HP UX Security Products and Features Software Cdsa Start Up Errors when calling CSSMModuleAttach

Page 118

Trouble Shooting HP CDSA

CDSA Start Up Errors when calling CSSM_ModuleAttach

CDSA Start Up Errors when calling

CSSM_ModuleAttach

Although CDSA start-up errors can be considered a subset of CDSA API errors, they generally require more effort to understand beyond looking at the error code. These type of errors usually originate as a result of an attempt to call CSSM_ModuleAttach.

One common error CDSA add-in developers may encounter is a failure of the HPUX shared library load function (shl_load) to load a requested add-in. CSSM_ModuleAttach will initiate a series of other function calls, one of which is shl_load. This will result in the error code 10031 being set (see above).

shl_load errors might imply many problems; but for add-in developers it typically implies that there are undefined functions or data in the shared library. Thus, one will not likely encounter this particular error if they are utilizing HP released add-in modules. However, if you are developing/debugging your own or someone else’s add-in module, this error could occur. To fix the problem, you want to make sure your add-in module does not refer to undefined functions or data.

Another error that may be encountered as a result of a CSSM_ModuleAttach occurs with CSP add-in modules only. In this situation, the inability to load is a result of an integrity check failure on the CSP. HP has designed the CDSA framework so that it can output a diagnostic integrity trace that allows the user to discern if integrity check failure is occurring.

Before running a CDSA application that is having trouble attaching, cd to the following directory:

<your_home_directory_path>/.cdsa/<your_user_name>

As an example, if your home directory was in /home/smith, and your user name was smith, you would cd to /home/smith/.cdsa/smith . Next, execute the following command:

touch enableIntegrityTrace

On start-up, CDSA checks for this file’s existence. If it detects the file, it outputs a complete trace of its integrity checking activities for start-up of CSSM and attachment to a CSP into the enableIntegrityTrace file.

If these actions are successful the trace file will have output identical to that shown below (although if you are trying to load a different CSP than libcsp_wwb.1, the CSP lib name will be different):

isl_InitializeSignedListFromImage: manifest hash confirmed!!!

isl_CreateCertificateChain: cert-chain validated; links = 1

118

Appendix E

Page 117 Page 119
Image 118
Page 117 Page 119
Contents Contents Sample Install Program Generating the Credential File Migrating to Cdsa ZIP format Private Key FileCommon Data Security Architecture Cdsa White Paper ChapterGlossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and AcronymsGlossary of Cdsa Terms and Acronyms RC2 Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms HP’s Implementation of Cdsa What Is CDSA?What Is CDSA? HP-UX Cdsa Product OverviewWhat Is CDSA? Cdsa Components in HP-UX Cdsa Components on HP-UXWhat Is CDSA? Example of Cdsa APIs Used for Applications vs. Shared Cdsa in the Context of Other Security ApplicationsLibraries CDSA, shown relative to higher-level protocols and user ApplicationsHP’s Paradigm Shift Common Security Services Manager Cssm Common Security Services Manager Cssm APICssm Module Information Files Cssmnotlongfilenamesys Public/Private Key Algorithms Cryptography Service Provider CSP APICryptography Service Provider CSP API Dual Asymmetric Key AlgorithmSymmetric Key Algorithm Authenticating a Digital Signature RC2 or RC4Cryptography Service Provider CSP API Hash Interaction between CSP and Applications CSP Operations Cryptography Service Provider CSP API Cryptography Service Provider CSP API Extensibility Functions Supported Functions and AlgorithmsCssmalgidcdmf Cssmalgiddsa Cssmalgiddh Purpose Pass-Through ID Certificate Library Services CL API Certificate Library Services CL APIWhat is a Certificate? Outline of a Generic CertificateCertificate Revocation List CRL and Operations Interaction between Certificate Library and Application Interaction between Cssm and Certificate Library Interface Operations on CertificatesCertificate Library Interface Certificate Library Services CL API Certificate Library Services CL API Certificate Library Services CL API INTELX509V3PASSTHROUGHCREATEENCODEDNAME INTELX509V3PASSTHROUGHENCODENAME INTELX509V3PASSTHROUGHENCODEALGID INTELX509V3PASSTHROUGHREADCERTFROMFILE INTELX509V3PASSTHROUGHENCODEREVOKEDCERTLIST INTELX509V3PASSTHROUGHFINDSUPPORTINGCSP INTELX509V3PASSTHROUGHCSSMKEYTOSPKI Role of Add-In Modules in the Cdsa Framework Introduction to Add-in ModulesIntroduction to Add-in Modules Design Criteria for Add-In Modules Global Unique Identifier GuidInitializer Code to Register Services with Cssm Add-In Module Install ProgramTo Install an Add-In Library How to Create a Cdsa Add-In Module for How to Create a Cdsa Add-In Module for HP-UXLd -b -o libmylib.1 +I MyAddInInit Implementing Integrity Checking in Add-In Modules Programming Self-Check Functions into the Initializer How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX Typeprocedure How to Create a Cdsa Add-In Module for HP-UX Or specify the following for CL/TP/DL add-ins With a Cssm capable of integrity checking Certificate Chain Validating the CSP CredentialsCredential File Validating the CSP CredentialsValidation Sequence Verifying a Certificate ChainIntegrity Check prior to Loading Verifying the signature on the .SF fileSHA-1 Self Check 11 Verifying the validity of the CSP libraryBilateral Authentication In-Memory vs. Static CheckingFurther References Concluding RemarksConcluding Remarks Concluding Remarks Sample Install Program Appendix aAppendix a Appendix a Cssmapimemoryfuncs Appendix a Else if argc != Destpath Sample Install Program Appendix a Sample Install Program Generating the Credential File Appendix BHP Signing Policy for CSP Add-In Vendors for Cdsa Version HP Signing Policy for CSP Add-In Vendors for Cdsa VersionSample Add-in Module Code Appendix CAppendix C Appendix C Sample Add-in Module Code Appendix C Cssmreturn = Null Sample Add-in Module Code == Cssmfail Cssmmodulefuncs Appendix C Sample Add-in Module Code Appendix C Sample Add-in Module Code Data 100 Appendix C 101 102 Appendix C 103 104 Functions Needed for Add-in Module Integrity Appendix D 105106 Trouble Shooting HP Cdsa Appendix E 107Cdsa API Errors Cdsa API Errors108 Appendix E 109 110 Appendix E 111 112 Appendix E 113 114 Appendix E 115 116 Appendix E 117 Cdsa Start Up Errors when calling CSSMModuleAttach Cdsa Start Up Errors when calling CSSMModuleAttach118 Appendix E 119 Debugging Core Dumps Using DDE to Debug Cdsa Applications120 Migrating to Cdsa Appendix F 121122 Appendix F 123 DL data structures 124ZIP format Appendix G 125126 Appendix G 127 128 Private Key File Appendix H 129Private Key File Contention 130
Related manuals
Manual 62 pages 27.73 Kb
Top Page Image Contents