diff options
author | Zihao Chang <changzihao1@huawei.com> | 2021-03-16 15:58:43 +0800 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2021-03-23 08:48:21 +0100 |
commit | a29acc9c318781b59063091b895773fc6cbe96e7 (patch) | |
tree | 50f460cb5fbda4e23798d81b4dac638189ba557a | |
parent | c95bd5ff1660883d15ad6e0005e4c8571604f51a (diff) |
crypto: add reload for QCryptoTLSCredsClass
This patch adds reload interface for QCryptoTLSCredsClass and implements
the interface for QCryptoTLSCredsX509.
Signed-off-by: Zihao Chang <changzihao1@huawei.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210316075845.1476-2-changzihao1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-rw-r--r-- | crypto/tlscredsx509.c | 48 | ||||
-rw-r--r-- | include/crypto/tlscreds.h | 8 |
2 files changed, 53 insertions, 3 deletions
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index dbadad4df2..bc503bab55 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -770,6 +770,51 @@ qcrypto_tls_creds_x509_prop_get_sanity(Object *obj, } +#ifdef CONFIG_GNUTLS + + +static bool +qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp) +{ + QCryptoTLSCredsX509 *x509_creds = QCRYPTO_TLS_CREDS_X509(creds); + Error *local_err = NULL; + gnutls_certificate_credentials_t creds_data = x509_creds->data; + gnutls_dh_params_t creds_dh_params = x509_creds->parent_obj.dh_params; + + x509_creds->data = NULL; + x509_creds->parent_obj.dh_params = NULL; + qcrypto_tls_creds_x509_load(x509_creds, &local_err); + if (local_err) { + qcrypto_tls_creds_x509_unload(x509_creds); + x509_creds->data = creds_data; + x509_creds->parent_obj.dh_params = creds_dh_params; + error_propagate(errp, local_err); + return false; + } + + if (creds_data) { + gnutls_certificate_free_credentials(creds_data); + } + if (creds_dh_params) { + gnutls_dh_params_deinit(creds_dh_params); + } + return true; +} + + +#else /* ! CONFIG_GNUTLS */ + + +static bool +qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp) +{ + return false; +} + + +#endif /* ! CONFIG_GNUTLS */ + + static void qcrypto_tls_creds_x509_complete(UserCreatable *uc, Error **errp) { @@ -800,6 +845,9 @@ static void qcrypto_tls_creds_x509_class_init(ObjectClass *oc, void *data) { UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); + QCryptoTLSCredsClass *ctcc = QCRYPTO_TLS_CREDS_CLASS(oc); + + ctcc->reload = qcrypto_tls_creds_x509_reload; ucc->complete = qcrypto_tls_creds_x509_complete; diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index 079e376047..d0808e391e 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -30,14 +30,15 @@ #define TYPE_QCRYPTO_TLS_CREDS "tls-creds" typedef struct QCryptoTLSCreds QCryptoTLSCreds; -DECLARE_INSTANCE_CHECKER(QCryptoTLSCreds, QCRYPTO_TLS_CREDS, - TYPE_QCRYPTO_TLS_CREDS) - typedef struct QCryptoTLSCredsClass QCryptoTLSCredsClass; +DECLARE_OBJ_CHECKERS(QCryptoTLSCreds, QCryptoTLSCredsClass, QCRYPTO_TLS_CREDS, + TYPE_QCRYPTO_TLS_CREDS) + #define QCRYPTO_TLS_CREDS_DH_PARAMS "dh-params.pem" +typedef bool (*CryptoTLSCredsReload)(QCryptoTLSCreds *, Error **); /** * QCryptoTLSCreds: * @@ -61,6 +62,7 @@ struct QCryptoTLSCreds { struct QCryptoTLSCredsClass { ObjectClass parent_class; + CryptoTLSCredsReload reload; }; |