crypto: make loaded property read-only

The ``loaded=on`` option in the command line or QMP ``object-add`` either had
no effect (if ``loaded`` was the last option) or caused options to be
effectively ignored as if they were not given.  The property is therefore
useless and was deprecated in 6.0; make it read-only now.

The patch is best reviewed with "-b".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini 2022-05-09 11:42:23 +02:00
parent c3c67679f6
commit 0310641c06
6 changed files with 56 additions and 107 deletions

View File

@ -138,36 +138,44 @@ static void qcrypto_secret_decode(const uint8_t *input,
static void static void
qcrypto_secret_prop_set_loaded(Object *obj, qcrypto_secret_complete(UserCreatable *uc, Error **errp)
bool value,
Error **errp)
{ {
QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj); QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(uc);
QCryptoSecretCommonClass *sec_class QCryptoSecretCommonClass *sec_class
= QCRYPTO_SECRET_COMMON_GET_CLASS(obj); = QCRYPTO_SECRET_COMMON_GET_CLASS(uc);
if (value) { Error *local_err = NULL;
Error *local_err = NULL; uint8_t *input = NULL;
uint8_t *input = NULL; size_t inputlen = 0;
size_t inputlen = 0; uint8_t *output = NULL;
uint8_t *output = NULL; size_t outputlen = 0;
size_t outputlen = 0;
if (sec_class->load_data) { if (sec_class->load_data) {
sec_class->load_data(secret, &input, &inputlen, &local_err); sec_class->load_data(secret, &input, &inputlen, &local_err);
if (local_err) { if (local_err) {
error_propagate(errp, local_err); error_propagate(errp, local_err);
return;
}
} else {
error_setg(errp, "%s provides no 'load_data' method'",
object_get_typename(obj));
return; return;
} }
} else {
error_setg(errp, "%s provides no 'load_data' method'",
object_get_typename(OBJECT(uc)));
return;
}
if (secret->keyid) { if (secret->keyid) {
qcrypto_secret_decrypt(secret, input, inputlen, qcrypto_secret_decrypt(secret, input, inputlen,
&output, &outputlen, &local_err); &output, &outputlen, &local_err);
g_free(input);
if (local_err) {
error_propagate(errp, local_err);
return;
}
input = output;
inputlen = outputlen;
} else {
if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
qcrypto_secret_decode(input, inputlen,
&output, &outputlen, &local_err);
g_free(input); g_free(input);
if (local_err) { if (local_err) {
error_propagate(errp, local_err); error_propagate(errp, local_err);
@ -175,26 +183,11 @@ qcrypto_secret_prop_set_loaded(Object *obj,
} }
input = output; input = output;
inputlen = outputlen; inputlen = outputlen;
} else {
if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
qcrypto_secret_decode(input, inputlen,
&output, &outputlen, &local_err);
g_free(input);
if (local_err) {
error_propagate(errp, local_err);
return;
}
input = output;
inputlen = outputlen;
}
} }
secret->rawdata = input;
secret->rawlen = inputlen;
} else if (secret->rawdata) {
error_setg(errp, "Cannot unload secret");
return;
} }
secret->rawdata = input;
secret->rawlen = inputlen;
} }
@ -268,13 +261,6 @@ qcrypto_secret_prop_get_keyid(Object *obj,
} }
static void
qcrypto_secret_complete(UserCreatable *uc, Error **errp)
{
object_property_set_bool(OBJECT(uc), "loaded", true, errp);
}
static void static void
qcrypto_secret_finalize(Object *obj) qcrypto_secret_finalize(Object *obj)
{ {
@ -294,7 +280,7 @@ qcrypto_secret_class_init(ObjectClass *oc, void *data)
object_class_property_add_bool(oc, "loaded", object_class_property_add_bool(oc, "loaded",
qcrypto_secret_prop_get_loaded, qcrypto_secret_prop_get_loaded,
qcrypto_secret_prop_set_loaded); NULL);
object_class_property_add_enum(oc, "format", object_class_property_add_enum(oc, "format",
"QCryptoSecretFormat", "QCryptoSecretFormat",
&QCryptoSecretFormat_lookup, &QCryptoSecretFormat_lookup,

View File

@ -119,16 +119,11 @@ qcrypto_tls_creds_anon_unload(QCryptoTLSCredsAnon *creds G_GNUC_UNUSED)
static void static void
qcrypto_tls_creds_anon_prop_set_loaded(Object *obj, qcrypto_tls_creds_anon_complete(UserCreatable *uc, Error **errp)
bool value,
Error **errp)
{ {
QCryptoTLSCredsAnon *creds = QCRYPTO_TLS_CREDS_ANON(obj); QCryptoTLSCredsAnon *creds = QCRYPTO_TLS_CREDS_ANON(uc);
qcrypto_tls_creds_anon_unload(creds); qcrypto_tls_creds_anon_load(creds, errp);
if (value) {
qcrypto_tls_creds_anon_load(creds, errp);
}
} }
@ -163,13 +158,6 @@ qcrypto_tls_creds_anon_prop_get_loaded(Object *obj G_GNUC_UNUSED,
#endif /* ! CONFIG_GNUTLS */ #endif /* ! CONFIG_GNUTLS */
static void
qcrypto_tls_creds_anon_complete(UserCreatable *uc, Error **errp)
{
object_property_set_bool(OBJECT(uc), "loaded", true, errp);
}
static void static void
qcrypto_tls_creds_anon_finalize(Object *obj) qcrypto_tls_creds_anon_finalize(Object *obj)
{ {
@ -188,7 +176,7 @@ qcrypto_tls_creds_anon_class_init(ObjectClass *oc, void *data)
object_class_property_add_bool(oc, "loaded", object_class_property_add_bool(oc, "loaded",
qcrypto_tls_creds_anon_prop_get_loaded, qcrypto_tls_creds_anon_prop_get_loaded,
qcrypto_tls_creds_anon_prop_set_loaded); NULL);
} }

View File

@ -188,16 +188,11 @@ qcrypto_tls_creds_psk_unload(QCryptoTLSCredsPSK *creds G_GNUC_UNUSED)
static void static void
qcrypto_tls_creds_psk_prop_set_loaded(Object *obj, qcrypto_tls_creds_psk_complete(UserCreatable *uc, Error **errp)
bool value,
Error **errp)
{ {
QCryptoTLSCredsPSK *creds = QCRYPTO_TLS_CREDS_PSK(obj); QCryptoTLSCredsPSK *creds = QCRYPTO_TLS_CREDS_PSK(uc);
qcrypto_tls_creds_psk_unload(creds); qcrypto_tls_creds_psk_load(creds, errp);
if (value) {
qcrypto_tls_creds_psk_load(creds, errp);
}
} }
@ -232,13 +227,6 @@ qcrypto_tls_creds_psk_prop_get_loaded(Object *obj G_GNUC_UNUSED,
#endif /* ! CONFIG_GNUTLS */ #endif /* ! CONFIG_GNUTLS */
static void
qcrypto_tls_creds_psk_complete(UserCreatable *uc, Error **errp)
{
object_property_set_bool(OBJECT(uc), "loaded", true, errp);
}
static void static void
qcrypto_tls_creds_psk_finalize(Object *obj) qcrypto_tls_creds_psk_finalize(Object *obj)
{ {
@ -276,7 +264,7 @@ qcrypto_tls_creds_psk_class_init(ObjectClass *oc, void *data)
object_class_property_add_bool(oc, "loaded", object_class_property_add_bool(oc, "loaded",
qcrypto_tls_creds_psk_prop_get_loaded, qcrypto_tls_creds_psk_prop_get_loaded,
qcrypto_tls_creds_psk_prop_set_loaded); NULL);
object_class_property_add_str(oc, "username", object_class_property_add_str(oc, "username",
qcrypto_tls_creds_psk_prop_get_username, qcrypto_tls_creds_psk_prop_get_username,
qcrypto_tls_creds_psk_prop_set_username); qcrypto_tls_creds_psk_prop_set_username);

View File

@ -687,16 +687,11 @@ qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds G_GNUC_UNUSED)
static void static void
qcrypto_tls_creds_x509_prop_set_loaded(Object *obj, qcrypto_tls_creds_x509_complete(UserCreatable *uc, Error **errp)
bool value,
Error **errp)
{ {
QCryptoTLSCredsX509 *creds = QCRYPTO_TLS_CREDS_X509(obj); QCryptoTLSCredsX509 *creds = QCRYPTO_TLS_CREDS_X509(uc);
qcrypto_tls_creds_x509_unload(creds); qcrypto_tls_creds_x509_load(creds, errp);
if (value) {
qcrypto_tls_creds_x509_load(creds, errp);
}
} }
@ -814,13 +809,6 @@ qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp)
#endif /* ! CONFIG_GNUTLS */ #endif /* ! CONFIG_GNUTLS */
static void
qcrypto_tls_creds_x509_complete(UserCreatable *uc, Error **errp)
{
object_property_set_bool(OBJECT(uc), "loaded", true, errp);
}
static void static void
qcrypto_tls_creds_x509_init(Object *obj) qcrypto_tls_creds_x509_init(Object *obj)
{ {
@ -852,7 +840,7 @@ qcrypto_tls_creds_x509_class_init(ObjectClass *oc, void *data)
object_class_property_add_bool(oc, "loaded", object_class_property_add_bool(oc, "loaded",
qcrypto_tls_creds_x509_prop_get_loaded, qcrypto_tls_creds_x509_prop_get_loaded,
qcrypto_tls_creds_x509_prop_set_loaded); NULL);
object_class_property_add_bool(oc, "sanity-check", object_class_property_add_bool(oc, "sanity-check",
qcrypto_tls_creds_x509_prop_get_sanity, qcrypto_tls_creds_x509_prop_get_sanity,
qcrypto_tls_creds_x509_prop_set_sanity); qcrypto_tls_creds_x509_prop_set_sanity);

View File

@ -99,16 +99,6 @@ other options have been processed. This will either have no effect (if
``opened`` was the last option) or cause errors. The property is therefore ``opened`` was the last option) or cause errors. The property is therefore
useless and should not be specified. useless and should not be specified.
``loaded`` property of ``secret`` and ``secret_keyring`` objects (since 6.0)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
The only effect of specifying ``loaded=on`` in the command line or QMP
``object-add`` is that the secret is loaded immediately, possibly before all
other options have been processed. This will either have no effect (if
``loaded`` was the last option) or cause options to be effectively ignored as
if they were not given. The property is therefore useless and should not be
specified.
``-display sdl,window_close=...`` (since 6.1) ``-display sdl,window_close=...`` (since 6.1)
''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''

View File

@ -355,6 +355,15 @@ The ``-writeconfig`` option was not able to serialize the entire contents
of the QEMU command line. It is thus considered a failed experiment of the QEMU command line. It is thus considered a failed experiment
and removed without a replacement. and removed without a replacement.
``loaded`` property of ``secret`` and ``secret_keyring`` objects (removed in 7.1)
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
The ``loaded=on`` option in the command line or QMP ``object-add`` either had
no effect (if ``loaded`` was the last option) or caused options to be
effectively ignored as if they were not given. The property is therefore
useless and should simply be removed.
QEMU Machine Protocol (QMP) commands QEMU Machine Protocol (QMP) commands
------------------------------------ ------------------------------------