Don't manually register kernel_netlink_net
Load complete kernel_netlink plugin instead. Registering the TKM specific plugins first still ensures that the correct ipsec plugin is used. Lazy initialize the RNG_WEAK plugin to avoid the unsatisfiable soft dependency on startup.
This commit is contained in:
parent
32b2ea9edb
commit
ae6f4ee39f
|
@ -26,6 +26,7 @@ PLUGINS = \
|
|||
aes \
|
||||
constraints \
|
||||
hmac \
|
||||
kernel-netlink \
|
||||
pem \
|
||||
pkcs1 \
|
||||
pkcs8 \
|
||||
|
|
|
@ -27,7 +27,6 @@
|
|||
|
||||
#include <hydra.h>
|
||||
#include <daemon.h>
|
||||
#include <plugins/kernel_netlink/kernel_netlink_net.h>
|
||||
#include <library.h>
|
||||
#include <utils/backtrace.h>
|
||||
#include <threading/thread.h>
|
||||
|
@ -297,10 +296,6 @@ int main(int argc, char *argv[])
|
|||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
|
||||
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
|
||||
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
||||
PLUGIN_DEPENDS(RNG, RNG_WEAK),
|
||||
PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
|
||||
PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
|
||||
|
||||
};
|
||||
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
|
||||
countof(features), TRUE);
|
||||
|
|
|
@ -62,6 +62,16 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
|
|||
private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
|
||||
u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
|
||||
{
|
||||
if (!this->rng)
|
||||
{
|
||||
this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||
if (!this->rng)
|
||||
{
|
||||
DBG1(DBG_KNL, "unable to create RNG");
|
||||
return FAILED;
|
||||
}
|
||||
}
|
||||
|
||||
DBG1(DBG_KNL, "getting SPI for reqid {%u}", reqid);
|
||||
const bool result = this->rng->get_bytes(this->rng, sizeof(u_int32_t),
|
||||
(u_int8_t *)spi);
|
||||
|
@ -365,16 +375,9 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create()
|
|||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
|
||||
.sad = tkm_kernel_sad_create(),
|
||||
);
|
||||
|
||||
if (!this->rng)
|
||||
{
|
||||
DBG1(DBG_KNL, "unable to create RNG");
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
if (!this->sad)
|
||||
{
|
||||
DBG1(DBG_KNL, "unable to create SAD");
|
||||
|
|
|
@ -17,7 +17,6 @@
|
|||
#include <library.h>
|
||||
#include <hydra.h>
|
||||
#include <daemon.h>
|
||||
#include <plugins/kernel_netlink/kernel_netlink_net.h>
|
||||
|
||||
#include "tkm.h"
|
||||
#include "tkm_nonceg.h"
|
||||
|
@ -44,9 +43,6 @@ int main(void)
|
|||
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
|
||||
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
|
||||
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
||||
PLUGIN_DEPENDS(RNG, RNG_WEAK),
|
||||
PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
|
||||
PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
|
||||
};
|
||||
lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
|
||||
countof(features), TRUE);
|
||||
|
|
Loading…
Reference in New Issue