.1-13.fc24.x86_64
2. Use duplicity to backup to SSH destination.
3. See above failure.

Actual results:
ssh: Connected (version 2.0, client OpenSSH_7.2)
ssh: Unknown exception: CTR mode needs counter parameter, not IV
ssh: Traceback (most recent call last):
ssh:   File "/usr/lib/python2.7/site-packages/paramiko/transport.py", line 1744, in run
ssh:     self.kex_engine.parse_next(ptype, m)
ssh:   File "/usr/lib/python2.7/site-packages/paramiko/kex_group1.py", line 75, in parse_next
ssh:     return self._parse_kexdh_reply(m)
ssh:   File "/usr/lib/python2.7/site-packages/paramiko/kex_group1.py", line 112, in _parse_kexdh_reply
ssh:     self.transport._activate_outbound()
ssh:   File "/usr/lib/python2.7/site-packages/paramiko/transport.py", line 2074, in _activate_outbound
ssh:     engine = self._get_cipher(self.local_cipher, key_out, IV_out)
ssh:   File "/usr/lib/python2.7/site-packages/paramiko/transport.py", line 1649, in _get_cipher
ssh:     return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv, counter)
ssh:   File "/usr/lib64/python2.7/site-packages/Crypto/Cipher/AES.py", line 95, in new
ssh:     return AESCipher(key, *args, **kwargs)
ssh:   File "/usr/lib64/python2.7/site-packages/Crypto/Cipher/AES.py", line 59, in __init__
ssh:     blockalgo.BlockAlgo.__init__(self, _AES, key, *args, **kwargs)
ssh:   File "/usr/lib64/python2.7/site-packages/Crypto/Cipher/blockalgo.py", line 141, in __init__
ssh:     self._cipher = factory.new(key, *args, **kwargs)
ssh: ValueError: CTR mode needs counter parameter, not IV
ssh: 
Using temporary directory /tmp/duplicity-S9liSL-tempdir
Backend error detail: Traceback (most recent call last):
  File "/usr/bin/duplicity", line 1546, in <module>
    with_tempdir(main)
  File "/usr/bin/duplicity", line 1540, in with_tempdir
    fn()
  File "/usr/bin/duplicity", line 1375, in main
    action = commandline.ProcessCommandLine(sys.argv[1:])
  File "/usr/lib64/python2.7/site-packages/duplicity/commandline.py", line 1126, in ProcessCommandLine
    backup, local_pathname = set_backend(args[0], args[1])
  File "/usr/lib64/python2.7/site-packages/duplicity/commandline.py", line 1015, in set_backend
    globals.backend = backend.get_backend(bend)
  File "/usr/lib64/python2.7/site-packages/duplicity/backend.py", line 223, in get_backend
    obj = get_backend_object(url_string)
  File "/usr/lib64/python2.7/site-packages/duplicity/backend.py", line 209, in get_backend_object
    return factory(pu)
  File "/usr/lib64/python2.7/site-packages/duplicity/backends/ssh_paramiko_backend.py", line 235, in __init__
    self.config['port'], e))
BackendException: ssh connection to root.0.1:22 failed: CTR mode needs counter parameter, not IV


Expected results:
Backups to succeed.

Additional info:
Seems related to: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850025 and https://github.com/dlitz/pycrypto/issues/149
Comment 1 Paul Howarth 2017-02-06 13:59:33 UTC 
This should already be fixed with python-paramiko-2.1.1-2.fc24 (see Bug #1418084).
Comment 2 Paul Howarth 2017-02-07 15:21:32 UTC 
Have you been able to try updating to python-paramiko-2.1.1-2.fc24 yet?
Comment 3 Sina Sadeghi 2017-02-08 07:56:37 UTC 
Hi, 

I upgraded, looks to work, good stuff, thanks!
Comment 4 Paul Howarth 2017-02-08 08:16:38 UTC 

*** This bug has been marked as a duplicate of bug 1418084 ***