Rather than passing in an empty qemuDomainSecretInfoPtr allocate it
in this function and return it. This is done by absorbing the check from
qemuDomainSecretInfoNew and removing the internals of
qemuDomainSecretInfoNew.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_domain.c | 53 ++++++++++++++++++------------------------
1 file changed, 22 insertions(+), 31 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index e33d3099d6..e83301d84e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1521,21 +1521,20 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo,
* @seclookupdef: Pointer to seclookupdef data
* @isLuks: True/False for is for luks (alias generation)
*
- * Taking a secinfo, fill in the AES specific information using the
+ * Encrypts a secret looked up via @seclookupdef for use with qemu.
*
- * Returns 0 on success, -1 on failure with error message
+ * Returns qemuDomainSecretInfoPtr filled with the necessary information.
*/
-static int
+static qemuDomainSecretInfoPtr
qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
- qemuDomainSecretInfoPtr secinfo,
const char *srcalias,
virSecretUsageType usageType,
const char *username,
virSecretLookupTypeDefPtr seclookupdef,
bool isLuks)
{
+ g_autoptr(qemuDomainSecretInfo) secinfo = NULL;
g_autoptr(virConnect) conn = virGetConnectSecret();
- int ret = -1;
g_autofree uint8_t *raw_iv = NULL;
size_t ivlen = QEMU_DOMAIN_AES_IV_LEN;
uint8_t *secret = NULL;
@@ -1544,19 +1543,27 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
size_t ciphertextlen = 0;
if (!conn)
- return -1;
+ return NULL;
+
+ if (!qemuDomainSupportsEncryptedSecret(priv)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("encrypted secrets are not supported"));
+ return NULL;
+ }
+
+ secinfo = g_new0(qemuDomainSecretInfo, 1);
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
secinfo->s.aes.username = g_strdup(username);
if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
- return -1;
+ return NULL;
raw_iv = g_new0(uint8_t, ivlen);
/* Create a random initialization vector */
if (virRandomBytes(raw_iv, ivlen) < 0)
- return -1;
+ return NULL;
/* Encode the IV and save that since qemu will need it */
secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);
@@ -1564,13 +1571,13 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
/* Grab the unencoded secret */
if (virSecretGetSecretString(conn, seclookupdef, usageType,
&secret, &secretlen) < 0)
- goto cleanup;
+ goto error;
if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
raw_iv, ivlen, secret, secretlen,
&ciphertext, &ciphertextlen) < 0)
- goto cleanup;
+ goto error;
/* Clear out the secret */
memset(secret, 0, secretlen);
@@ -1579,11 +1586,11 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,
ciphertextlen);
- ret = 0;
+ return g_steal_pointer(&secinfo);
- cleanup:
+ error:
VIR_DISPOSE_N(secret, secretlen);
- return ret;
+ return NULL;
}
@@ -1655,24 +1662,8 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
virSecretLookupTypeDefPtr lookupDef,
bool isLuks)
{
- qemuDomainSecretInfoPtr secinfo = NULL;
-
- if (!qemuDomainSupportsEncryptedSecret(priv)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("encrypted secrets are not supported"));
- return NULL;
- }
-
- if (VIR_ALLOC(secinfo) < 0)
- return NULL;
-
- if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username,
- lookupDef, isLuks) < 0) {
- g_clear_pointer(&secinfo, qemuDomainSecretInfoFree);
- return NULL;
- }
-
- return secinfo;
+ return qemuDomainSecretAESSetup(priv, srcAlias, usageType, username,
+ lookupDef, isLuks);
}
--
2.24.1