From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 1 Dec 2022 16:58:08 +0000 (+0100)
Subject: charon-tkm: Use built-in plugins instead of OpenSSL
X-Git-Tag: 5.9.9rc1~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1ce8772367ff7f8e2fd09bd956b9ae135081835;p=thirdparty%2Fstrongswan.git

charon-tkm: Use built-in plugins instead of OpenSSL

Since the encryption has been moved into the TKM we don't rely on many
cryptographic operations.  Mainly SHA-1 that's used in IKEv2 (NAT-D) and
for some internal hashes (cookies, message duplicate detection), and
certificate and public key parsing (not the actual signature/chain
verification, which is done by the TKM).
---

diff --git a/src/charon-tkm/Makefile.am b/src/charon-tkm/Makefile.am
index 95e8745910..03648341b8 100644
--- a/src/charon-tkm/Makefile.am
+++ b/src/charon-tkm/Makefile.am
@@ -27,9 +27,12 @@ TEST_OPTS = \
 PLUGINS = \
 	kernel-netlink \
 	pem \
+	pkcs1 \
+	random \
+	sha1 \
 	socket-default \
-	openssl \
-	vici
+	vici \
+	x509
 
 all: build_charon