Cannot build with pip because of EVP_CIPHER_CTX error

[gullevek]

When I try to build attic on Debian/Testing box with python 3.5 (pip 9.0.1) and openssl 1.1.0c-2 I get the following error during build

attic/crypto.c:448:18: error: field 'ctx' has incomplete type
EVP_CIPHER_CTX ctx;

[karolszk]

Hi! Has anybody know how to fix this issue?

still opened on Debian/Testing/Stretch, I tried to compile Attic in virtualenv with python3.

creating build/temp.linux-x86_64-3.5/attic
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fdebug-prefix-map=/build/python3.5-MLq5fN/python3.5-3.5.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include -I/usr/include/python3.5m -I/home/karol/qo/ENV_ATTIC/include/python3.5m -c attic/crypto.c -o build/temp.linux-x86_64-3.5/attic/crypto.o
attic/crypto.c:448:18: error: field ‘ctx’ has incomplete type
EVP_CIPHER_CTX ctx;
^~~
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

[ThomasWaldmann]

attic is not compatible with openssl 1.1.0.

use borgbackup. ;-)

[ways]

Same on fedora 26:

...
running build_ext
cythoning attic/crypto.pyx to attic/crypto.c
building 'attic.crypto' extension
creating build/temp.linux-x86_64-3.6
creating build/temp.linux-x86_64-3.6/attic
gcc -pthread -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include -I/usr/include/python3.6m -c attic/crypto.c -o build/temp.linux-x86_64-3.6/attic/crypto.o
attic/crypto.c:646:18: error: field ‘ctx’ has incomplete type
   EVP_CIPHER_CTX ctx;
                  ^~~
error: command 'gcc' failed with exit status 1

[antonisant]

same on Debian 9.1.0
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fdebug-prefix-map=/build/python3.5-MLq5fN/python3.5-3.5.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include -I/usr/include/python3.5m -c attic/crypto.c -o build/temp.linux-x86_64-3.5/attic/crypto.o
attic/crypto.c:448:18: error: field ‘ctx’ has incomplete type
EVP_CIPHER_CTX ctx;
^~~
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

----------------------------------------

[bigtonylewis]

Solution on debian:
apt install libssl1.0-dev
This uninstalls the 1.1.0 header files and installs the older ones, allowing the build to proceed

[jmfernandez]

I have just developed a patch to fix this issue with OpenSSL 1.1.0:

https://github.com/jmfernandez/portage-inb-overlay/blob/master/app-backup/attic/files/attic-0.16-openssl-1.1-fix.patch

[ThomasWaldmann]

@jmfernandez ever heard of borgbackup? it's solved there since long.

[jmfernandez]

@jmfernandez ever heard of borgbackup? it's solved there since long.

Yes, but I have to have a working Attic installation , in order to restore/migrate old backups

[ThomasWaldmann]

Ah! Other options would be:

• convert archives to borg
• patch borg to be happy with the attic magics (just an idea, didn't look deeply in that)

[guedou]

I have just developed a patch to fix this issue with OpenSSL 1.1.0:

https://github.com/jmfernandez/portage-inb-overlay/blob/master/app-backup/attic/files/attic-0.16-openssl-1.1-fix.patch

Thanks it worked perfectly!

[ThomasWaldmann]

+    const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *a)

@jmfernandez where did you find this? is it official part of the api?

[jmfernandez]

+    const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *a)

@jmfernandez where did you find this? is it official part of the api?

The function is not publicly documented, but it is declared in the same include file as other publicly documented functions, like EVP_CIPHER_CTX_iv_length. I found it by chance, when I was having a look at the implementation of EVP_CIPHER_CTX_iv_length

[ThomasWaldmann]

Interesting. So the question now is whether the missing docs are the bug or the function being in that header file.

[andlaus]

I had the same problem and your patch made it work perfectly. thanks! can you open a pull request to avoid having it to apply manually?

@ThomasWaldmann: I suppose that making this type visible for user code was a mistake in old openSSL versions and treating EVP_CIPHER_CTX as opaque data has been the intention from day 1 of that API (i.e, the patch should also work with previous openSSL versions: at least openSSL 1.0.2 seems to exhibit the same API.)

[jmfernandez]

I had the same problem and your patch made it work perfectly. thanks! can you open a pull request to avoid having it to apply manually?

@ThomasWaldmann: I suppose that making this type visible for user code was a mistake in old openSSL versions and treating EVP_CIPHER_CTX as opaque data has been the intention from day 1 of that API (i.e, the patch should also work with previous openSSL versions: at least openSSL 1.0.2 seems to exhibit the same API.)

I have just created it (#399)

[ikunyemingor]

Solution on debian:
apt install libssl1.0-dev
This uninstalls the 1.1.0 header files and installs the older ones, allowing the build to proceed

Worked perfectly for Ubuntu 18.04