Project

General

Profile

Issue #3290

wolfssl plugin: symbol lookup error when loading configuration

Added by Victor Bogatyryev over 1 year ago. Updated 7 months ago.

Status:
Closed
Priority:
Low
Category:
build
Affected version:
5.8.1
Resolution:
No feedback

Description

Debian 5.3.9-3 (2019-11-19) x86_64 GNU/Linux
wolfssl-4.2.0 was built with this configuration:
./configure --enable-tls13 --enable-dtls --enable-ipv6 --enable-camellia --enable-curve25519 --enable-ed25519
strongswan-5.8.1 was built with this configuration:
./configure --prefix=/usr/local --sysconfdir=/etc --enable-wolfssl --enable-chapoly --enable-eap-tls

swanctl can't load configuration with error:
swanctl: symbol lookup error: /usr/local/lib/ipsec/plugins/libstrongswan-wolfssl.so: undefined symbol: mp_read_unsigned_bin

When plugin wolfssl is replaced by openssl in the configuration strongswan works smoothly:

swanctl -S
uptime: 72 minutes, since Dec 11 10:53:33 2019
worker threads: 16 total, 11 idle, working: 4/0/1/0
job queues: 0/0/0/0
jobs scheduled: 2
IKE_SAs: 1 total, 0 half-open
mallinfo: sbrk 1617920, mmap 0, used 769248, free 848672
loaded plugins: charon aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 chapoly xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown eap-tls xauth-generic counters

ipsec statusall
Status of IKE charon daemon (strongSwan 5.8.1, Linux 5.3.0-2-amd64, x86_64):
uptime: 79 minutes, since Dec 11 10:53:34 2019
malloc: sbrk 1617920, mmap 0, used 772688, free 845232
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
loaded plugins: charon aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 chapoly xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown eap-tls xauth-generic counters
Listening IP addresses:
123.34.201.47
Connections:
experimental: 123.34.201.47...%any IKEv2
experimental: local: [C=LT, ST=Volnus, L=Vilnus, O=Orion Ltd Server, OU=Orion Inc Root CA, CN=123.34.201.47, E=orion@orion.lt] uses public key authentication
experimental: cert: "C=LT, ST=Volnus, L=Vilnus, O=Orion Ltd Server, OU=Orion Inc Root CA, CN=123.34.201.47, E=orion@orion.lt"
experimental: remote: [C=LT, L=Vilnus, O=Orion Inc, CN=client, E=client@orion.lt] uses public key authentication
experimental: cert: "C=LT, L=Vilnus, O=Orion Inc, CN=client, E=client@orion.lt"
net: child: 0.0.0.0/0 === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
experimental[1]: ESTABLISHED 77 minutes ago, 123.34.201.47[C=LT, ST=Volnus, L=Vilnus, O=Orion Ltd Server, OU=Orion Inc Root CA, CN=123.34.201.47, E=orion@orion.lt]...22.145.123.77[C=LT, L=Vilnus, O=Orion Inc, CN=client, E=client@orion.lt]
experimental[1]: IKEv2 SPIs: 52f10fbe64ffc3d7_i 0e27914d7aed5e21_r*, rekeying in 2 hours
experimental[1]: IKE proposal: CHACHA20_POLY1305/PRF_HMAC_SHA2_512/CURVE_25519
net{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c62224c2_i c54ae1e2_o
net{2}: CHACHA20_POLY1305/CURVE_25519, 2877 bytes_i (46 pkts, 539s ago), 3478 bytes_o (43 pkts, 539s ago), rekeying in 35 minutes
net{2}: 0.0.0.0/0 === 10.50.60.1/32

History

#1 Updated by Tobias Brunner over 1 year ago

  • Category set to build
  • Status changed from New to Feedback

swanctl can't load configuration with error:
swanctl: symbol lookup error: /usr/local/lib/ipsec/plugins/libstrongswan-wolfssl.so: undefined symbol: mp_read_unsigned_bin

No idea. It works in our tests (see the following for the options we use: source:scripts/test.sh#L49). And since that function is used in wolfSSL itself all over the place (e.g. in the DH, ECC and RSA implementations) it seems strange that it wouldn't be defined.

When plugin wolfssl is replaced by openssl in the configuration strongswan works smoothly:

They have nothing in common.

#2 Updated by Tobias Brunner 7 months ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No feedback

Also available in: Atom PDF