commit 11ea2bffda50b44610efeb355e8a261760c5e360
author Daniel P. Berrangé <berrange@redhat.com> Wed Oct 29 10:38:51 2025 +0000
committer Daniel P. Berrangé <berrange@redhat.com> Mon Nov 03 10:45:55 2025 +0000
tree 9bfc2b8e7e93a97fe38fc0d9edb63a0bc58f5498
parent 20ee3064186d3a1eedcac0a76cc8af0993e36714

crypto: move release of DH parameters into TLS creds parent

The code for releasing DH parameters is common to all credential
subclasses, and the unload function is only called from the
finalizers, except for x509 reload, so can be moved into the
parent with a little update of the reload method.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

crypto/tlscreds.c

diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c
index 65e97dd..a9e0caf 100644
--- a/crypto/tlscreds.c
+++ b/crypto/tlscreds.c
@@ -246,6 +246,12 @@
 {
     QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
 
+#ifdef CONFIG_GNUTLS
+    if (creds->dh_params) {
+        gnutls_dh_params_deinit(creds->dh_params);
+    }
+#endif
+
     g_free(creds->dir);
     g_free(creds->priority);
 }

crypto/tlscredsanon.c

diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c
index bc3351b..1ddfe4e 100644
--- a/crypto/tlscredsanon.c
+++ b/crypto/tlscredsanon.c
@@ -92,10 +92,6 @@
             creds->data.server = NULL;
         }
     }
-    if (creds->parent_obj.dh_params) {
-        gnutls_dh_params_deinit(creds->parent_obj.dh_params);
-        creds->parent_obj.dh_params = NULL;
-    }
 }
 
 #else /* ! CONFIG_GNUTLS */

crypto/tlscredspsk.c

diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c
index 545d3e4..bf4efe2 100644
--- a/crypto/tlscredspsk.c
+++ b/crypto/tlscredspsk.c
@@ -175,10 +175,6 @@
             creds->data.server = NULL;
         }
     }
-    if (creds->parent_obj.dh_params) {
-        gnutls_dh_params_deinit(creds->parent_obj.dh_params);
-        creds->parent_obj.dh_params = NULL;
-    }
 }
 
 #else /* ! CONFIG_GNUTLS */

crypto/tlscredsx509.c

diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index 2519f76..d93905e 100644
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@@ -684,10 +684,6 @@
         gnutls_certificate_free_credentials(creds->data);
         creds->data = NULL;
     }
-    if (creds->parent_obj.dh_params) {
-        gnutls_dh_params_deinit(creds->parent_obj.dh_params);
-        creds->parent_obj.dh_params = NULL;
-    }
 }
 
 
@@ -779,6 +775,9 @@
     qcrypto_tls_creds_x509_load(x509_creds, &local_err);
     if (local_err) {
         qcrypto_tls_creds_x509_unload(x509_creds);
+        if (creds->dh_params) {
+            gnutls_dh_params_deinit(creds->dh_params);
+        }
         x509_creds->data = creds_data;
         creds->dh_params = creds_dh_params;
         error_propagate(errp, local_err);