Convert a few more things from int to bool. Change-Id: Iee4b8bbe82ea700e3c9c6538f981662a90747642 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35786 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h index ee2952a..99993f2 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -2029,7 +2029,7 @@ // check_client_CA_list returns one if |names| is a good list of X.509 // distinguished names and zero otherwise. This is used to ensure that we can // reject unparsable values at handshake time when using crypto/x509. - int (*check_client_CA_list)(STACK_OF(CRYPTO_BUFFER) *names); + bool (*check_client_CA_list)(STACK_OF(CRYPTO_BUFFER) *names); // cert_clear frees and NULLs all X509 certificate-related state. void (*cert_clear)(CERT *cert); @@ -2046,35 +2046,35 @@ // session_cache_objects fills out |sess->x509_peer| and |sess->x509_chain| // from |sess->certs| and erases |sess->x509_chain_without_leaf|. It returns - // one on success or zero on error. - int (*session_cache_objects)(SSL_SESSION *session); + // true on success or false on error. + bool (*session_cache_objects)(SSL_SESSION *session); // session_dup duplicates any needed fields from |session| to |new_session|. - // It returns one on success or zero on error. - int (*session_dup)(SSL_SESSION *new_session, const SSL_SESSION *session); + // It returns true on success or false on error. + bool (*session_dup)(SSL_SESSION *new_session, const SSL_SESSION *session); // session_clear frees any X509-related state from |session|. void (*session_clear)(SSL_SESSION *session); // session_verify_cert_chain verifies the certificate chain in |session|, - // sets |session->verify_result| and returns one on success or zero on + // sets |session->verify_result| and returns true on success or false on // error. - int (*session_verify_cert_chain)(SSL_SESSION *session, SSL_HANDSHAKE *ssl, - uint8_t *out_alert); + bool (*session_verify_cert_chain)(SSL_SESSION *session, SSL_HANDSHAKE *ssl, + uint8_t *out_alert); // hs_flush_cached_ca_names drops any cached |X509_NAME|s from |hs|. void (*hs_flush_cached_ca_names)(SSL_HANDSHAKE *hs); - // ssl_new does any neccessary initialisation of |hs|. It returns one on - // success or zero on error. - int (*ssl_new)(SSL_HANDSHAKE *hs); + // ssl_new does any neccessary initialisation of |hs|. It returns true on + // success or false on error. + bool (*ssl_new)(SSL_HANDSHAKE *hs); // ssl_free frees anything created by |ssl_new|. void (*ssl_config_free)(SSL_CONFIG *cfg); // ssl_flush_cached_client_CA drops any cached |X509_NAME|s from |ssl|. void (*ssl_flush_cached_client_CA)(SSL_CONFIG *cfg); // ssl_auto_chain_if_needed runs the deprecated auto-chaining logic if // necessary. On success, it updates |ssl|'s certificate configuration as - // needed and returns one. Otherwise, it returns zero. - int (*ssl_auto_chain_if_needed)(SSL_HANDSHAKE *hs); - // ssl_ctx_new does any neccessary initialisation of |ctx|. It returns one on - // success or zero on error. - int (*ssl_ctx_new)(SSL_CTX *ctx); + // needed and returns true. Otherwise, it returns false. + bool (*ssl_auto_chain_if_needed)(SSL_HANDSHAKE *hs); + // ssl_ctx_new does any neccessary initialisation of |ctx|. It returns true on + // success or false on error. + bool (*ssl_ctx_new)(SSL_CTX *ctx); // ssl_ctx_free frees anything created by |ssl_ctx_new|. void (*ssl_ctx_free)(SSL_CTX *ctx); // ssl_ctx_flush_cached_client_CA drops any cached |X509_NAME|s from |ctx|.
diff --git a/ssl/ssl_x509.cc b/ssl/ssl_x509.cc index 841482f..f76118c 100644 --- a/ssl/ssl_x509.cc +++ b/ssl/ssl_x509.cc
@@ -200,19 +200,19 @@ // forms of elements of |chain|. It returns one on success or zero on error, in // which case no change to |cert->chain| is made. It preverses the existing // leaf from |cert->chain|, if any. -static int ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) { +static bool ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) { UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_chain; if (cert->chain != nullptr) { new_chain.reset(sk_CRYPTO_BUFFER_new_null()); if (!new_chain) { - return 0; + return false; } // |leaf| might be NULL if it's a “leafless” chain. CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0); if (!PushToStack(new_chain.get(), UpRef(leaf))) { - return 0; + return false; } } @@ -220,32 +220,32 @@ if (!new_chain) { new_chain = new_leafless_chain(); if (!new_chain) { - return 0; + return false; } } UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509); if (!buffer || !PushToStack(new_chain.get(), std::move(buffer))) { - return 0; + return false; } } cert->chain = std::move(new_chain); - return 1; + return true; } static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) { X509_free(cert->x509_leaf); - cert->x509_leaf = NULL; + cert->x509_leaf = nullptr; } static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) { sk_X509_pop_free(cert->x509_chain, X509_free); - cert->x509_chain = NULL; + cert->x509_chain = nullptr; } -static int ssl_crypto_x509_check_client_CA_list( +static bool ssl_crypto_x509_check_client_CA_list( STACK_OF(CRYPTO_BUFFER) *names) { for (const CRYPTO_BUFFER *buffer : names) { const uint8_t *inp = CRYPTO_BUFFER_data(buffer); @@ -253,11 +253,11 @@ d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer))); if (name == nullptr || inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer)) { - return 0; + return false; } } - return 1; + return true; } static void ssl_crypto_x509_cert_clear(CERT *cert) { @@ -265,7 +265,7 @@ ssl_crypto_x509_cert_flush_cached_chain(cert); X509_free(cert->x509_stash); - cert->x509_stash = NULL; + cert->x509_stash = nullptr; } static void ssl_crypto_x509_cert_free(CERT *cert) { @@ -274,19 +274,19 @@ } static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) { - if (cert->verify_store != NULL) { + if (cert->verify_store != nullptr) { X509_STORE_up_ref(cert->verify_store); new_cert->verify_store = cert->verify_store; } } -static int ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) { +static bool ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) { bssl::UniquePtr<STACK_OF(X509)> chain, chain_without_leaf; if (sk_CRYPTO_BUFFER_num(sess->certs.get()) > 0) { chain.reset(sk_X509_new_null()); if (!chain) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - return 0; + return false; } if (sess->is_server) { // chain_without_leaf is only needed for server sessions. See @@ -294,7 +294,7 @@ chain_without_leaf.reset(sk_X509_new_null()); if (!chain_without_leaf) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - return 0; + return false; } } } @@ -304,18 +304,18 @@ UniquePtr<X509> x509(X509_parse_from_buffer(cert)); if (!x509) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return 0; + return false; } if (leaf == nullptr) { leaf = UpRef(x509); } else if (chain_without_leaf && !PushToStack(chain_without_leaf.get(), UpRef(x509))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - return 0; + return false; } if (!PushToStack(chain.get(), std::move(x509))) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - return 0; + return false; } } @@ -327,50 +327,50 @@ X509_free(sess->x509_peer); sess->x509_peer = leaf.release(); - return 1; + return true; } -static int ssl_crypto_x509_session_dup(SSL_SESSION *new_session, - const SSL_SESSION *session) { +static bool ssl_crypto_x509_session_dup(SSL_SESSION *new_session, + const SSL_SESSION *session) { new_session->x509_peer = UpRef(session->x509_peer).release(); if (session->x509_chain != nullptr) { new_session->x509_chain = X509_chain_up_ref(session->x509_chain); if (new_session->x509_chain == nullptr) { - return 0; + return false; } } if (session->x509_chain_without_leaf != nullptr) { new_session->x509_chain_without_leaf = X509_chain_up_ref(session->x509_chain_without_leaf); if (new_session->x509_chain_without_leaf == nullptr) { - return 0; + return false; } } - return 1; + return true; } static void ssl_crypto_x509_session_clear(SSL_SESSION *session) { X509_free(session->x509_peer); - session->x509_peer = NULL; + session->x509_peer = nullptr; sk_X509_pop_free(session->x509_chain, X509_free); - session->x509_chain = NULL; + session->x509_chain = nullptr; sk_X509_pop_free(session->x509_chain_without_leaf, X509_free); - session->x509_chain_without_leaf = NULL; + session->x509_chain_without_leaf = nullptr; } -static int ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session, - SSL_HANDSHAKE *hs, - uint8_t *out_alert) { +static bool ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session, + SSL_HANDSHAKE *hs, + uint8_t *out_alert) { *out_alert = SSL_AD_INTERNAL_ERROR; STACK_OF(X509) *const cert_chain = session->x509_chain; - if (cert_chain == NULL || sk_X509_num(cert_chain) == 0) { - return 0; + if (cert_chain == nullptr || sk_X509_num(cert_chain) == 0) { + return false; } SSL_CTX *ssl_ctx = hs->ssl->ctx.get(); X509_STORE *verify_store = ssl_ctx->cert_store; - if (hs->config->cert->verify_store != NULL) { + if (hs->config->cert->verify_store != nullptr) { verify_store = hs->config->cert->verify_store; } @@ -378,11 +378,11 @@ ScopedX509_STORE_CTX ctx; if (!X509_STORE_CTX_init(ctx.get(), verify_store, leaf, cert_chain)) { OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB); - return 0; + return false; } if (!X509_STORE_CTX_set_ex_data( ctx.get(), SSL_get_ex_data_X509_STORE_CTX_idx(), hs->ssl)) { - return 0; + return false; } // We need to inherit the verify parameters. These can be determined by the @@ -400,7 +400,7 @@ } int verify_ret; - if (ssl_ctx->app_verify_callback != NULL) { + if (ssl_ctx->app_verify_callback != nullptr) { verify_ret = ssl_ctx->app_verify_callback(ctx.get(), ssl_ctx->app_verify_arg); } else { @@ -412,59 +412,59 @@ // If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result. if (verify_ret <= 0 && hs->config->verify_mode != SSL_VERIFY_NONE) { *out_alert = SSL_alert_from_verify_result(ctx->error); - return 0; + return false; } ERR_clear_error(); - return 1; + return true; } static void ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) { sk_X509_NAME_pop_free(hs->cached_x509_ca_names, X509_NAME_free); - hs->cached_x509_ca_names = NULL; + hs->cached_x509_ca_names = nullptr; } -static int ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) { +static bool ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) { hs->config->param = X509_VERIFY_PARAM_new(); - if (hs->config->param == NULL) { - return 0; + if (hs->config->param == nullptr) { + return false; } X509_VERIFY_PARAM_inherit(hs->config->param, hs->ssl->ctx->param); - return 1; + return true; } static void ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) { sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free); - cfg->cached_x509_client_CA = NULL; + cfg->cached_x509_client_CA = nullptr; } static void ssl_crypto_x509_ssl_config_free(SSL_CONFIG *cfg) { sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free); - cfg->cached_x509_client_CA = NULL; + cfg->cached_x509_client_CA = nullptr; X509_VERIFY_PARAM_free(cfg->param); } -static int ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) { +static bool ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) { // Only build a chain if there are no intermediates configured and the feature // isn't disabled. if ((hs->ssl->mode & SSL_MODE_NO_AUTO_CHAIN) || !ssl_has_certificate(hs) || hs->config->cert->chain == NULL || sk_CRYPTO_BUFFER_num(hs->config->cert->chain.get()) > 1) { - return 1; + return true; } UniquePtr<X509> leaf(X509_parse_from_buffer( sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0))); if (!leaf) { OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB); - return 0; + return false; } ScopedX509_STORE_CTX ctx; if (!X509_STORE_CTX_init(ctx.get(), hs->ssl->ctx->cert_store, leaf.get(), NULL)) { OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB); - return 0; + return false; } // Attempt to build a chain, ignoring the result. @@ -475,23 +475,23 @@ X509_free(sk_X509_shift(ctx->chain)); if (!ssl_cert_set_chain(hs->config->cert.get(), ctx->chain)) { - return 0; + return false; } ssl_crypto_x509_cert_flush_cached_chain(hs->config->cert.get()); - return 1; + return true; } static void ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) { sk_X509_NAME_pop_free(ctx->cached_x509_client_CA, X509_NAME_free); - ctx->cached_x509_client_CA = NULL; + ctx->cached_x509_client_CA = nullptr; } -static int ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) { +static bool ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) { ctx->cert_store = X509_STORE_new(); ctx->param = X509_VERIFY_PARAM_new(); - return (ctx->cert_store != NULL && ctx->param != NULL); + return (ctx->cert_store != nullptr && ctx->param != nullptr); } static void ssl_crypto_x509_ssl_ctx_free(SSL_CTX *ctx) {
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc index bc9410b..95fac4d 100644 --- a/ssl/tls_method.cc +++ b/ssl/tls_method.cc
@@ -125,9 +125,9 @@ ssl3_set_write_state, }; -static int ssl_noop_x509_check_client_CA_names( +static bool ssl_noop_x509_check_client_CA_names( STACK_OF(CRYPTO_BUFFER) *names) { - return 1; + return true; } static void ssl_noop_x509_clear(CERT *cert) {} @@ -135,29 +135,29 @@ static void ssl_noop_x509_dup(CERT *new_cert, const CERT *cert) {} static void ssl_noop_x509_flush_cached_leaf(CERT *cert) {} static void ssl_noop_x509_flush_cached_chain(CERT *cert) {} -static int ssl_noop_x509_session_cache_objects(SSL_SESSION *sess) { - return 1; +static bool ssl_noop_x509_session_cache_objects(SSL_SESSION *sess) { + return true; } -static int ssl_noop_x509_session_dup(SSL_SESSION *new_session, - const SSL_SESSION *session) { - return 1; +static bool ssl_noop_x509_session_dup(SSL_SESSION *new_session, + const SSL_SESSION *session) { + return true; } static void ssl_noop_x509_session_clear(SSL_SESSION *session) {} -static int ssl_noop_x509_session_verify_cert_chain(SSL_SESSION *session, - SSL_HANDSHAKE *hs, - uint8_t *out_alert) { - return 0; +static bool ssl_noop_x509_session_verify_cert_chain(SSL_SESSION *session, + SSL_HANDSHAKE *hs, + uint8_t *out_alert) { + return false; } static void ssl_noop_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {} -static int ssl_noop_x509_ssl_new(SSL_HANDSHAKE *hs) { return 1; } +static bool ssl_noop_x509_ssl_new(SSL_HANDSHAKE *hs) { return true; } static void ssl_noop_x509_ssl_config_free(SSL_CONFIG *cfg) {} static void ssl_noop_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) {} -static int ssl_noop_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) { - return 1; +static bool ssl_noop_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) { + return true; } -static int ssl_noop_x509_ssl_ctx_new(SSL_CTX *ctx) { return 1; } -static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) { } +static bool ssl_noop_x509_ssl_ctx_new(SSL_CTX *ctx) { return true; } +static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) {} static void ssl_noop_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {} const SSL_X509_METHOD ssl_noop_x509_method = {