Changeset fd82e59 in mod_gnutls


Ignore:
Timestamp:
Feb 27, 2014, 2:26:26 AM (8 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
asyncio, debian/master, debian/stretch-backports, jessie-backports, master, proxy-ticket, upstream
Children:
c32240f
Parents:
8a30d35
Message:

use strict compiler arguments by default (-Wall -Werror -Wextra)

Because apache modules make heavy use of generic hooks that have to
have arguments that cover every corner use case, and we don't need all
that data, many mod_gnutls functions have unused parameters, which
have now been explicitly designated as unused.

We also have at least one generic function signature declared for our
interaction with GnuTLS as well, and we aren't using some of those
parameters either.

A useful future review might be to read up on how the unused
parameters are used by other apache modules or users of GnuTLS, to see
if we might gather useful ideas.

Files:
5 edited

Legend:

Unmodified
Added
Removed

  • configure.ac

    r8a30d35 rfd82e59  
    4242fi
    4343
     44AC_ARG_ENABLE(strict,
     45       AS_HELP_STRING([--disable-strict],
     46               [Avoid strict compiler warnings and errors]),
     47       use_strict=$enableval, use_strict=yes)
     48
     49STRICT_CFLAGS=""
     50if test "$use_strict" != "no"; then
     51        STRICT_CFLAGS="-Wall -Werror -Wextra"
     52fi
     53
    4454AC_MSG_CHECKING([whether to enable SRP functionality])
    4555AC_MSG_RESULT($use_srp)
     
    6676AC_SUBST(have_apr_memcache)
    6777
    68 MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
     78MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
    6979MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
    7080

  • src/gnutls_config.c

    r8a30d35 rfd82e59  
    5858}
    5959
    60 const char *mgs_set_dh_file(cmd_parms * parms, void *dummy,
     60const char *mgs_set_dh_file(cmd_parms * parms, void *dummy __attribute__((unused)),
    6161        const char *arg) {
    6262    int ret;
     
    101101}
    102102
    103 const char *mgs_set_cert_file(cmd_parms * parms, void *dummy, const char *arg) {
     103const char *mgs_set_cert_file(cmd_parms * parms, void *dummy __attribute__((unused)), const char *arg) {
    104104
    105105    int ret;
     
    130130}
    131131
    132 const char *mgs_set_key_file(cmd_parms * parms, void *dummy, const char *arg) {
     132const char *mgs_set_key_file(cmd_parms * parms, void *dummy __attribute__((unused)), const char *arg) {
    133133
    134134    int ret;
     
    174174}
    175175
    176 const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy,
     176const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy __attribute__((unused)),
    177177        const char *arg) {
    178178    int ret;
     
    214214}
    215215
    216 const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
     216const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy __attribute__((unused)),
    217217        const char *arg) {
    218218    int ret;
     
    255255}
    256256
    257 const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
     257const char *mgs_set_tickets(cmd_parms * parms, void *dummy __attribute__((unused)),
    258258        const char *arg) {
    259259    mgs_srvconf_rec *sc =
     
    273273#ifdef ENABLE_SRP
    274274
    275 const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy,
     275const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy __attribute__((unused)),
    276276        const char *arg) {
    277277    mgs_srvconf_rec *sc =
     
    285285}
    286286
    287 const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
     287const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy __attribute__((unused)),
    288288        const char *arg) {
    289289    mgs_srvconf_rec *sc =
     
    300300#endif
    301301
    302 const char *mgs_set_cache(cmd_parms * parms, void *dummy,
     302const char *mgs_set_cache(cmd_parms * parms, void *dummy __attribute__((unused)),
    303303        const char *type, const char *arg) {
    304304    const char *err;
     
    342342}
    343343
    344 const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
     344const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy __attribute__((unused)),
    345345        const char *arg) {
    346346    int argint;
     
    368368}
    369369
    370 const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy,
     370const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy __attribute__((unused)),
    371371        const char *arg) {
    372372    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)ap_get_module_config(parms->server->module_config, &gnutls_module);
     
    387387}
    388388
    389 const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
    390         const char *arg) {
     389const char *mgs_set_client_verify(cmd_parms * parms,
     390                                  void *dirconf,
     391                                  const char *arg) {
    391392    int mode;
    392393
     
    404405    /* This was set from a directory context */
    405406    if (parms->path) {
    406         mgs_dirconf_rec *dc = (mgs_dirconf_rec *) dummy;
     407        mgs_dirconf_rec *dc = (mgs_dirconf_rec *) dirconf;
    407408        dc->client_verify_mode = mode;
    408409    } else {
     
    419420#define INIT_CA_SIZE 128
    420421
    421 const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
     422const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy __attribute__((unused)),
    422423        const char *arg) {
    423424    int rv;
     
    481482}
    482483
    483 const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
     484const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy __attribute__((unused)),
    484485        const char *arg) {
    485486    int rv;
     
    521522}
    522523
    523 const char *mgs_set_proxy_engine(cmd_parms * parms, void *dummy,
     524const char *mgs_set_proxy_engine(cmd_parms * parms, void *dummy __attribute__((unused)),
    524525        const char *arg) {
    525526
     
    538539}
    539540
    540 const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
     541const char *mgs_set_enabled(cmd_parms * parms, void *dummy __attribute__((unused)),
    541542        const char *arg) {
    542543    mgs_srvconf_rec *sc =
     
    555556}
    556557
    557 const char *mgs_set_export_certificates_size(cmd_parms * parms, void *dummy, const char *arg) {
     558const char *mgs_set_export_certificates_size(cmd_parms * parms, void *dummy __attribute__((unused)), const char *arg) {
    558559    mgs_srvconf_rec *sc = (mgs_srvconf_rec *) ap_get_module_config(parms->server->module_config, &gnutls_module);
    559560    if (!strcasecmp(arg, "On")) {
     
    577578}
    578579
    579 const char *mgs_set_priorities(cmd_parms * parms, void *dummy, const char *arg) {
     580const char *mgs_set_priorities(cmd_parms * parms, void *dummy __attribute__((unused)), const char *arg) {
    580581
    581582        int ret;
     
    656657}
    657658
    658 void *mgs_config_server_create(apr_pool_t * p, server_rec * s) {
     659void *mgs_config_server_create(apr_pool_t * p,
     660                               server_rec * s __attribute__((unused))) {
    659661    char *err = NULL;
    660662    mgs_srvconf_rec *sc = _mgs_config_server_create(p, &err);
     
    715717#undef gnutls_srvconf_assign
    716718
    717 void *mgs_config_dir_merge(apr_pool_t * p, void *basev, void *addv) {
     719void *mgs_config_dir_merge(apr_pool_t * p,
     720                           void *basev __attribute__((unused)),
     721                           void *addv __attribute__((unused))) {
    718722    mgs_dirconf_rec *new;
    719723    /*    mgs_dirconf_rec *base = (mgs_dirconf_rec *) basev; */
     
    725729}
    726730
    727 void *mgs_config_dir_create(apr_pool_t * p, char *dir) {
     731void *mgs_config_dir_create(apr_pool_t * p,
     732                            char *dir __attribute__((unused))) {
    728733    mgs_dirconf_rec *dc = apr_palloc(p, sizeof (*dc));
    729734    dc->client_verify_mode = -1;

  • src/gnutls_hooks.c

    r8a30d35 rfd82e59  
    4444static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt);
    4545/* use side==0 for server and side==1 for client */
    46 static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side, int export_cert_size);
    47 static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side, int export_cert_size);
     46static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side, size_t export_cert_size);
     47static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side, size_t export_cert_size);
     48static int mgs_status_hook(request_rec *r, int flags);
     49#ifdef ENABLE_MSVA
    4850static const char* mgs_x509_construct_uid(request_rec * pool, gnutls_x509_crt_t cert);
    49 static int mgs_status_hook(request_rec *r, int flags);
     51#endif
    5052
    5153/* Pool Cleanup Function */
    52 apr_status_t mgs_cleanup_pre_config(void *data) {
     54apr_status_t mgs_cleanup_pre_config(void *data __attribute__((unused))) {
    5355        /* Free all session data */
    5456    gnutls_free(session_ticket_key.data);
     
    8385
    8486/* Pre-Configuration HOOK: Runs First */
    85 int mgs_hook_pre_config(apr_pool_t * pconf, apr_pool_t * plog, apr_pool_t * ptemp) {
     87int mgs_hook_pre_config(apr_pool_t * pconf, apr_pool_t * plog, apr_pool_t * ptemp __attribute__((unused))) {
    8688
    8789/* Maintainer Logging */
     
    169171
    170172static int cert_retrieve_fn(gnutls_session_t session,
    171                                                         const gnutls_datum_t * req_ca_rdn, int nreqs,
    172                                                         const gnutls_pk_algorithm_t * pk_algos, int pk_algos_length,
     173                                                        const gnutls_datum_t * req_ca_rdn __attribute__((unused)), int nreqs __attribute__((unused)),
     174                                                        const gnutls_pk_algorithm_t * pk_algos __attribute__((unused)), int pk_algos_length __attribute__((unused)),
    173175                                                        gnutls_retr2_st *ret) {
    174176
     
    303305}
    304306
    305 int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, apr_pool_t * ptemp, server_rec * base_server) {
     307int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog __attribute__((unused)), apr_pool_t * ptemp __attribute__((unused)), server_rec * base_server) {
    306308
    307309    int rv;
     
    589591}
    590592
    591 static int vhost_cb(void *baton, conn_rec * conn, server_rec * s) {
     593static int vhost_cb(void *baton, conn_rec * conn __attribute__((unused)), server_rec * s) {
    592594    mgs_srvconf_rec *tsc;
    593595    vhost_cb_rec *x = baton;
     
    728730}
    729731
    730 int mgs_hook_pre_connection(conn_rec * c, void *csd) {
     732int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused))) {
    731733    mgs_srvconf_rec *sc;
    732734
     
    900902#define MGS_SIDE(suffix) ((side==0) ? "SSL_SERVER" suffix : "SSL_CLIENT" suffix)
    901903
    902 static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side, int export_cert_size) {
     904static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side, size_t export_cert_size) {
    903905    unsigned char sbuf[64]; /* buffer to hold serials */
    904906    char buf[AP_IOBUFSIZE];
     
    10191021 * to use for the PEM-encoded certificate (0 means do not export)
    10201022 */
    1021 static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side, int export_cert_size) {
     1023static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side, size_t export_cert_size) {
    10221024
    10231025        unsigned char sbuf[64]; /* buffer to hold serials */
     
    13351337exit:
    13361338    if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_X509) {
    1337         int i;
     1339        unsigned int i;
    13381340        for (i = 0; i < ch_size; i++) {
    13391341            gnutls_x509_crt_deinit(cert.x509[i]);
     
    13471349}
    13481350
     1351#ifdef ENABLE_MSVA
     1352/* this section of code is used only when trying to talk to the MSVA */
    13491353static const char* mgs_x509_leaf_oid_from_dn(apr_pool_t *pool, const char* oid, gnutls_x509_crt_t cert) {
    13501354    int rv=GNUTLS_E_SUCCESS, i;
     
    13831387            data = apr_palloc(pool, sz);
    13841388            rv = gnutls_x509_crt_get_subject_alt_name2(cert, i, data, &sz, &thistype, NULL);
    1385             if (rv == target)
     1389            if (rv >=0 && (thistype == target))
    13861390                return data;
    13871391        }
     
    13901394    return NULL;
    13911395}
     1396
    13921397
    13931398/* Create a string representing a candidate User ID from an X.509
     
    15051510    return ret;
    15061511}
    1507 
    1508 static int mgs_status_hook(request_rec *r, int flags)
     1512#endif /* ENABLE_MSVA */
     1513
     1514static int mgs_status_hook(request_rec *r, int flags __attribute__((unused)))
    15091515{
    15101516    mgs_srvconf_rec *sc;

  • src/gnutls_io.c

    r8a30d35 rfd82e59  
    510510    if (ctxt->input_mode == AP_MODE_READBYTES ||
    511511            ctxt->input_mode == AP_MODE_SPECULATIVE) {
     512        if (readbytes < 0) {
     513            /* you're asking us to speculatively read a negative number of bytes! */
     514            return APR_ENOTIMPL;
     515        }
    512516        /* Err. This is bad. readbytes *can* be a 64bit int! len.. is NOT */
    513         if (readbytes < len) {
     517        if ((apr_size_t) readbytes < len) {
    514518            len = (apr_size_t) readbytes;
    515519        }
     
    573577
    574578apr_status_t mgs_filter_output(ap_filter_t * f, apr_bucket_brigade * bb) {
    575     apr_size_t ret;
     579    int ret;
    576580    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
    577581    apr_status_t status = APR_SUCCESS;
     
    672676                        return ctxt->output_rc;
    673677                    }
    674                 } else if (ret != len) {
     678                } else if ((apr_size_t)(ret) != len) {
     679                    /* we know the above cast is OK because len > 0 and ret >= 0 */
    675680                    /* Not able to send the entire bucket,
    676681                       split it and send it again. */

  • src/mod_gnutls.c

    r8a30d35 rfd82e59  
    2020#include "mod_gnutls.h"
    2121
    22 static void gnutls_hooks(apr_pool_t * p) {
     22static void gnutls_hooks(apr_pool_t * p __attribute__((unused))) {
    2323
    2424    /* Try Run Post-Config Hook After mod_proxy */
Note: See TracChangeset for help on using the changeset viewer.