crypto: move release of DH parameters into TLS creds parent

The code for releasing DH parameters is common to all credential subclasses, and the unload function is only called from the finalizers, except for x509 reload, so can be moved into the parent with a little update of the reload method. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-10-29 10:38:51 +00:00 · 2025-10-29 10:38:51 +00:00 · 11ea2bffda
commit 11ea2bffda
parent 20ee306418
4 changed files with 9 additions and 12 deletions
--- a/crypto/tlscreds.c
+++ b/crypto/tlscreds.c
@ -246,6 +246,12 @@ qcrypto_tls_creds_finalize(Object *obj)
 {
    QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);

+#ifdef CONFIG_GNUTLS
+    if (creds->dh_params) {
+        gnutls_dh_params_deinit(creds->dh_params);
+    }
+#endif
+
    g_free(creds->dir);
    g_free(creds->priority);
 }
--- a/crypto/tlscredsanon.c
+++ b/crypto/tlscredsanon.c
@ -92,10 +92,6 @@ qcrypto_tls_creds_anon_unload(QCryptoTLSCredsAnon *creds)
            creds->data.server = NULL;
        }
    }
-    if (creds->parent_obj.dh_params) {
-        gnutls_dh_params_deinit(creds->parent_obj.dh_params);
-        creds->parent_obj.dh_params = NULL;
-    }
 }

 #else /* ! CONFIG_GNUTLS */
--- a/crypto/tlscredspsk.c
+++ b/crypto/tlscredspsk.c
@ -175,10 +175,6 @@ qcrypto_tls_creds_psk_unload(QCryptoTLSCredsPSK *creds)
            creds->data.server = NULL;
        }
    }
-    if (creds->parent_obj.dh_params) {
-        gnutls_dh_params_deinit(creds->parent_obj.dh_params);
-        creds->parent_obj.dh_params = NULL;
-    }
 }

 #else /* ! CONFIG_GNUTLS */
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@ -684,10 +684,6 @@ qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds)
        gnutls_certificate_free_credentials(creds->data);
        creds->data = NULL;
    }
-    if (creds->parent_obj.dh_params) {
-        gnutls_dh_params_deinit(creds->parent_obj.dh_params);
-        creds->parent_obj.dh_params = NULL;
-    }
 }


@ -779,6 +775,9 @@ qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp)
    qcrypto_tls_creds_x509_load(x509_creds, &local_err);
    if (local_err) {
        qcrypto_tls_creds_x509_unload(x509_creds);
+        if (creds->dh_params) {
+            gnutls_dh_params_deinit(creds->dh_params);
+        }
        x509_creds->data = creds_data;
        creds->dh_params = creds_dh_params;
        error_propagate(errp, local_err);