Don't manually register kernel_netlink_net

Load complete kernel_netlink plugin instead. Registering the TKM
specific plugins first still ensures that the correct ipsec plugin
is used.

Lazy initialize the RNG_WEAK plugin to avoid the unsatisfiable
soft dependency on startup.

4 files changed, 11 insertions, 16 deletions

diff --git a/src/charon-tkm/Makefile.am b/src/charon-tkm/Makefile.am
index 62731afb1..0f4f51853 100644
--- a/src/charon-tkm/Makefile.am
+++ b/src/charon-tkm/Makefile.am
@@ -26,6 +26,7 @@ PLUGINS = \
 	aes \
 	constraints \
 	hmac \
+	kernel-netlink \
 	pem \
 	pkcs1 \
 	pkcs8 \
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 7afde6e18..92217b87f 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -27,7 +27,6 @@
 
 #include <hydra.h>
 #include <daemon.h>
-#include <plugins/kernel_netlink/kernel_netlink_net.h>
 #include <library.h>
 #include <utils/backtrace.h>
 #include <threading/thread.h>
@@ -297,10 +296,6 @@ int main(int argc, char *argv[])
 			PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
 		PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
 			PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
-			PLUGIN_DEPENDS(RNG, RNG_WEAK),
-		PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
-			PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
-
 	};
 	lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
 			countof(features), TRUE);
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
index b0432998c..734bec73c 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
@@ -62,6 +62,16 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
 	private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
 	u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
 {
+	if (!this->rng)
+	{
+		this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+		if (!this->rng)
+		{
+			DBG1(DBG_KNL, "unable to create RNG");
+			return FAILED;
+		}
+	}
+
 	DBG1(DBG_KNL, "getting SPI for reqid {%u}", reqid);
 	const bool result = this->rng->get_bytes(this->rng, sizeof(u_int32_t),
 											 (u_int8_t *)spi);
@@ -365,16 +375,9 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create()
 				.destroy = _destroy,
 			},
 		},
-		.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
 		.sad = tkm_kernel_sad_create(),
 	);
 
-	if (!this->rng)
-	{
-		DBG1(DBG_KNL, "unable to create RNG");
-		destroy(this);
-		return NULL;
-	}
 	if (!this->sad)
 	{
 		DBG1(DBG_KNL, "unable to create SAD");
diff --git a/src/charon-tkm/tests/test_runner.c b/src/charon-tkm/tests/test_runner.c
index b22f1ff20..5ae032935 100644
--- a/src/charon-tkm/tests/test_runner.c
+++ b/src/charon-tkm/tests/test_runner.c
@@ -17,7 +17,6 @@
 #include <library.h>
 #include <hydra.h>
 #include <daemon.h>
-#include <plugins/kernel_netlink/kernel_netlink_net.h>
 
 #include "tkm.h"
 #include "tkm_nonceg.h"
@@ -44,9 +43,6 @@ int main(void)
 			PLUGIN_PROVIDE(DH, MODP_4096_BIT),
 		PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
 			PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
-			PLUGIN_DEPENDS(RNG, RNG_WEAK),
-		PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
-			PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
 	};
 	lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
 			countof(features), TRUE);