lighttpd
/
lighttpd2
2
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[mod_gnutls] workaround gnutls API breakage, and prepare for future ones 

Change-Id: I1b97aa31fd1a7adb0107761d05bf81a4509e9fc9
personal/stbuehler/wip
Stefan Bühler 5 years ago
parent
9926bef92e
commit
3d2880258d
3 changed files with 35 additions and 35 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/modules/gnutls_filter.c
  2. 26
      src/modules/gnutls_ocsp.c
  3. 40
      src/modules/mod_gnutls.c

4
src/modules/gnutls_filter.c
View File

@ -193,7 +193,7 @@ static void f_abort_gnutls(liGnuTLSFilter *f) {
static void f_close_with_alert(liGnuTLSFilter *f, int r) {
if (f->closing || f->aborted) return;
if (GNUTLS_E_SUCCESS != gnutls_alert_send_appropriate(f->session, r)) {
if (GNUTLS_E_SUCCESS > gnutls_alert_send_appropriate(f->session, r)) {
f_abort_gnutls(f);
return;
}
@ -276,7 +276,7 @@ static gboolean do_gnutls_handshake(liGnuTLSFilter *f, gboolean writing) {
LI_FORCE_ASSERT(!f->initial_handshaked_finished);
r = gnutls_handshake(f->session);
if (GNUTLS_E_SUCCESS == r) {
if (GNUTLS_E_SUCCESS <= r) {
f->initial_handshaked_finished = 1;
li_stream_acquire(&f->plain_source);
li_stream_acquire(&f->plain_drain);

26
src/modules/gnutls_ocsp.c
View File

@ -39,7 +39,7 @@ static int get_entry(liServer *srv, ocsp_response_cert_entry* entry, gnutls_ocsp
if (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE == r) return r;
if (GNUTLS_E_SUCCESS != r) {
if (GNUTLS_E_SUCCESS > r) {
ERROR(srv, "Couldn't retrieve OCSP response information for entry %u (%s): %s",
ndx,
gnutls_strerror_name(r), gnutls_strerror(r));
@ -79,13 +79,13 @@ static gboolean add_response(liServer *srv, liGnuTLSOCSP *ocsp, gnutls_datum_t*
response.resp_data = *der_data;
der_data->data = NULL; der_data->size = 0;
if (GNUTLS_E_SUCCESS != (r = gnutls_ocsp_resp_init(&response.resp))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_ocsp_resp_init(&response.resp))) {
ERROR(srv, "gnutls_ocsp_resp_init (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error;
}
if (GNUTLS_E_SUCCESS != (r = gnutls_ocsp_resp_import(response.resp, &response.resp_data))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_ocsp_resp_import(response.resp, &response.resp_data))) {
ERROR(srv, "gnutls_ocsp_resp_import (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error;
@ -97,7 +97,7 @@ static gboolean add_response(liServer *srv, liGnuTLSOCSP *ocsp, gnutls_datum_t*
r = get_entry(srv, &entry, response.resp, i);
if (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE == r) break; /* got them all */
if (GNUTLS_E_SUCCESS != r) goto error;
if (GNUTLS_E_SUCCESS > r) goto error;
g_array_append_vals(response.certificates, &entry, 1);
@ -133,20 +133,20 @@ static int ctx_ocsp_response(gnutls_session_t session, void* ptr, gnutls_datum_t
size_t serial_size = ocsp->max_serial_length;
crt_datum = gnutls_certificate_get_ours(session); /* memory is NOT owned */
if (GNUTLS_E_SUCCESS != (r = gnutls_x509_crt_init(&crt))) goto cleanup;
if (GNUTLS_E_SUCCESS != (r = gnutls_x509_crt_import(crt, crt_datum, GNUTLS_X509_FMT_DER))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_x509_crt_init(&crt))) goto cleanup;
if (GNUTLS_E_SUCCESS > (r = gnutls_x509_crt_import(crt, crt_datum, GNUTLS_X509_FMT_DER))) {
gnutls_x509_crt_deinit(crt);
goto cleanup;
}
;
if (GNUTLS_E_SUCCESS != (r = gnutls_x509_crt_get_serial(crt, serial.data, &serial_size))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_x509_crt_get_serial(crt, serial.data, &serial_size))) {
gnutls_x509_crt_deinit(crt);
goto cleanup;
}
serial.size = serial_size;
if (GNUTLS_E_SUCCESS != (r = gnutls_x509_crt_get_raw_issuer_dn(crt, &issuer_name))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_x509_crt_get_raw_issuer_dn(crt, &issuer_name))) {
gnutls_x509_crt_deinit(crt);
goto cleanup;
}
@ -164,7 +164,7 @@ static int ctx_ocsp_response(gnutls_session_t session, void* ptr, gnutls_datum_t
if (serial.size != entry->serial.size
|| 0 != memcmp(serial.data, entry->serial.data, serial.size)) continue;
if (GNUTLS_E_SUCCESS != (r = gnutls_hash_fast(entry->digest, issuer_name.data, issuer_name.size, issuer_name_hash))) goto cleanup;
if (GNUTLS_E_SUCCESS > (r = gnutls_hash_fast(entry->digest, issuer_name.data, issuer_name.size, issuer_name_hash))) goto cleanup;
if (0 != memcmp(issuer_name_hash, entry->issuer_name_hash.data, entry->issuer_name_hash.size)) continue;
@ -217,7 +217,7 @@ gboolean li_gnutls_ocsp_add(liServer *srv, liGnuTLSOCSP *ocsp, const char* filen
gnutls_datum_t* der_data;
gboolean result = FALSE;
if (GNUTLS_E_SUCCESS != (r = gnutls_load_file(filename, &file))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_load_file(filename, &file))) {
ERROR(srv, "Failed to load OCSP file '%s' (%s): %s",
filename,
gnutls_strerror_name(r), gnutls_strerror(r));
@ -228,7 +228,7 @@ gboolean li_gnutls_ocsp_add(liServer *srv, liGnuTLSOCSP *ocsp, const char* filen
if (file.size > 20 && 0 == memcmp(file.data, CONST_STR_LEN("-----BEGIN "))) {
r = gnutls_pem_base64_decode_alloc("OCSP RESPONSE", &file, &decoded);
if (GNUTLS_E_SUCCESS != r) {
if (GNUTLS_E_SUCCESS > r) {
ERROR(srv, "gnutls_pem_base64_decode_alloc failed to decode OCSP RESPONSE from '%s' (%s): %s",
filename,
gnutls_strerror_name(r), gnutls_strerror(r));
@ -256,7 +256,7 @@ gboolean li_gnutls_ocsp_search(liServer *srv, liGnuTLSOCSP *ocsp, const char* fi
gnutls_datum_t decoded = { NULL, 0 };
gboolean result = FALSE;
if (GNUTLS_E_SUCCESS != (r = gnutls_load_file(filename, &file))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_load_file(filename, &file))) {
ERROR(srv, "Failed to load OCSP file '%s' (%s): %s",
filename,
gnutls_strerror_name(r), gnutls_strerror(r));
@ -265,7 +265,7 @@ gboolean li_gnutls_ocsp_search(liServer *srv, liGnuTLSOCSP *ocsp, const char* fi
r = gnutls_pem_base64_decode_alloc("OCSP RESPONSE", &file, &decoded);
if (GNUTLS_E_SUCCESS == r) {
if (GNUTLS_E_SUCCESS <= r) {
result = add_response(srv, ocsp, &decoded);
if (!result) {
ERROR(srv, "Failed loading OCSP response from '%s'", filename);

40
src/modules/mod_gnutls.c
View File

@ -123,7 +123,7 @@ static gnutls_certificate_credentials_t creds_from_gstring(mod_context *ctx, GSt
if (NULL == str) return NULL;
if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_allocate_credentials(&creds))) return NULL;
if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_allocate_credentials(&creds))) return NULL;
pemfile.data = (unsigned char*) str->str;
pemfile.size = str->len;
@ -132,7 +132,7 @@ static gnutls_certificate_credentials_t creds_from_gstring(mod_context *ctx, GSt
gnutls_certificate_set_pin_function(creds, pin_callback, ctx->pin);
#endif
if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_set_x509_key_mem(creds, &pemfile, &pemfile, GNUTLS_X509_FMT_PEM))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_set_x509_key_mem(creds, &pemfile, &pemfile, GNUTLS_X509_FMT_PEM))) {
goto error_free_creds;
}
@ -256,21 +256,21 @@ static mod_context *mod_gnutls_context_new(liServer *srv) {
mod_context *ctx = g_slice_new0(mod_context);
int r;
if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_allocate_credentials(&ctx->server_cert))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_allocate_credentials(&ctx->server_cert))) {
ERROR(srv, "gnutls_certificate_allocate_credentials failed(%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error0;
}
if (GNUTLS_E_SUCCESS != (r = gnutls_priority_init(&ctx->server_priority, "NORMAL", NULL))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_priority_init(&ctx->server_priority, "NORMAL", NULL))) {
ERROR(srv, "gnutls_priority_init('NORMAL') failed(%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error1;
}
if (GNUTLS_E_SUCCESS != (r = gnutls_priority_init(&ctx->server_priority_beast, "NORMAL:-CIPHER-ALL:+ARCFOUR-128", NULL))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_priority_init(&ctx->server_priority_beast, "NORMAL:-CIPHER-ALL:+ARCFOUR-128", NULL))) {
int r1;
if (GNUTLS_E_SUCCESS != (r1 = gnutls_priority_init(&ctx->server_priority_beast, "NORMAL", NULL))) {
if (GNUTLS_E_SUCCESS > (r1 = gnutls_priority_init(&ctx->server_priority_beast, "NORMAL", NULL))) {
ERROR(srv, "gnutls_priority_init('NORMAL') failed(%s): %s",
gnutls_strerror_name(r1), gnutls_strerror(r1));
goto error2;
@ -281,7 +281,7 @@ static mod_context *mod_gnutls_context_new(liServer *srv) {
}
#ifdef HAVE_SESSION_TICKET
if (GNUTLS_E_SUCCESS != (r = gnutls_session_ticket_key_generate(&ctx->ticket_key))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_session_ticket_key_generate(&ctx->ticket_key))) {
ERROR(srv, "gnutls_session_ticket_key_generate failed(%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error3;
@ -531,7 +531,7 @@ static gboolean mod_gnutls_con_new(liConnection *con, int fd) {
gnutls_session_t session;
int r;
if (GNUTLS_E_SUCCESS != (r = gnutls_init(&session, GNUTLS_SERVER))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_init(&session, GNUTLS_SERVER))) {
ERROR(srv, "gnutls_init (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
return FALSE;
@ -539,12 +539,12 @@ static gboolean mod_gnutls_con_new(liConnection *con, int fd) {
mod_gnutls_context_acquire(ctx);
if (GNUTLS_E_SUCCESS != (r = gnutls_priority_set(session, ctx->server_priority))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_priority_set(session, ctx->server_priority))) {
ERROR(srv, "gnutls_priority_set (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
}
if (GNUTLS_E_SUCCESS != (r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->server_cert))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->server_cert))) {
ERROR(srv, "gnutls_credentials_set (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
@ -558,7 +558,7 @@ static gboolean mod_gnutls_con_new(liConnection *con, int fd) {
}
#ifdef HAVE_SESSION_TICKET
if (GNUTLS_E_SUCCESS != (r = gnutls_session_ticket_enable_server(session, &ctx->ticket_key))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_session_ticket_enable_server(session, &ctx->ticket_key))) {
ERROR(srv, "gnutls_session_ticket_enable_server (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
@ -703,7 +703,7 @@ static gboolean creds_add_pemfile(liServer *srv, mod_context *ctx, gnutls_certif
return FALSE;
}
if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_set_x509_key_file(creds, certfile, keyfile, GNUTLS_X509_FMT_PEM))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_set_x509_key_file(creds, certfile, keyfile, GNUTLS_X509_FMT_PEM))) {
ERROR(srv, "gnutls_certificate_set_x509_key_file failed(certfile '%s', keyfile '%s', PEM) (%s): %s",
certfile, keyfile,
gnutls_strerror_name(r), gnutls_strerror(r));
@ -891,7 +891,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
}
if (NULL != sni_fallback_pemfile) {
if (GNUTLS_E_SUCCESS != (r = gnutls_certificate_allocate_credentials(&ctx->sni_fallback_cert))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_certificate_allocate_credentials(&ctx->sni_fallback_cert))) {
ERROR(srv, "gnutls_certificate_allocate_credentials failed(%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error_free_ctx;
@ -933,7 +933,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
GError *error = NULL;
gnutls_datum_t pkcs3_params;
if (GNUTLS_E_SUCCESS != (r = gnutls_dh_params_init(&ctx->dh_params))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_dh_params_init(&ctx->dh_params))) {
ERROR(srv, "gnutls_dh_params_init failed (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error_free_ctx;
@ -951,14 +951,14 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
r = gnutls_dh_params_import_pkcs3(ctx->dh_params, &pkcs3_params, GNUTLS_X509_FMT_PEM);
g_free(contents);
if (GNUTLS_E_SUCCESS != r) {
if (GNUTLS_E_SUCCESS > r) {
ERROR(srv, "couldn't load dh parameters from file '%s' (%s): %s",
dh_params_file,
gnutls_strerror_name(r), gnutls_strerror(r));
goto error_free_ctx;
}
} else {
if (GNUTLS_E_SUCCESS != (r = load_dh_params_4096(&ctx->dh_params))) {
if (GNUTLS_E_SUCCESS > (r = load_dh_params_4096(&ctx->dh_params))) {
ERROR(srv, "couldn't load dh parameters(%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error_free_ctx;
@ -977,7 +977,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
gnutls_priority_t prio;
GString *s = srv->main_worker->tmp_str;
if (GNUTLS_E_SUCCESS != (r = gnutls_priority_init(&prio, priority, &errpos))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_priority_init(&prio, priority, &errpos))) {
ERROR(srv, "gnutls_priority_init failed(priority '%s', error at '%s') (%s): %s",
priority, errpos,
gnutls_strerror_name(r), gnutls_strerror(r));
@ -990,7 +990,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
if (protect_against_beast) {
g_string_assign(s, priority);
g_string_append_len(s, CONST_STR_LEN(":-CIPHER-ALL:+ARCFOUR-128"));
if (GNUTLS_E_SUCCESS != (r = gnutls_priority_init(&prio, s->str, &errpos))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_priority_init(&prio, s->str, &errpos))) {
ERROR(srv, "gnutls_priority_init failed(priority '%s', error at '%s') (%s): %s",
s->str, errpos,
gnutls_strerror_name(r), gnutls_strerror(r));
@ -1145,8 +1145,8 @@ static int load_dh_params_4096(gnutls_dh_params_t *dh_params) {
int r;
gnutls_dh_params_t params;
if (GNUTLS_E_SUCCESS != (r = gnutls_dh_params_init(&params))) return r;
if (GNUTLS_E_SUCCESS != (r = gnutls_dh_params_import_raw(params, &prime, &generator))) {
if (GNUTLS_E_SUCCESS > (r = gnutls_dh_params_init(&params))) return r;
if (GNUTLS_E_SUCCESS > (r = gnutls_dh_params_import_raw(params, &prime, &generator))) {
gnutls_dh_params_deinit(params);
return r;
}

Write Preview
Loading…
Cancel
Save