[strongSwan] Issues with loading imv-os and imv-attestation modules with Freeradius

Avesh Agarwal avesh.ncsu at gmail.com
Fri May 17 21:21:16 CEST 2013 

Hello,

I am using OS and Attestation IMVs with Freeradius (with patch from TNC at FHH).
However while loading these IMVs, I notice following issues:

1. OS IMV gets loaded but shows following errors:

 [HSR] plugin 'random' failed to load:
/usr/lib64/strongswan/plugins/libstrongswan-random.so: undefined symbol: dbg
[HSR] plugin 'nonce' failed to load:
/usr/lib64/strongswan/plugins/libstrongswan-nonce.so: undefined symbol:
rng_quality_names
[HSR] plugin 'gmp' failed to load:
/usr/lib64/strongswan/plugins/libstrongswan-gmp.so: undefined symbol:
private_key_equals
[HSR] plugin 'pubkey' failed to load:
/usr/lib64/strongswan/plugins/libstrongswan-pubkey.so: undefined symbol:
chunk_empty
[HSR] plugin 'x509' failed to load:
/usr/lib64/strongswan/plugins/libstrongswan-x509.so: undefined symbol:
chunk_empty

I have checked and all the above plugins are available.

2. When loading attestation IMV, it segfaults at following location:

Program received signal SIGSEGV, Segmentation fault.
pts_meas_algo_probe (algorithms=algorithms at entry=0x7ff49dc9c2f0
<supported_algorithms>)
    at pts/pts_meas_algo.c:49
49        enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
(gdb) bt
#0  pts_meas_algo_probe (algorithms=algorithms at entry=0x7ff49dc9c2f0
<supported_algorithms>)
    at pts/pts_meas_algo.c:49
#1  0x00007ff49da97eda in TNC_IMV_Initialize (imv_id=0, min_version=1,
max_version=1,
    actual_version=<optimized out>) at imv_attestation.c:93
#2  0x00007ff4a19bbc42 in
tncfhh::iel::IMVProperties::call_TNC_IMV_Initialize (this=this at entry
=0x7ff4aa83f5c0)
    at /usr/src/debug/tncfhh-0.8.3/tncs/src/tncs/iel/IMVProperties.cpp:431
#3  0x00007ff4a19be5a5 in tncfhh::iel::IMVProperties::IMVProperties
(this=0x7ff4aa83f5c0, id=0, name=...,
    file=...) at
/usr/src/debug/tncfhh-0.8.3/tncs/src/tncs/iel/IMVProperties.cpp:100


I compiled strongswan with following flags:

    --disable-charon \
    --disable-aes \
    --disable-des \
    --disable-md5 \
    --disable-pgp \
    --disable-dnskey \
    --disable-fips-prf \
    --disable-xcbc \
    --disable-stroke \
    --disable-tools \
    --disable-updown \
    --disable-resolve \
    --disable-kernel-netlink \
    --enable-openssl \
    --enable-sqlite \
    --enable-imc-test \
    --enable-imv-test \
    --enable-imc-scanner \
    --enable-imv-scanner  \
    --enable-imc-attestation \
    --enable-imv-attestation \
    --enable-imv-os \
    --enable-imc-os

I am not sure what I am missing or where is the error, so any help would be
appreciated. When using attestation IMV and OS IMV with charon daemon,
things work fine.

Thanks
Avesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130517/7906056e/attachment.html>

More information about the Users mailing list