From a3a25a4c8ad4cfa5ff36101b2b3eb3c7116e5c2e Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Sat, 17 Sep 2016 00:11:46 +0000
Subject: [PATCH] MbedTLS: A few more minor changes

Yeah, I know, I said I was happy with it and wouldn't be changing it.
However, the new GNUTLS backend I'm working on has prompted this.

E.g. MbedTLS error codes and GNUTLS error codes are both negative ints,
     but GNUTLS will not tolerate positive input values. Let's treat
     both backends the same.
---
 libratbox/src/mbedtls.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/libratbox/src/mbedtls.c b/libratbox/src/mbedtls.c
index 81c42e2b..bc22043f 100644
--- a/libratbox/src/mbedtls.c
+++ b/libratbox/src/mbedtls.c
@@ -228,7 +228,7 @@ rb_ssl_accept_common(rb_fde_t *const F, void *const data)
 	lrb_assert(F->accept->callback != NULL);
 	lrb_assert(F->ssl != NULL);
 
-	int ret = mbedtls_ssl_handshake(SSL_P(F));
+	const int ret = mbedtls_ssl_handshake(SSL_P(F));
 
 	switch(ret)
 	{
@@ -263,7 +263,7 @@ rb_ssl_connect_common(rb_fde_t *const F, void *const data)
 	lrb_assert(F != NULL);
 	lrb_assert(F->ssl != NULL);
 
-	int ret = mbedtls_ssl_handshake(SSL_P(F));
+	const int ret = mbedtls_ssl_handshake(SSL_P(F));
 
 	switch(ret)
 	{
@@ -527,7 +527,8 @@ rb_get_random(void *const buf, const size_t length)
 const char *
 rb_get_ssl_strerror(rb_fde_t *const F)
 {
-	return rb_ssl_strerror((int) F->ssl_errno);
+	const int err = (int) F->ssl_errno;
+	return rb_ssl_strerror(-err);
 }
 
 int
@@ -608,7 +609,7 @@ rb_ssl_read(rb_fde_t *const F, void *const buf, const size_t count)
 	lrb_assert(F != NULL);
 	lrb_assert(F->ssl != NULL);
 
-	int ret = mbedtls_ssl_read(SSL_P(F), buf, count);
+	const int ret = mbedtls_ssl_read(SSL_P(F), buf, count);
 
 	if(ret >= 0)
 		return (ssize_t) ret;
@@ -634,7 +635,7 @@ rb_ssl_write(rb_fde_t *const F, const void *const buf, const size_t count)
 	lrb_assert(F != NULL);
 	lrb_assert(F->ssl != NULL);
 
-	int ret = mbedtls_ssl_write(SSL_P(F), buf, count);
+	const int ret = mbedtls_ssl_write(SSL_P(F), buf, count);
 
 	if(ret >= 0)
 		return (ssize_t) ret;
@@ -663,6 +664,7 @@ rb_ssl_write(rb_fde_t *const F, const void *const buf, const size_t count)
 static void
 rb_ssl_connect_realcb(rb_fde_t *const F, const int status, struct ssl_connect *const sconn)
 {
+	lrb_assert(F != NULL);
 	lrb_assert(F->connect != NULL);
 
 	F->connect->callback = sconn->callback;
@@ -712,7 +714,7 @@ rb_sock_net_recv(void *const context_ptr, unsigned char *const buf, const size_t
 {
 	const int fd = rb_get_fd((rb_fde_t *)context_ptr);
 
-	int ret = (int) read(fd, buf, count);
+	const int ret = (int) read(fd, buf, count);
 
 	if(ret < 0 && rb_ignore_errno(errno))
 		return MBEDTLS_ERR_SSL_WANT_READ;
@@ -725,7 +727,7 @@ rb_sock_net_xmit(void *const context_ptr, const unsigned char *const buf, const
 {
 	const int fd = rb_get_fd((rb_fde_t *)context_ptr);
 
-	int ret = (int) write(fd, buf, count);
+	const int ret = (int) write(fd, buf, count);
 
 	if(ret < 0 && rb_ignore_errno(errno))
 		return MBEDTLS_ERR_SSL_WANT_WRITE;
@@ -829,6 +831,7 @@ rb_ssl_start_connected(rb_fde_t *const F, CNCB *const callback, void *const data
 	F->connect = rb_malloc(sizeof(struct conndata));
 	F->connect->callback = callback;
 	F->connect->data = data;
+
 	F->type |= RB_FD_SSL;
 
 	rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);