aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZihao Chang <changzihao1@huawei.com>2021-03-16 15:58:43 +0800
committerGerd Hoffmann <kraxel@redhat.com>2021-03-23 08:48:21 +0100
commita29acc9c318781b59063091b895773fc6cbe96e7 (patch)
tree50f460cb5fbda4e23798d81b4dac638189ba557a
parentc95bd5ff1660883d15ad6e0005e4c8571604f51a (diff)
crypto: add reload for QCryptoTLSCredsClass
This patch adds reload interface for QCryptoTLSCredsClass and implements the interface for QCryptoTLSCredsX509. Signed-off-by: Zihao Chang <changzihao1@huawei.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210316075845.1476-2-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-rw-r--r--crypto/tlscredsx509.c48
-rw-r--r--include/crypto/tlscreds.h8
2 files changed, 53 insertions, 3 deletions
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index dbadad4df2..bc503bab55 100644
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@@ -770,6 +770,51 @@ qcrypto_tls_creds_x509_prop_get_sanity(Object *obj,
}
+#ifdef CONFIG_GNUTLS
+
+
+static bool
+qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp)
+{
+ QCryptoTLSCredsX509 *x509_creds = QCRYPTO_TLS_CREDS_X509(creds);
+ Error *local_err = NULL;
+ gnutls_certificate_credentials_t creds_data = x509_creds->data;
+ gnutls_dh_params_t creds_dh_params = x509_creds->parent_obj.dh_params;
+
+ x509_creds->data = NULL;
+ x509_creds->parent_obj.dh_params = NULL;
+ qcrypto_tls_creds_x509_load(x509_creds, &local_err);
+ if (local_err) {
+ qcrypto_tls_creds_x509_unload(x509_creds);
+ x509_creds->data = creds_data;
+ x509_creds->parent_obj.dh_params = creds_dh_params;
+ error_propagate(errp, local_err);
+ return false;
+ }
+
+ if (creds_data) {
+ gnutls_certificate_free_credentials(creds_data);
+ }
+ if (creds_dh_params) {
+ gnutls_dh_params_deinit(creds_dh_params);
+ }
+ return true;
+}
+
+
+#else /* ! CONFIG_GNUTLS */
+
+
+static bool
+qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp)
+{
+ return false;
+}
+
+
+#endif /* ! CONFIG_GNUTLS */
+
+
static void
qcrypto_tls_creds_x509_complete(UserCreatable *uc, Error **errp)
{
@@ -800,6 +845,9 @@ static void
qcrypto_tls_creds_x509_class_init(ObjectClass *oc, void *data)
{
UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
+ QCryptoTLSCredsClass *ctcc = QCRYPTO_TLS_CREDS_CLASS(oc);
+
+ ctcc->reload = qcrypto_tls_creds_x509_reload;
ucc->complete = qcrypto_tls_creds_x509_complete;
diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h
index 079e376047..d0808e391e 100644
--- a/include/crypto/tlscreds.h
+++ b/include/crypto/tlscreds.h
@@ -30,14 +30,15 @@
#define TYPE_QCRYPTO_TLS_CREDS "tls-creds"
typedef struct QCryptoTLSCreds QCryptoTLSCreds;
-DECLARE_INSTANCE_CHECKER(QCryptoTLSCreds, QCRYPTO_TLS_CREDS,
- TYPE_QCRYPTO_TLS_CREDS)
-
typedef struct QCryptoTLSCredsClass QCryptoTLSCredsClass;
+DECLARE_OBJ_CHECKERS(QCryptoTLSCreds, QCryptoTLSCredsClass, QCRYPTO_TLS_CREDS,
+ TYPE_QCRYPTO_TLS_CREDS)
+
#define QCRYPTO_TLS_CREDS_DH_PARAMS "dh-params.pem"
+typedef bool (*CryptoTLSCredsReload)(QCryptoTLSCreds *, Error **);
/**
* QCryptoTLSCreds:
*
@@ -61,6 +62,7 @@ struct QCryptoTLSCreds {
struct QCryptoTLSCredsClass {
ObjectClass parent_class;
+ CryptoTLSCredsReload reload;
};