[strongSwan] Issues with loading imv-os and imv-attestation modules with Freeradius

Avesh Agarwal avesh.ncsu at gmail.com
Thu May 23 21:20:30 CEST 2013


Sorry to follow up on my own email:

On Fri, May 17, 2013 at 3:21 PM, Avesh Agarwal <avesh.ncsu at gmail.com> wrote:

> Hello,
>
> I am using OS and Attestation IMVs with Freeradius (with patch from TNC at FHH).
> However while loading these IMVs, I notice following issues:
>
> 1. OS IMV gets loaded but shows following errors:
>
>  [HSR] plugin 'random' failed to load:
> /usr/lib64/strongswan/plugins/libstrongswan-random.so: undefined symbol: dbg
> [HSR] plugin 'nonce' failed to load:
> /usr/lib64/strongswan/plugins/libstrongswan-nonce.so: undefined symbol:
> rng_quality_names
> [HSR] plugin 'gmp' failed to load:
> /usr/lib64/strongswan/plugins/libstrongswan-gmp.so: undefined symbol:
> private_key_equals
> [HSR] plugin 'pubkey' failed to load:
> /usr/lib64/strongswan/plugins/libstrongswan-pubkey.so: undefined symbol:
> chunk_empty
> [HSR] plugin 'x509' failed to load:
> /usr/lib64/strongswan/plugins/libstrongswan-x509.so: undefined symbol:
> chunk_empty
>
> I have checked and all the above plugins are available.
>
> The above issue seems to get solved and the reason was that libstrongswan
was not being loaded with RTLD_GLOBAL by the tnc-fhh's tncs module, and due
to this, plugins were not able to resolve symbols. However, somehow I do
not see the debug messages  saying that "plugin XXX loaded successfully",
even though I have following conf file:

libimcv {
  debug_level = 3
}

Any help is appreciated with this.



> 2. When loading attestation IMV, it segfaults at following location:
>
> Program received signal SIGSEGV, Segmentation fault.
> pts_meas_algo_probe (algorithms=algorithms at entry=0x7ff49dc9c2f0
> <supported_algorithms>)
>     at pts/pts_meas_algo.c:49
> 49        enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
> (gdb) bt
> #0  pts_meas_algo_probe (algorithms=algorithms at entry=0x7ff49dc9c2f0
> <supported_algorithms>)
>     at pts/pts_meas_algo.c:49
> #1  0x00007ff49da97eda in TNC_IMV_Initialize (imv_id=0, min_version=1,
> max_version=1,
>     actual_version=<optimized out>) at imv_attestation.c:93
> #2  0x00007ff4a19bbc42 in
> tncfhh::iel::IMVProperties::call_TNC_IMV_Initialize (this=this at entry
> =0x7ff4aa83f5c0)
>     at /usr/src/debug/tncfhh-0.8.3/tncs/src/tncs/iel/IMVProperties.cpp:431
> #3  0x00007ff4a19be5a5 in tncfhh::iel::IMVProperties::IMVProperties
> (this=0x7ff4aa83f5c0, id=0, name=...,
>     file=...) at
> /usr/src/debug/tncfhh-0.8.3/tncs/src/tncs/iel/IMVProperties.cpp:100
>
>
>
The above issue still persists, so any help is appreciated again.

Regards
Avesh


> I compiled strongswan with following flags:
>
>     --disable-charon \
>     --disable-aes \
>     --disable-des \
>     --disable-md5 \
>     --disable-pgp \
>     --disable-dnskey \
>     --disable-fips-prf \
>     --disable-xcbc \
>     --disable-stroke \
>     --disable-tools \
>     --disable-updown \
>     --disable-resolve \
>     --disable-kernel-netlink \
>     --enable-openssl \
>     --enable-sqlite \
>     --enable-imc-test \
>     --enable-imv-test \
>     --enable-imc-scanner \
>     --enable-imv-scanner  \
>     --enable-imc-attestation \
>     --enable-imv-attestation \
>     --enable-imv-os \
>     --enable-imc-os
>
> I am not sure what I am missing or where is the error, so any help would
> be appreciated. When using attestation IMV and OS IMV with charon daemon,
> things work fine.
>
> Thanks
> Avesh
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130523/ae769d34/attachment.html>


More information about the Users mailing list