[mod_gnutls] workaround gnutls API breakage, and prepare for future ones

Change-Id: I1b97aa31fd1a7adb0107761d05bf81a4509e9fc9
6 years ago · 3d2880258d
parent 9926bef92e
commit 3d2880258d
3 changed files with 35 additions and 35 deletions
--- a/src/modules/gnutls_filter.c
+++ b/src/modules/gnutls_filter.c
@ -193,7 +193,7 @@ static void f_abort_gnutls(liGnuTLSFilter *f) {
 static void f_close_with_alert(liGnuTLSFilter *f, int r) {
 	if (f->closing || f->aborted) return;

-	if (GNUTLS_E_SUCCESS != gnutls_alert_send_appropriate(f->session, r)) {
+	if (GNUTLS_E_SUCCESS > gnutls_alert_send_appropriate(f->session, r)) {
 		f_abort_gnutls(f);
 		return;
 	}
@ -276,7 +276,7 @@ static gboolean do_gnutls_handshake(liGnuTLSFilter *f, gboolean writing) {
 	LI_FORCE_ASSERT(!f->initial_handshaked_finished);

 	r = gnutls_handshake(f->session);
-	if (GNUTLS_E_SUCCESS == r) {
+	if (GNUTLS_E_SUCCESS <= r) {
 		f->initial_handshaked_finished = 1;
 		li_stream_acquire(&f->plain_source);
 		li_stream_acquire(&f->plain_drain);
--- a/src/modules/gnutls_ocsp.c
+++ b/src/modules/gnutls_ocsp.c
@ -39,7 +39,7 @@ static int get_entry(liServer *srv, ocsp_response_cert_entry* entry, gnutls_ocsp

 	if (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE == r) return r;

-	if (GNUTLS_E_SUCCESS != r) {
+	if (GNUTLS_E_SUCCESS > r) {
 		ERROR(srv, "Couldn't retrieve OCSP response information for entry %u (%s): %s",
 				ndx,
 				gnutls_strerror_name(r), gnutls_strerror(r));
@ -79,13 +79,13 @@ static gboolean add_response(liServer *srv, liGnuTLSOCSP *ocsp, gnutls_datum_t*
 	response.resp_data = *der_data;
 	der_data->data = NULL; der_data->size = 0;

-	if (GNUTLS_E_SUCCESS != (r = gnutls_ocsp_resp_init(&response.resp))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_ocsp_resp_init(&response.resp))) {
 		ERROR(srv, "gnutls_ocsp_resp_init (%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		goto error;
 	}

-	if (GNUTLS_E_SUCCESS != (r = gnutls_ocsp_resp_import(response.resp, &response.resp_data))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_ocsp_resp_import(response.resp, &response.resp_data))) {
 		ERROR(srv, "gnutls_ocsp_resp_import (%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		goto error;
@ -97,7 +97,7 @@ static gboolean add_response(liServer *srv, liGnuTLSOCSP *ocsp, gnutls_datum_t*

 		r = get_entry(srv, &entry, response.resp, i);
 		if (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE == r) break; /* got them all */
-		if (GNUTLS_E_SUCCESS != r) goto error;
+		if (GNUTLS_E_SUCCESS > r) goto error;

 		g_array_append_vals(response.certificates, &entry, 1);

@ -133,20 +133,20 @@ static int ctx_ocsp_response(gnutls_session_t session, void* ptr, gnutls_datum_t
 		size_t serial_size = ocsp->max_serial_length;

 		crt_datum = gnutls_certificate_get_ours(session); /* memory is NOT owned */
-		if (GNUTLS_E_SUCCESS != (r = gnutls_x509_crt_init(&crt))) goto cleanup;
-		if (GNUTLS_E_SUCCESS != (r = gnutls_x509_crt_import(crt, crt_datum, GNUTLS_X509_FMT_DER))) {
+		if (GNUTLS_E_SUCCESS > (r = gnutls_x509_crt_init(&crt))) goto cleanup;
+		if (GNUTLS_E_SUCCESS > (r = gnutls_x509_crt_import(crt, crt_datum, GNUTLS_X509_FMT_DER))) {
 			gnutls_x509_crt_deinit(crt);
 			goto cleanup;
 		}

 		;
-		if (GNUTLS_E_SUCCESS != (r = gnutls_x509_crt_get_serial(crt, serial.data, &serial_size))) {
+		if (GNUTLS_E_SUCCESS > (r = gnutls_x509_crt_get_serial(crt, serial.data, &serial_size))) {
 			gnutls_x509_crt_deinit(crt);
 			goto cleanup;
 		}
 		serial.size = serial_size;

-		if (GNUTLS_E_SUCCESS != (r = gnutls_x509_crt_get_raw_issuer_dn(crt, &issuer_name))) {
+		if (GNUTLS_E_SUCCESS > (r = gnutls_x509_crt_get_raw_issuer_dn(crt, &issuer_name))) {
 			gnutls_x509_crt_deinit(crt);
 			goto cleanup;
 		}
@ -164,7 +164,7 @@ static int ctx_ocsp_response(gnutls_session_t session, void* ptr, gnutls_datum_t
 			if (serial.size != entry->serial.size
 					|| 0 != memcmp(serial.data, entry->serial.data, serial.size)) continue;

-			if (GNUTLS_E_SUCCESS != (r = gnutls_hash_fast(entry->digest, issuer_name.data, issuer_name.size, issuer_name_hash))) goto cleanup;
+			if (GNUTLS_E_SUCCESS > (r = gnutls_hash_fast(entry->digest, issuer_name.data, issuer_name.size, issuer_name_hash))) goto cleanup;

 			if (0 != memcmp(issuer_name_hash, entry->issuer_name_hash.data, entry->issuer_name_hash.size)) continue;

@ -217,7 +217,7 @@ gboolean li_gnutls_ocsp_add(liServer *srv, liGnuTLSOCSP *ocsp, const char* filen
 	gnutls_datum_t* der_data;
 	gboolean result = FALSE;

-	if (GNUTLS_E_SUCCESS != (r = gnutls_load_file(filename, &file))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_load_file(filename, &file))) {
 		ERROR(srv, "Failed to load OCSP file '%s' (%s): %s",
 				filename,
 				gnutls_strerror_name(r), gnutls_strerror(r));
@ -228,7 +228,7 @@ gboolean li_gnutls_ocsp_add(liServer *srv, liGnuTLSOCSP *ocsp, const char* filen
 	if (file.size > 20 && 0 == memcmp(file.data, CONST_STR_LEN("-----BEGIN "))) {
 		r = gnutls_pem_base64_decode_alloc("OCSP RESPONSE", &file, &decoded);

-		if (GNUTLS_E_SUCCESS != r) {
+		if (GNUTLS_E_SUCCESS > r) {
 			ERROR(srv, "gnutls_pem_base64_decode_alloc failed to decode OCSP RESPONSE from '%s' (%s): %s",
 				filename,
 				gnutls_strerror_name(r), gnutls_strerror(r));
@ -256,7 +256,7 @@ gboolean li_gnutls_ocsp_search(liServer *srv, liGnuTLSOCSP *ocsp, const char* fi
 	gnutls_datum_t decoded = { NULL, 0 };
 	gboolean result = FALSE;

-	if (GNUTLS_E_SUCCESS != (r = gnutls_load_file(filename, &file))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_load_file(filename, &file))) {
 		ERROR(srv, "Failed to load OCSP file '%s' (%s): %s",
 				filename,
 				gnutls_strerror_name(r), gnutls_strerror(r));
@ -265,7 +265,7 @@ gboolean li_gnutls_ocsp_search(liServer *srv, liGnuTLSOCSP *ocsp, const char* fi

 	r = gnutls_pem_base64_decode_alloc("OCSP RESPONSE", &file, &decoded);

-	if (GNUTLS_E_SUCCESS == r) {
+	if (GNUTLS_E_SUCCESS <= r) {
 		result = add_response(srv, ocsp, &decoded);
 		if (!result) {
 			ERROR(srv, "Failed loading OCSP response from '%s'", filename);
--- a/src/modules/mod_gnutls.c
+++ b/src/modules/mod_gnutls.c
@ -123,7 +123,7 @@ static gnutls_certificate_credentials_t creds_from_gstring(mod_context *ctx, GSt

 	if (NULL == str) return NULL;

-	if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_allocate_credentials(&creds))) return NULL;
+	if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_allocate_credentials(&creds))) return NULL;

 	pemfile.data = (unsigned char*) str->str;
 	pemfile.size = str->len;
@ -132,7 +132,7 @@ static gnutls_certificate_credentials_t creds_from_gstring(mod_context *ctx, GSt
 	gnutls_certificate_set_pin_function(creds, pin_callback, ctx->pin);
 #endif

-	if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_set_x509_key_mem(creds, &pemfile, &pemfile, GNUTLS_X509_FMT_PEM))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_set_x509_key_mem(creds, &pemfile, &pemfile, GNUTLS_X509_FMT_PEM))) {
 		goto error_free_creds;
 	}

@ -256,21 +256,21 @@ static mod_context *mod_gnutls_context_new(liServer *srv) {
 	mod_context *ctx = g_slice_new0(mod_context);
 	int r;

-	if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_allocate_credentials(&ctx->server_cert))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_allocate_credentials(&ctx->server_cert))) {
 		ERROR(srv, "gnutls_certificate_allocate_credentials failed(%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		goto error0;
 	}

-	if (GNUTLS_E_SUCCESS != (r = gnutls_priority_init(&ctx->server_priority, "NORMAL", NULL))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_priority_init(&ctx->server_priority, "NORMAL", NULL))) {
 		ERROR(srv, "gnutls_priority_init('NORMAL') failed(%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		goto error1;
 	}

-	if (GNUTLS_E_SUCCESS != (r = gnutls_priority_init(&ctx->server_priority_beast, "NORMAL:-CIPHER-ALL:+ARCFOUR-128", NULL))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_priority_init(&ctx->server_priority_beast, "NORMAL:-CIPHER-ALL:+ARCFOUR-128", NULL))) {
 		int r1;
-		if (GNUTLS_E_SUCCESS != (r1 = gnutls_priority_init(&ctx->server_priority_beast, "NORMAL", NULL))) {
+		if (GNUTLS_E_SUCCESS > (r1 = gnutls_priority_init(&ctx->server_priority_beast, "NORMAL", NULL))) {
 			ERROR(srv, "gnutls_priority_init('NORMAL') failed(%s): %s",
 				gnutls_strerror_name(r1), gnutls_strerror(r1));
 			goto error2;
@ -281,7 +281,7 @@ static mod_context *mod_gnutls_context_new(liServer *srv) {
 	}

 #ifdef HAVE_SESSION_TICKET
-	if (GNUTLS_E_SUCCESS != (r = gnutls_session_ticket_key_generate(&ctx->ticket_key))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_session_ticket_key_generate(&ctx->ticket_key))) {
 		ERROR(srv, "gnutls_session_ticket_key_generate failed(%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		goto error3;
@ -531,7 +531,7 @@ static gboolean mod_gnutls_con_new(liConnection *con, int fd) {
 	gnutls_session_t session;
 	int r;

-	if (GNUTLS_E_SUCCESS != (r = gnutls_init(&session, GNUTLS_SERVER))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_init(&session, GNUTLS_SERVER))) {
 		ERROR(srv, "gnutls_init (%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		return FALSE;
@ -539,12 +539,12 @@ static gboolean mod_gnutls_con_new(liConnection *con, int fd) {

 	mod_gnutls_context_acquire(ctx);

-	if (GNUTLS_E_SUCCESS != (r = gnutls_priority_set(session, ctx->server_priority))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_priority_set(session, ctx->server_priority))) {
 		ERROR(srv, "gnutls_priority_set (%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		goto fail;
 	}
-	if (GNUTLS_E_SUCCESS != (r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->server_cert))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->server_cert))) {
 		ERROR(srv, "gnutls_credentials_set (%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		goto fail;
@ -558,7 +558,7 @@ static gboolean mod_gnutls_con_new(liConnection *con, int fd) {
 	}

 #ifdef HAVE_SESSION_TICKET
-	if (GNUTLS_E_SUCCESS != (r = gnutls_session_ticket_enable_server(session, &ctx->ticket_key))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_session_ticket_enable_server(session, &ctx->ticket_key))) {
 		ERROR(srv, "gnutls_session_ticket_enable_server (%s): %s",
 			gnutls_strerror_name(r), gnutls_strerror(r));
 		goto fail;
@ -703,7 +703,7 @@ static gboolean creds_add_pemfile(liServer *srv, mod_context *ctx, gnutls_certif
 		return FALSE;
 	}

-	if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_set_x509_key_file(creds, certfile, keyfile, GNUTLS_X509_FMT_PEM))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_set_x509_key_file(creds, certfile, keyfile, GNUTLS_X509_FMT_PEM))) {
 		ERROR(srv, "gnutls_certificate_set_x509_key_file failed(certfile '%s', keyfile '%s', PEM) (%s): %s",
 			certfile, keyfile,
 			gnutls_strerror_name(r), gnutls_strerror(r));
@ -891,7 +891,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
 	}

 	if (NULL != sni_fallback_pemfile) {
-		if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_allocate_credentials(&ctx->sni_fallback_cert))) {
+		if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_allocate_credentials(&ctx->sni_fallback_cert))) {
 			ERROR(srv, "gnutls_certificate_allocate_credentials failed(%s): %s",
 				gnutls_strerror_name(r), gnutls_strerror(r));
 			goto error_free_ctx;
@ -933,7 +933,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
 		GError *error = NULL;
 		gnutls_datum_t pkcs3_params;

-		if (GNUTLS_E_SUCCESS != (r = gnutls_dh_params_init(&ctx->dh_params))) {
+		if (GNUTLS_E_SUCCESS > (r = gnutls_dh_params_init(&ctx->dh_params))) {
 			ERROR(srv, "gnutls_dh_params_init failed (%s): %s",
 				gnutls_strerror_name(r), gnutls_strerror(r));
 			goto error_free_ctx;
@ -951,14 +951,14 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
 		r = gnutls_dh_params_import_pkcs3(ctx->dh_params, &pkcs3_params, GNUTLS_X509_FMT_PEM);
 		g_free(contents);

-		if (GNUTLS_E_SUCCESS != r) {
+		if (GNUTLS_E_SUCCESS > r) {
 			ERROR(srv, "couldn't load dh parameters from file '%s' (%s): %s",
 				dh_params_file,
 				gnutls_strerror_name(r), gnutls_strerror(r));
 			goto error_free_ctx;
 		}
 	} else {
-		if (GNUTLS_E_SUCCESS != (r = load_dh_params_4096(&ctx->dh_params))) {
+		if (GNUTLS_E_SUCCESS > (r = load_dh_params_4096(&ctx->dh_params))) {
 			ERROR(srv, "couldn't load dh parameters(%s): %s",
 				gnutls_strerror_name(r), gnutls_strerror(r));
 			goto error_free_ctx;
@ -977,7 +977,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
 		gnutls_priority_t prio;
 		GString *s = srv->main_worker->tmp_str;

-		if (GNUTLS_E_SUCCESS != (r = gnutls_priority_init(&prio, priority, &errpos))) {
+		if (GNUTLS_E_SUCCESS > (r = gnutls_priority_init(&prio, priority, &errpos))) {
 			ERROR(srv, "gnutls_priority_init failed(priority '%s', error at '%s') (%s): %s",
 				priority, errpos,
 				gnutls_strerror_name(r), gnutls_strerror(r));
@ -990,7 +990,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
 		if (protect_against_beast) {
 			g_string_assign(s, priority);
 			g_string_append_len(s, CONST_STR_LEN(":-CIPHER-ALL:+ARCFOUR-128"));
-			if (GNUTLS_E_SUCCESS != (r = gnutls_priority_init(&prio, s->str, &errpos))) {
+			if (GNUTLS_E_SUCCESS > (r = gnutls_priority_init(&prio, s->str, &errpos))) {
 				ERROR(srv, "gnutls_priority_init failed(priority '%s', error at '%s') (%s): %s",
 					s->str, errpos,
 					gnutls_strerror_name(r), gnutls_strerror(r));
@ -1145,8 +1145,8 @@ static int load_dh_params_4096(gnutls_dh_params_t *dh_params) {
 	int r;
 	gnutls_dh_params_t params;

-	if (GNUTLS_E_SUCCESS != (r = gnutls_dh_params_init(&params))) return r;
-	if (GNUTLS_E_SUCCESS != (r = gnutls_dh_params_import_raw(params, &prime, &generator))) {
+	if (GNUTLS_E_SUCCESS > (r = gnutls_dh_params_init(&params))) return r;
+	if (GNUTLS_E_SUCCESS > (r = gnutls_dh_params_import_raw(params, &prime, &generator))) {
 		gnutls_dh_params_deinit(params);
 		return r;
 	}