SSL3_STATE ints to bools. Change-Id: I0f153a3e22f960f2b600919b6bacac76b7a95093 Reviewed-on: https://boringssl-review.googlesource.com/19944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc index cb447df..321e01d 100644 --- a/ssl/d1_both.cc +++ b/ssl/d1_both.cc
@@ -431,7 +431,7 @@ if (!ssl->s3->has_message) { ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, frag->data, frag->msg_len + DTLS1_HM_HEADER_LENGTH); - ssl->s3->has_message = 1; + ssl->s3->has_message = true; } return true; } @@ -443,7 +443,7 @@ dtls1_hm_fragment_free(ssl->d1->incoming_messages[index]); ssl->d1->incoming_messages[index] = NULL; ssl->d1->handshake_read_seq++; - ssl->s3->has_message = 0; + ssl->s3->has_message = false; // If we previously sent a flight, mark it as having a reply, so // |on_handshake_complete| can manage post-handshake retransmission. if (ssl->d1->outgoing_messages_complete) {
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index 49d931b..3469017 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc
@@ -581,7 +581,7 @@ ssl->version = server_version; // At this point, the connection's version is known and ssl->version is // fixed. Begin enforcing the record-layer version. - ssl->s3->have_version = 1; + ssl->s3->have_version = true; } else if (server_version != ssl->version) { OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION); @@ -630,7 +630,7 @@ ssl->session->session_id_length != 0 && CBS_mem_equal(&session_id, ssl->session->session_id, ssl->session->session_id_length)) { - ssl->s3->session_reused = 1; + ssl->s3->session_reused = true; } else { // The session wasn't resumed. Create a fresh SSL_SESSION to // fill out. @@ -1695,7 +1695,7 @@ } hs->handshake_finalized = true; - ssl->s3->initial_handshake_complete = 1; + ssl->s3->initial_handshake_complete = true; ssl_update_cache(hs, SSL_SESS_CACHE_CLIENT); hs->state = state_done;
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index eeb9f7f..f196db0 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc
@@ -275,7 +275,7 @@ // At this point, the connection's version is known and |ssl->version| is // fixed. Begin enforcing the record-layer version. - ssl->s3->have_version = 1; + ssl->s3->have_version = true; // Handle FALLBACK_SCSV. if (ssl_client_cipher_list_contains_cipher(client_hello, @@ -607,7 +607,7 @@ // Use the old session. hs->ticket_expected = renew_ticket; ssl->session = session.release(); - ssl->s3->session_reused = 1; + ssl->s3->session_reused = true; } else { hs->ticket_expected = tickets_supported; ssl_set_session(ssl, NULL); @@ -695,7 +695,7 @@ // known attack while we fix ChannelID itself. if (ssl->s3->tlsext_channel_id_valid && (hs->new_cipher->algorithm_mkey & SSL_kECDHE) == 0) { - ssl->s3->tlsext_channel_id_valid = 0; + ssl->s3->tlsext_channel_id_valid = false; } // If this is a resumption and the original handshake didn't support @@ -703,7 +703,7 @@ // session and so cannot resume with ChannelIDs. if (ssl->session != NULL && ssl->session->original_handshake_hash_len == 0) { - ssl->s3->tlsext_channel_id_valid = 0; + ssl->s3->tlsext_channel_id_valid = false; } struct OPENSSL_timeval now; @@ -1569,7 +1569,7 @@ } hs->handshake_finalized = true; - ssl->s3->initial_handshake_complete = 1; + ssl->s3->initial_handshake_complete = true; ssl_update_cache(hs, SSL_SESS_CACHE_SERVER); hs->state = state_done;
diff --git a/ssl/internal.h b/ssl/internal.h index 03b7f8b..b59de99 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -1567,8 +1567,8 @@ uint8_t sid_ctx_length; uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - // If enable_early_data is non-zero, early data can be sent and accepted. - unsigned enable_early_data:1; + // If enable_early_data is true, early data can be sent and accepted. + bool enable_early_data:1; }; // ssl_crypto_x509_method provides the |SSL_X509_METHOD| functions using @@ -1655,45 +1655,45 @@ // skip_early_data instructs the record layer to skip unexpected early data // messages when 0RTT is rejected. - unsigned skip_early_data:1; + bool skip_early_data:1; // have_version is true if the connection's final version is known. Otherwise // the version has not been negotiated yet. - unsigned have_version:1; + bool have_version:1; // v2_hello_done is true if the peer's V2ClientHello, if any, has been handled // and future messages should use the record layer. - unsigned v2_hello_done:1; + bool v2_hello_done:1; // is_v2_hello is true if the current handshake message was derived from a // V2ClientHello rather than received from the peer directly. - unsigned is_v2_hello:1; + bool is_v2_hello:1; // has_message is true if the current handshake message has been returned // at least once by |get_message| and false otherwise. - unsigned has_message:1; + bool has_message:1; // initial_handshake_complete is true if the initial handshake has // completed. - unsigned initial_handshake_complete:1; + bool initial_handshake_complete:1; // session_reused indicates whether a session was resumed. - unsigned session_reused:1; + bool session_reused:1; - unsigned send_connection_binding:1; + bool send_connection_binding:1; // In a client, this means that the server supported Channel ID and that a // Channel ID was sent. In a server it means that we echoed support for // Channel IDs and that tlsext_channel_id will be valid after the // handshake. - unsigned tlsext_channel_id_valid:1; + bool tlsext_channel_id_valid:1; - // key_update_pending is one if we have a KeyUpdate acknowledgment + // key_update_pending is true if we have a KeyUpdate acknowledgment // outstanding. - unsigned key_update_pending:1; + bool key_update_pending:1; - // wpend_pending is one if we have a pending write outstanding. - unsigned wpend_pending:1; + // wpend_pending is true if we have a pending write outstanding. + bool wpend_pending:1; uint8_t send_alert[2];
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc index 624ea24..dfa8bfa 100644 --- a/ssl/s3_both.cc +++ b/ssl/s3_both.cc
@@ -518,7 +518,7 @@ ssl_read_buffer_consume(ssl, 2 + msg_length); ssl_read_buffer_discard(ssl); - ssl->s3->is_v2_hello = 1; + ssl->s3->is_v2_hello = true; return 1; } @@ -553,7 +553,7 @@ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, CBS_data(&out->raw), CBS_len(&out->raw)); } - ssl->s3->has_message = 1; + ssl->s3->has_message = true; } return true; } @@ -590,7 +590,7 @@ if (ssl->server && !ssl->s3->v2_hello_done) { int ret = read_v2_client_hello(ssl); if (ret > 0) { - ssl->s3->v2_hello_done = 1; + ssl->s3->v2_hello_done = true; } return ret; } @@ -610,8 +610,8 @@ OPENSSL_memmove(ssl->init_buf->data, ssl->init_buf->data + CBS_len(&msg.raw), ssl->init_buf->length - CBS_len(&msg.raw)); ssl->init_buf->length -= CBS_len(&msg.raw); - ssl->s3->is_v2_hello = 0; - ssl->s3->has_message = 0; + ssl->s3->is_v2_hello = false; + ssl->s3->has_message = false; // Post-handshake messages are rare, so release the buffer after every // message. During the handshake, |on_handshake_complete| will release it.
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc index 9051b40..7afe3dd 100644 --- a/ssl/s3_pkt.cc +++ b/ssl/s3_pkt.cc
@@ -273,7 +273,7 @@ if (ret <= 0) { return ret; } - ssl->s3->wpend_pending = 0; + ssl->s3->wpend_pending = false; return ssl->s3->wpend_ret; } @@ -333,7 +333,7 @@ // Now that we've made progress on the connection, uncork KeyUpdate // acknowledgments. - ssl->s3->key_update_pending = 0; + ssl->s3->key_update_pending = false; // Memorize arguments so that ssl3_write_pending can detect bad write retries // later. @@ -341,7 +341,7 @@ ssl->s3->wpend_buf = buf; ssl->s3->wpend_type = type; ssl->s3->wpend_ret = len; - ssl->s3->wpend_pending = 1; + ssl->s3->wpend_pending = true; // We now just need to write the buffer. return ssl3_write_pending(ssl, type, buf, len);
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index ed97561..ee2cd89 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc
@@ -1090,7 +1090,7 @@ // Discard any unfinished writes from the perspective of |SSL_write|'s // retry. The handshake will transparently flush out the pending record // (discarded by the server) to keep the framing correct. - ssl->s3->wpend_pending = 0; + ssl->s3->wpend_pending = false; } static int bio_retry_reason_to_error(int reason) {
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 301096f..a978fb3 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc
@@ -805,7 +805,7 @@ *out_alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - ssl->s3->send_connection_binding = 1; + ssl->s3->send_connection_binding = true; return 1; } @@ -840,7 +840,7 @@ return 0; } - ssl->s3->send_connection_binding = 1; + ssl->s3->send_connection_binding = true; return 1; } @@ -1547,7 +1547,7 @@ // https://tools.ietf.org/html/draft-balfanz-tls-channelid-01 static void ext_channel_id_init(SSL_HANDSHAKE *hs) { - hs->ssl->s3->tlsext_channel_id_valid = 0; + hs->ssl->s3->tlsext_channel_id_valid = false; } static int ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { @@ -1579,7 +1579,7 @@ return 0; } - ssl->s3->tlsext_channel_id_valid = 1; + ssl->s3->tlsext_channel_id_valid = true; return 1; } @@ -1596,7 +1596,7 @@ return 0; } - ssl->s3->tlsext_channel_id_valid = 1; + ssl->s3->tlsext_channel_id_valid = true; return 1; } @@ -3373,7 +3373,7 @@ if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); - ssl->s3->tlsext_channel_id_valid = 0; + ssl->s3->tlsext_channel_id_valid = false; return 0; }
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc index 1b031d5..10b944f 100644 --- a/ssl/tls13_both.cc +++ b/ssl/tls13_both.cc
@@ -520,7 +520,7 @@ // wire. This prevents us from accumulating write obligations when read and // write progress at different rates. See draft-ietf-tls-tls13-18, section // 4.5.3. - ssl->s3->key_update_pending = 1; + ssl->s3->key_update_pending = true; } return 1;
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index 717a34d..df79960 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc
@@ -285,7 +285,7 @@ return ssl_hs_error; } - ssl->s3->session_reused = 1; + ssl->s3->session_reused = true; // Only authentication information carries over in TLS 1.3. hs->new_session = SSL_SESSION_dup(ssl->session, SSL_SESSION_DUP_AUTH_ONLY); if (!hs->new_session) {
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index 969f2ec..a46d0c8 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc
@@ -59,10 +59,10 @@ static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0}; -static int resolve_ecdhe_secret(SSL_HANDSHAKE *hs, int *out_need_retry, +static int resolve_ecdhe_secret(SSL_HANDSHAKE *hs, bool *out_need_retry, SSL_CLIENT_HELLO *client_hello) { SSL *const ssl = hs->ssl; - *out_need_retry = 0; + *out_need_retry = false; // We only support connections that include an ECDHE key exchange. CBS key_share; @@ -85,7 +85,7 @@ } if (!found_key_share) { - *out_need_retry = 1; + *out_need_retry = true; return 0; } @@ -394,7 +394,7 @@ return ssl_hs_error; } - ssl->s3->session_reused = 1; + ssl->s3->session_reused = true; // Resumption incorporates fresh key material, so refresh the timeout. ssl_session_renew_timeout(ssl, hs->new_session.get(), @@ -456,15 +456,15 @@ return ssl_hs_error; } } else if (hs->early_data_offered) { - ssl->s3->skip_early_data = 1; + ssl->s3->skip_early_data = true; } // Resolve ECDHE and incorporate it into the secret. - int need_retry; + bool need_retry; if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) { if (need_retry) { ssl->early_data_accepted = 0; - ssl->s3->skip_early_data = 1; + ssl->s3->skip_early_data = true; ssl->method->next_message(ssl); hs->tls13_state = state_send_hello_retry_request; return ssl_hs_ok; @@ -514,7 +514,7 @@ return ssl_hs_error; } - int need_retry; + bool need_retry; if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) { if (need_retry) { // Only send one HelloRetryRequest.
diff --git a/ssl/tls_record.cc b/ssl/tls_record.cc index eed6431..043ec62 100644 --- a/ssl/tls_record.cc +++ b/ssl/tls_record.cc
@@ -265,7 +265,7 @@ return ssl_open_record_error; } - ssl->s3->skip_early_data = 0; + ssl->s3->skip_early_data = false; if (!ssl_record_sequence_update(ssl->s3->read_sequence, 8)) { *out_alert = SSL_AD_INTERNAL_ERROR;