field has incomplete type 'BIGNUM' (aka 'struct bignum_st')

balanga · Oct 27, 2019

Looking at multimedia/oscam it is marked as broken because of:-

field has incomplete type 'BIGNUM' (aka 'struct bignum_st')

It has been like this for some time, although I did manage to install it at one time, but need to install it on another system.

Does anyone know what the above error is due to or how to fix it?

yuripv · Oct 27, 2019

Looking at its Makefile, it seems to be marked broken only if OpenSSL from base is used. You could try forcing it to use the one from ports using https://wiki.freebsd.org/OpenSSL#OpenSSL_for_ports (didn't test).

balanga · Oct 27, 2019

yuripv said:
Looking at its Makefile, it seems to be marked broken only if OpenSSL from base is used. You could try forcing it to use the one from ports using https://wiki.freebsd.org/OpenSSL#OpenSSL_for_ports (didn't test).

Not sure what to make of that.... Are we waiting for a fix to OpenSSL 1.1.1?

The page above mentions:-

Build issues with OpenSSL 1.1.1

A bit opportune, but currently (2018-08-17) OpenSSL 1.1.1 is beta 6 (-pre8). As the TLS 1.3 standard is now finalized, hopefully we'll see a 1.1.1 release very soon.

Collected on the 1.1.1 known problems sub-page

That is over a year ago. Has there been any progress since?

yuripv · Oct 27, 2019

I only linked that page (and specific part of it) to show how to use the OpenSSL from ports. And no, we are not waiting for a fix to OpenSSL 1.1.1, though it should be possible to fix the port to build with base OpenSSL, but it's out of context of this post.

balanga · Oct 27, 2019

I changed /etc/make.conf to include:-

Code:

DEFAULT_VERSIONS+= ssl=openssl

but ended up with:-

Code:

CC    reader-conax.c
CC    reader-cryptoworks.c
reader-cryptoworks.c:10:18: error: field has incomplete type 'BIGNUM'
      (aka 'struct bignum_st')
        BIGNUM          exp;
                        ^

Is there anything else I should try?

yuripv · Oct 27, 2019

That would mean the port is broken with ports OpenSSL as well, *or* it still builds against the base one which would mean a problem with port.

Anyway, if you don't need the SSL support, you could do the following (worked for me):

Code:

vega:yuripv:/usr/ports/multimedia/oscam$ make patch
===>  License GPLv3 accepted by the user
===>   oscam-1.20_1 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by oscam-1.20_1 for building
===>  Extracting for oscam-1.20_1
=> SHA256 Checksum OK for oscam-1.20.tar.bz2.
===>  Patching for oscam-1.20_1
===>  Applying FreeBSD patches for oscam-1.20_1
vega:yuripv:/usr/ports/multimedia/oscam$ sed -i.bak '/SSL/d' work/oscam-1.20/config.h
vega:yuripv:/usr/ports/multimedia/oscam$ make
...

Otherwise, someone would need to look at updating the port or fixing the current version if there's no newer one.

beppo · Nov 2, 2019

I managed to get oscam from ports working with the following measures:

set openssl in make.conf as default version (although I first thought libressl from ports should be used instead of openssl from ports, got it thanks to this thread)
patch oscam from ports (SVN Revision: 506498) with patch-cryptoworks.h from oscam ticket #4590 closed defect (fixed) Compile error Debian 9 #11370
install oscam from ports

This should be it (I am pretty sure I did nothing else

)

/etc/make.conf

Code:

# libressl for oscam
DEFAULT_VERSIONS+= ssl=openssl

/usr/ports/multimedia/oscam/files/patch-cryptoworks.h

Code:

--- reader-cryptoworks.c_old    2017-09-09 11:09:37.481934617 +0000
+++ reader-cryptoworks.c    2017-09-09 11:11:14.551402509 +0000
@@ -8,8 +8,8 @@
 struct bignum_st;
 struct cryptoworks_data
 {
-    BIGNUM          exp;
-    BIGNUM          ucpk;
+    BIGNUM          *exp;
+    BIGNUM          *ucpk;
     int32_t         ucpk_valid;
 };
 
@@ -282,15 +282,15 @@
         if(search_boxkey(reader, reader->caid, (char *)keybuf))
         {
             ipk = BN_new();
-            BN_bin2bn(cwexp, sizeof(cwexp), &csystem_data->exp);
+            BN_bin2bn(cwexp, sizeof(cwexp), csystem_data->exp);
             BN_bin2bn(keybuf, 64, ipk);
-            cw_RSA(reader, cta_res + 2, cta_res + 2, 0x40, &csystem_data->exp, ipk, 0);
+            cw_RSA(reader, cta_res + 2, cta_res + 2, 0x40, csystem_data->exp, ipk, 0);
             BN_free(ipk);
             csystem_data->ucpk_valid = (cta_res[2] == ((mfid & 0xFF) >> 1));
             if(csystem_data->ucpk_valid)
             {
                 cta_res[2] |= 0x80;
-                BN_bin2bn(cta_res + 2, 0x40, &csystem_data->ucpk);
+                BN_bin2bn(cta_res + 2, 0x40, csystem_data->ucpk);
                 rdr_log_dump_dbg(reader, D_READER, cta_res + 2, 0x40, "IPK available -> session-key:");
             }
             else
@@ -298,7 +298,7 @@
                 csystem_data->ucpk_valid = (keybuf[0] == (((mfid & 0xFF) >> 1) | 0x80));
                 if(csystem_data->ucpk_valid)
                 {
-                    BN_bin2bn(keybuf, 0x40, &csystem_data->ucpk);
+                    BN_bin2bn(keybuf, 0x40, csystem_data->ucpk);
                     rdr_log_dump_dbg(reader, D_READER, keybuf, 0x40, "session-key found:");
                 }
                 else
@@ -400,7 +400,7 @@
                     {
                         if(csystem_data->ucpk_valid)
                         {
-                            cw_RSA(reader, &cta_res[i + 2], &cta_res[i + 2], n, &csystem_data->exp, &csystem_data->ucpk, 0);
+                            cw_RSA(reader, &cta_res[i + 2], &cta_res[i + 2], n, csystem_data->exp, csystem_data->ucpk, 0);
                             rdr_log_dbg(reader, D_READER, "after camcrypt");
                             r = 0;
                             secLen = n - 4;

in /usr/ports/multimedia/oscam/
make patch
make install

beppo · Nov 3, 2019

Just a small remark: The oscam webinterface is working with ssl. Hence ssl is working.

balanga · Nov 4, 2019

beppo said:
I managed to get oscam from ports working with the following measures:

set openssl in make.conf as default version (although I first thought libressl from ports should be used instead of openssl from ports, got it thanks to this thread)

patch oscam from ports (SVN Revision: 506498) with patch-cryptoworks.h from oscam ticket #4590 closed defect (fixed) Compile error Debian 9 #11370

install oscam from ports

This should be it (I am pretty sure I did nothing else )

/etc/make.conf

Code:

# libressl for oscam DEFAULT_VERSIONS+= ssl=openssl

/usr/ports/multimedia/oscam/files/patch-cryptoworks.h

in /usr/ports/multimedia/oscam/
make patch

/etc/make.conf

Code:

# libressl for oscam DEFAULT_VERSIONS+= ssl=openssl

/usr/ports/multimedia/oscam/files/patch-cryptoworks.h

in /usr/ports/multimedia/oscam/

make patch

make install

I'm trying replicate this but am getting hopelessly lost. Can you give me a starting point?

Starting on a pristine system which only has the base OS (FreeBSD 12.0-RELEASE-amd64) installed and boots up to a command prompt, what should I do? Something like this?

Code:

cat <<EOF >> /etc/make.conf
 # libressl for oscam
DEFAULT_VERSIONS+= ssl=openssl
EOF

portsnap fetch
portsnap extract


cd /usr/ports/multimedia/oscam

cat <<EOF >> /usr/ports/multimedia/oscam/files/patch-cryptoworks.h
-                BN_bin2bn(cta_res + 2, 0x40, &csystem_data->ucpk);
+                BN_bin2bn(cta_res + 2, 0x40, csystem_data->ucpk);
                 rdr_log_dump_dbg(reader, D_READER, cta_res + 2, 0x40, "IPK available -> session-key:");
             }
             else
@@ -298,7 +298,7 @@
                 csystem_data->ucpk_valid = (keybuf[0] == (((mfid & 0xFF) >> 1) | 0x80));
                 if(csystem_data->ucpk_valid)
                 {
-                    BN_bin2bn(keybuf, 0x40, &csystem_data->ucpk);
+                    BN_bin2bn(keybuf, 0x40, csystem_data->ucpk);
                     rdr_log_dump_dbg(reader, D_READER, keybuf, 0x40, "session-key found:");
                 }
                 else
@@ -400,7 +400,7 @@
                     {
                         if(csystem_data->ucpk_valid)
                         {
-                            cw_RSA(reader, &cta_res[i + 2], &cta_res[i + 2], n, &csystem_data->exp, &csystem_data->ucpk, 0);
+                            cw_RSA(reader, &cta_res[i + 2], &cta_res[i + 2], n, csystem_data->exp, csystem_data->ucpk, 0);
                             rdr_log_dbg(reader, D_READER, "after camcrypt");
                             r = 0;
                             secLen = n - 4;
EOF

make patch
make install

beppo · Nov 5, 2019

Yes this looks correct. You have to install openssl from ports of course for my solution.

cd /usr/ports/security/openssl/ && make config (-> enable everything ) && make install clean

Remark:
As Freebsd 12.1-RELEASE has been released and openssl111 is included, you might try the openssl111 port instead of openssl. You could also try openssl111 or bearssl from base instead of utilizing ports.