[Swan-dev] 'error: ‘CKM_AES_CTR’ undeclared' while compiling libreswan-3.15

prasad zambare prasadzambare at gmail.com
Tue Sep 22 19:44:20 EEST 2015 

Hi Paul,

Sorry for very late reply. Today I resumed my work with libreswan. Thank
you for the help.

Today I managed to compile the libreswan with below steps. But ipsec
service is not getting started successfully.

Please find the below steps and let me know what I am missing or doing
wrong. Please guide me on how can I use or deploy the compiled binaries of
libreswan+nss.



Steps
--------
Downloaded nss-3.16 code from
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_RTM/src/nss-3.16-with-nspr-4.10.4.tar.gz

Downloaded nsprpub source from
https://github.com/makotokato/nsprpub

Downloaded libreswan source from
https://download.libreswan.org/libreswan-3.15.tar.gz

Installed following packages using yum install (Other required packages
were already installed)
pam-devel
libcap-ng-devel
curl-devel
fipscheck-devel
unbound-devel
xmlto

Extracted nsprpub code and compiled + installed using './configure; make;
make install'

Extracted nss-3.16.1 source code and compiled using
cd nss-3.16.1, gmake clean nss_build_all; make install;

Extracted libreswan-3.15 and cd libreswan-3.15

Commented 28th line from packaging/makefiles/module24.make to avoid
compilation error

Commented lines from Makefile.inc starting with NSSFLAGS and NSSLIBS (as
Makefile.inc.local was not present)

Appended below lines to Makefile.inc (as i did not find nss folder in
/usr/local/include, but found it in
/root/libreconfig/nss-3.16/dist/public/nss)
NSSFLAGS=-I/root/libreconfig/nss-3.16/dist/public/nss
-I/usr/local/include/nspr
NSSLIBS=-L/usr/local/lib -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4
-lnspr4 -lpthread -ldl


Also, set LD_LIBRARY_PATH to
/root/libreconfig/nss-3.16/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/lib (to
resolve undefined reference errors)

Compiled and installed using
make clean; make programs; make install

Checked output of command ipsec --help, The last line shows
Linux Libreswan U3.15/K(no kernel code presently loaded) on 2.6.39.4

Then copied certutil to /usr/bin (to avoid error "/usr/local/sbin/ipsec:
line 342: certutil: command not found" while starting ipsec service)
cp ../nss-3.16/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/certutil /usr/bin/

After these steps when '/etc/ipsec start' ipsec got started but immediately
after; the '/etc/ipsec status' showed it has stopped.


Thank You,
Prasad






On Mon, Sep 14, 2015 at 11:45 PM, Paul Wouters <paul at nohats.ca> wrote:

> On Mon, 14 Sep 2015, prasad zambare wrote:
>
> Thank you for the quick reply.
>>
>> I installed nss-3.16.1 using below steps
>> 1. Downloaded nss-3.16 code from
>>
>> https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_RTM/src/nss-3.16-with-nspr-4.10.4.tar.gz
>> 2. Downloaded nsprpub source from
>> https://github.com/makotokato/nsprpub
>> 3. Complied nsprpub code and installed
>> 4. Extracted nss-3.16.1 source code
>> 5. cd nss-3.16.1, gmake clean nss_build_all
>> 6. It got compiled
>>
>
> Did that install in /usr/local ?
>
> 7. cd ../libreswan-3.15 and did 'make clean; make programs'
>>
>
> We detect the nss includes via:
>
> $ pkg-config --cflags nss
> -I/usr/include/nss3 -I/usr/include/nspr4
>
> perhaps your old nss is still there and your new nss is in /usr/local ?
>
> You can override these by defining them in a Makefile.inc.local:
>
> #NSSFLAGS?=$(shell pkg-config --cflags nss)
> #NSSLIBS?=$(shell pkg-config --libs nss)
> NSSFLAGS=-I/usr/local/include/nss3 -I/usr/local/include/nspr4
> NSSLIBS=-L/usr/local/lib -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4
> -lnspr4 -lpthread -ldl
>
> Paul
>
>
> But still got the same error.
>>
>> /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c: In function
>> ‘test_aes_ctr’:
>> /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c:243: error:
>> ‘CKM_AES_CTR’ undeclared (first use in this function)
>> /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c:243: error: (Each
>> undeclared identifier is reported only once
>> /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c:243: error: for
>> each function it appears in.)
>> make[3]: *** [ctr_test_vectors.o] Error 1
>>
>>
>> Please let me know what went wrong? Please help me on this.
>>
>> Thank You,
>> Prasad
>>
>> On Mon, Sep 14, 2015 at 9:13 PM, Paul Wouters <paul at nohats.ca> wrote:
>>       On Mon, 14 Sep 2015, prasad zambare wrote:
>>
>>             I am getting compilation error while compiling libreswan-3.15
>> source code.
>>
>>             make[3]: Entering directory
>> `/root/libreswan-3.15/OBJ.linux.i386/programs/pluto'
>>             cc   -g -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
>> -fexceptions -fstack-protector-all -fno-strict-aliasing -fPIE -DPIE
>>             -DFORCE_PR_ASSERT -DDNSSEC -DFIPS_CHECK
>>             -DFIPSPRODUCTCHECK=\"/etc/system-fips\" -DKLIPS -DLIBCURL
>> -DUSE_LINUX_AUDIT -DUSE_MD5 -DHAVE_NM -DUSE_SHA2 -DUSE_SHA1
>>             -DFIPSPRODUCTCHECK=\"/etc/system-fips\"
>>             -DIPSEC_CONF=\"/etc/ipsec.conf\"
>> -DIPSEC_CONFDDIR=\"/etc/ipsec.d\" -DIPSEC_NSSDIR=\"/etc/ipsec.d\"
>>             -DIPSEC_CONFDIR=\"/etc\"
>> -DIPSEC_EXECDIR=\"/usr/local/libexec/ipsec\"
>>             -DIPSEC_SBINDIR=\"/usr/local/sbin\" -DIPSEC_VARDIR=\"/var\"
>> -DPOLICYGROUPSDIR=\"/etc/ipsec.d/policies\"
>>             -DSHARED_SECRETS_FILE=\"/etc/ipsec.secrets\" -DGCC_LINT
>>             -DALLOW_MICROSOFT_BAD_PROPOSAL  -Wall -Wextra -Wformat
>> -Wformat-nonliteral -Wformat-security -Wundef
>>             -Wmissing-declarations -Wredundant-decls -Wnested-externs
>>             -I/root/libreswan-3.15/ports/linux/include
>> -I/root/libreswan-3.15/ports/linux/include
>>             -I/root/libreswan-3.15/ports/linux/include
>> -I/root/libreswan-3.15/ports/linux/include
>>             -I/root/libreswan-3.15/programs/pluto/linux26
>> -I/root/libreswan-3.15/include -I/root/libreswan-3.15/lib/libcrypto
>>             -I/root/libreswan-3.15/linux/include   -DUSE_KEYRR
>> -DNETKEY_SUPPORT
>>             -DKERNEL26_HAS_KAME_DUPLICATES -DPFKEY  -DUSE_TWOFISH
>> -DUSE_SERPENT -DKLIPS -DPFKEY    -DUSE_AES -DUSE_3DES -DUSE_SHA2
>>             -DUSE_SHA1 -DUSE_MD5 -DUSE_CAMELLIA   -DXAUTH_HAVE_PAM
>> -DLIBCURL
>>             -DFIPS_CHECK -DHAVE_LIBCAP_NG -DHAVE_NM -I/usr/include/nss3
>> -I/usr/include/nspr4     \
>>                             -MMD -MF ./ctr_test_vectors.d \
>>                             -o ./ctr_test_vectors.o \
>>                             -c
>> /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c
>>             /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c: In
>> function ‘test_aes_ctr’:
>>             /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c:243:
>> error: ‘CKM_AES_CTR’ undeclared (first use in this
>>             function)
>>             /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c:243:
>> error: (Each undeclared identifier is reported only once
>>             /root/libreswan-3.15/programs/pluto/ctr_test_vectors.c:243:
>> error: for each function it appears in.)
>>             make[3]: *** [ctr_test_vectors.o] Error 1
>>             make[3]: Leaving directory
>> `/root/libreswan-3.15/OBJ.linux.i386/programs/pluto'
>>             make[2]: *** [local-base] Error 2
>>             make[2]: Leaving directory
>> `/root/libreswan-3.15/programs/pluto'
>>             make[1]: *** [all] Error 2
>>             make[1]: Leaving directory `/root/libreswan-3.15/programs'
>>             make: *** [all] Error 2
>>
>>             Tried searching on internet but did not find the solution.
>> Please provide some pointers so that I can fix this issue.
>>
>>
>> It seems you have an old version of nss then? AES CTR was introduced in
>> nss-3.14 (not libreswan-3.14)
>>
>> You should be using at least nss-3.16.
>>
>> Paul
>>
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20150922/7d713e67/attachment.html>

More information about the Swan-dev mailing list