Switch all the extension callbacks to bools.
Change-Id: I4d24f7666aa862f2aaac91b6325a452ce2f219eb
Reviewed-on: https://boringssl-review.googlesource.com/21624
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index a0cca3c..5d27f63 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -537,52 +537,52 @@
// The add callbacks receive a |CBB| to which the extension can be appended but
// the function is responsible for appending the type and length bytes too.
//
-// All callbacks return one for success and zero for error. If a parse function
-// returns zero then a fatal alert with value |*out_alert| will be sent. If
-// |*out_alert| isn't set, then a |decode_error| alert will be sent.
+// All callbacks return true for success and false for error. If a parse
+// function returns zero then a fatal alert with value |*out_alert| will be
+// sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent.
struct tls_extension {
uint16_t value;
void (*init)(SSL_HANDSHAKE *hs);
- int (*add_clienthello)(SSL_HANDSHAKE *hs, CBB *out);
- int (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents);
+ bool (*add_clienthello)(SSL_HANDSHAKE *hs, CBB *out);
+ bool (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents);
- int (*parse_clienthello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents);
- int (*add_serverhello)(SSL_HANDSHAKE *hs, CBB *out);
+ bool (*parse_clienthello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents);
+ bool (*add_serverhello)(SSL_HANDSHAKE *hs, CBB *out);
};
-static int forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
if (contents != NULL) {
// Servers MUST NOT send this extension.
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
// This extension from the client is handled elsewhere.
- return 1;
+ return true;
}
-static int dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
- return 1;
+static bool dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+ return true;
}
// Server name indication (SNI).
//
// https://tools.ietf.org/html/rfc6066#section-3.
-static int ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (ssl->tlsext_hostname == NULL) {
- return 1;
+ return true;
}
CBB contents, server_name_list, name;
@@ -594,24 +594,24 @@
!CBB_add_bytes(&name, (const uint8_t *)ssl->tlsext_hostname,
strlen(ssl->tlsext_hostname)) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
// The server may acknowledge SNI with an empty extension. We check the syntax
// but otherwise ignore this signal.
return contents == NULL || CBS_len(contents) == 0;
}
-static int ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
CBS server_name_list, host_name;
@@ -628,7 +628,7 @@
!CBS_get_u16_length_prefixed(&server_name_list, &host_name) ||
CBS_len(&server_name_list) != 0 ||
CBS_len(contents) != 0) {
- return 0;
+ return false;
}
if (name_type != TLSEXT_NAMETYPE_host_name ||
@@ -636,31 +636,31 @@
CBS_len(&host_name) > TLSEXT_MAXLEN_host_name ||
CBS_contains_zero_byte(&host_name)) {
*out_alert = SSL_AD_UNRECOGNIZED_NAME;
- return 0;
+ return false;
}
// Copy the hostname as a string.
if (!CBS_strdup(&host_name, &ssl->s3->hostname)) {
*out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ return false;
}
hs->should_ack_sni = true;
- return 1;
+ return true;
}
-static int ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
if (hs->ssl->s3->session_reused ||
!hs->should_ack_sni) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_server_name) ||
!CBB_add_u16(out, 0 /* length */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -668,11 +668,11 @@
//
// https://tools.ietf.org/html/rfc5746
-static int ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
// Renegotiation indication is not necessary in TLS 1.3.
if (hs->min_version >= TLS1_3_VERSION) {
- return 1;
+ return true;
}
assert(ssl->s3->initial_handshake_complete ==
@@ -685,18 +685,18 @@
!CBB_add_bytes(&prev_finished, ssl->s3->previous_client_finished,
ssl->s3->previous_client_finished_len) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents != NULL && ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
// Servers may not switch between omitting the extension and supporting it.
@@ -705,7 +705,7 @@
(contents != NULL) != ssl->s3->send_connection_binding) {
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
- return 0;
+ return false;
}
if (contents == NULL) {
@@ -716,7 +716,7 @@
//
// OpenSSL has |SSL_OP_LEGACY_SERVER_CONNECT| to control this, but in
// practical terms every client sets it so it's just assumed here.
- return 1;
+ return true;
}
const size_t expected_len = ssl->s3->previous_client_finished_len +
@@ -736,64 +736,64 @@
CBS_len(contents) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
// Check that the extension matches.
if (CBS_len(&renegotiated_connection) != expected_len) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
- return 0;
+ return false;
}
const uint8_t *d = CBS_data(&renegotiated_connection);
- int ok = CRYPTO_memcmp(d, ssl->s3->previous_client_finished,
- ssl->s3->previous_client_finished_len) == 0;
+ bool ok = CRYPTO_memcmp(d, ssl->s3->previous_client_finished,
+ ssl->s3->previous_client_finished_len) == 0;
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- ok = 1;
+ ok = true;
#endif
if (!ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
- return 0;
+ return false;
}
d += ssl->s3->previous_client_finished_len;
ok = CRYPTO_memcmp(d, ssl->s3->previous_server_finished,
ssl->s3->previous_server_finished_len) == 0;
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- ok = 1;
+ ok = true;
#endif
if (!ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
- return 0;
+ return false;
}
ssl->s3->send_connection_binding = true;
- return 1;
+ return true;
}
-static int ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
// Renegotiation isn't supported as a server so this function should never be
// called after the initial handshake.
assert(!ssl->s3->initial_handshake_complete);
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
- return 1;
+ return true;
}
if (contents == NULL) {
- return 1;
+ return true;
}
CBS renegotiated_connection;
if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
CBS_len(contents) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
- return 0;
+ return false;
}
// Check that the extension matches. We do not support renegotiation as a
@@ -801,31 +801,31 @@
if (CBS_len(&renegotiated_connection) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
- return 0;
+ return false;
}
ssl->s3->send_connection_binding = true;
- return 1;
+ return true;
}
-static int ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
// Renegotiation isn't supported as a server so this function should never be
// called after the initial handshake.
assert(!ssl->s3->initial_handshake_complete);
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
!CBB_add_u16(out, 1 /* length */) ||
!CBB_add_u8(out, 0 /* empty renegotiation info */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -833,29 +833,29 @@
//
// https://tools.ietf.org/html/rfc7627
-static int ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
// Extended master secret is not necessary in TLS 1.3.
if (hs->min_version >= TLS1_3_VERSION || hs->max_version <= SSL3_VERSION) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
!CBB_add_u16(out, 0 /* length */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents != NULL) {
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
ssl->version == SSL3_VERSION ||
CBS_len(contents) != 0) {
- return 0;
+ return false;
}
hs->extended_master_secret = true;
@@ -867,43 +867,43 @@
!!ssl->s3->established_session->extended_master_secret) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
uint16_t version = ssl3_protocol_version(hs->ssl);
if (version >= TLS1_3_VERSION ||
version == SSL3_VERSION) {
- return 1;
+ return true;
}
if (contents == NULL) {
- return 1;
+ return true;
}
if (CBS_len(contents) != 0) {
- return 0;
+ return false;
}
hs->extended_master_secret = true;
- return 1;
+ return true;
}
-static int ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
if (!hs->extended_master_secret) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
!CBB_add_u16(out, 0 /* length */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -911,12 +911,12 @@
//
// https://tools.ietf.org/html/rfc5077
-static int ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
// TLS 1.3 uses a different ticket extension.
if (hs->min_version >= TLS1_3_VERSION ||
SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
- return 1;
+ return true;
}
const uint8_t *ticket_data = NULL;
@@ -940,21 +940,21 @@
!CBB_add_u16_length_prefixed(out, &ticket) ||
!CBB_add_bytes(&ticket, ticket_data, ticket_len) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
- return 0;
+ return false;
}
// If |SSL_OP_NO_TICKET| is set then no extension will have been sent and
@@ -963,16 +963,16 @@
assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0);
if (CBS_len(contents) != 0) {
- return 0;
+ return false;
}
hs->ticket_expected = true;
- return 1;
+ return true;
}
-static int ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
if (!hs->ticket_expected) {
- return 1;
+ return true;
}
// If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true.
@@ -980,10 +980,10 @@
if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
!CBB_add_u16(out, 0 /* length */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -991,10 +991,10 @@
//
// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-static int ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (hs->max_version < TLS1_2_VERSION) {
- return 1;
+ return true;
}
CBB contents, sigalgs_cbb;
@@ -1003,17 +1003,17 @@
!CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
hs->peer_sigalgs.Reset();
if (contents == NULL) {
- return 1;
+ return true;
}
CBS supported_signature_algorithms;
@@ -1021,10 +1021,10 @@
CBS_len(contents) != 0 ||
CBS_len(&supported_signature_algorithms) == 0 ||
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -1032,10 +1032,10 @@
//
// https://tools.ietf.org/html/rfc6066#section-8
-static int ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (!ssl->ocsp_stapling_enabled) {
- return 1;
+ return true;
}
CBB contents;
@@ -1045,28 +1045,28 @@
!CBB_add_u16(&contents, 0 /* empty responder ID list */) ||
!CBB_add_u16(&contents, 0 /* empty request extensions */) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
// TLS 1.3 OCSP responses are included in the Certificate extensions.
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
- return 0;
+ return false;
}
// OCSP stapling is forbidden on non-certificate ciphers.
if (CBS_len(contents) != 0 ||
!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
- return 0;
+ return false;
}
// Note this does not check for resumption in TLS 1.2. Sending
@@ -1074,35 +1074,35 @@
// specification does not say anything. Tolerate it but ignore it.
hs->certificate_status_expected = true;
- return 1;
+ return true;
}
-static int ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
if (contents == NULL) {
- return 1;
+ return true;
}
uint8_t status_type;
if (!CBS_get_u8(contents, &status_type)) {
- return 0;
+ return false;
}
// We cannot decide whether OCSP stapling will occur yet because the correct
// SSL_CTX might not have been selected.
hs->ocsp_stapling_requested = status_type == TLSEXT_STATUSTYPE_ocsp;
- return 1;
+ return true;
}
-static int ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
!hs->ocsp_stapling_requested ||
ssl->cert->ocsp_response == NULL ||
ssl->s3->session_reused ||
!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
- return 1;
+ return true;
}
hs->certificate_status_expected = true;
@@ -1116,31 +1116,31 @@
//
// https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html
-static int ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (ssl->s3->initial_handshake_complete ||
ssl->ctx->next_proto_select_cb == NULL ||
SSL_is_dtls(ssl)) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_next_proto_neg) ||
!CBB_add_u16(out, 0 /* length */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
- return 0;
+ return false;
}
// If any of these are false then we should never have sent the NPN
@@ -1154,7 +1154,7 @@
// NPN and ALPN may not be negotiated in the same connection.
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
- return 0;
+ return false;
}
const uint8_t *const orig_contents = CBS_data(contents);
@@ -1164,7 +1164,7 @@
CBS proto;
if (!CBS_get_u8_length_prefixed(contents, &proto) ||
CBS_len(&proto) == 0) {
- return 0;
+ return false;
}
}
@@ -1174,7 +1174,7 @@
ssl, &selected, &selected_len, orig_contents, orig_len,
ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) {
*out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ return false;
}
OPENSSL_free(ssl->s3->next_proto_negotiated);
@@ -1182,43 +1182,43 @@
(uint8_t *)BUF_memdup(selected, selected_len);
if (ssl->s3->next_proto_negotiated == NULL) {
*out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ return false;
}
ssl->s3->next_proto_negotiated_len = selected_len;
hs->next_proto_neg_seen = true;
- return 1;
+ return true;
}
-static int ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
- return 1;
+ return true;
}
if (contents != NULL && CBS_len(contents) != 0) {
- return 0;
+ return false;
}
if (contents == NULL ||
ssl->s3->initial_handshake_complete ||
ssl->ctx->next_protos_advertised_cb == NULL ||
SSL_is_dtls(ssl)) {
- return 1;
+ return true;
}
hs->next_proto_neg_seen = true;
- return 1;
+ return true;
}
-static int ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
// |next_proto_neg_seen| might have been cleared when an ALPN extension was
// parsed.
if (!hs->next_proto_neg_seen) {
- return 1;
+ return true;
}
const uint8_t *npa;
@@ -1228,7 +1228,7 @@
ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) !=
SSL_TLSEXT_ERR_OK) {
hs->next_proto_neg_seen = false;
- return 1;
+ return true;
}
CBB contents;
@@ -1236,10 +1236,10 @@
!CBB_add_u16_length_prefixed(out, &contents) ||
!CBB_add_bytes(&contents, npa, npa_len) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -1247,31 +1247,31 @@
//
// https://tools.ietf.org/html/rfc6962#section-3.3.1
-static int ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (!ssl->signed_cert_timestamps_enabled) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) ||
!CBB_add_u16(out, 0 /* length */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
// TLS 1.3 SCTs are included in the Certificate extensions.
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
// If this is false then we should never have sent the SCT extension in the
@@ -1280,7 +1280,7 @@
if (!ssl_is_sct_list_valid(contents)) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
// Session resumption uses the original session information. The extension
@@ -1294,34 +1294,34 @@
CRYPTO_BUFFER_new_from_CBS(contents, ssl->ctx->pool);
if (hs->new_session->signed_cert_timestamp_list == nullptr) {
*out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
-static int ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
if (contents == NULL) {
- return 1;
+ return true;
}
if (CBS_len(contents) != 0) {
- return 0;
+ return false;
}
hs->scts_requested = true;
- return 1;
+ return true;
}
-static int ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
// The extension shouldn't be sent when resuming sessions.
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
ssl->s3->session_reused ||
ssl->cert->signed_cert_timestamp_list == NULL) {
- return 1;
+ return true;
}
CBB contents;
@@ -1339,11 +1339,11 @@
//
// https://tools.ietf.org/html/rfc7301
-static int ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (ssl->alpn_client_proto_list == NULL ||
ssl->s3->initial_handshake_complete) {
- return 1;
+ return true;
}
CBB contents, proto_list;
@@ -1353,17 +1353,17 @@
!CBB_add_bytes(&proto_list, ssl->alpn_client_proto_list,
ssl->alpn_client_proto_list_len) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
assert(!ssl->s3->initial_handshake_complete);
@@ -1373,7 +1373,7 @@
// NPN and ALPN may not be negotiated in the same connection.
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
- return 0;
+ return false;
}
// The extension data consists of a ProtocolNameList which must have
@@ -1385,12 +1385,12 @@
// Empty protocol names are forbidden.
CBS_len(&protocol_name) == 0 ||
CBS_len(&protocol_name_list) != 0) {
- return 0;
+ return false;
}
if (!ssl->ctx->allow_unknown_alpn_protos) {
// Check that the protocol name is one of the ones we advertised.
- int protocol_ok = 0;
+ bool protocol_ok = false;
CBS client_protocol_name_list, client_protocol_name;
CBS_init(&client_protocol_name_list, ssl->alpn_client_proto_list,
ssl->alpn_client_proto_list_len);
@@ -1398,14 +1398,14 @@
if (!CBS_get_u8_length_prefixed(&client_protocol_name_list,
&client_protocol_name)) {
*out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ return false;
}
if (CBS_len(&client_protocol_name) == CBS_len(&protocol_name) &&
OPENSSL_memcmp(CBS_data(&client_protocol_name),
CBS_data(&protocol_name),
CBS_len(&protocol_name)) == 0) {
- protocol_ok = 1;
+ protocol_ok = true;
break;
}
}
@@ -1413,21 +1413,21 @@
if (!protocol_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
}
if (!CBS_stow(&protocol_name, &ssl->s3->alpn_selected,
&ssl->s3->alpn_selected_len)) {
*out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- const SSL_CLIENT_HELLO *client_hello) {
+bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ const SSL_CLIENT_HELLO *client_hello) {
SSL *const ssl = hs->ssl;
CBS contents;
if (ssl->ctx->alpn_select_cb == NULL ||
@@ -1435,7 +1435,7 @@
client_hello, &contents,
TLSEXT_TYPE_application_layer_protocol_negotiation)) {
// Ignore ALPN if not configured or no extension was supplied.
- return 1;
+ return true;
}
// ALPN takes precedence over NPN.
@@ -1447,7 +1447,7 @@
CBS_len(&protocol_name_list) < 2) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
// Validate the protocol list.
@@ -1460,7 +1460,7 @@
CBS_len(&protocol_name) == 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
}
@@ -1474,18 +1474,18 @@
ssl->s3->alpn_selected = (uint8_t *)BUF_memdup(selected, selected_len);
if (ssl->s3->alpn_selected == NULL) {
*out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ return false;
}
ssl->s3->alpn_selected_len = selected_len;
}
- return 1;
+ return true;
}
-static int ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (ssl->s3->alpn_selected == NULL) {
- return 1;
+ return true;
}
CBB contents, proto_list, proto;
@@ -1496,10 +1496,10 @@
!CBB_add_bytes(&proto, ssl->s3->alpn_selected,
ssl->s3->alpn_selected_len) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -1511,68 +1511,70 @@
hs->ssl->s3->tlsext_channel_id_valid = false;
}
-static int ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (!ssl->tlsext_channel_id_enabled ||
SSL_is_dtls(ssl)) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
!CBB_add_u16(out, 0 /* length */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert, CBS *contents) {
+static bool ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
assert(!SSL_is_dtls(ssl));
assert(ssl->tlsext_channel_id_enabled);
if (CBS_len(contents) != 0) {
- return 0;
+ return false;
}
ssl->s3->tlsext_channel_id_valid = true;
- return 1;
+ return true;
}
-static int ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert, CBS *contents) {
+static bool ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL ||
!ssl->tlsext_channel_id_enabled ||
SSL_is_dtls(ssl)) {
- return 1;
+ return true;
}
if (CBS_len(contents) != 0) {
- return 0;
+ return false;
}
ssl->s3->tlsext_channel_id_valid = true;
- return 1;
+ return true;
}
-static int ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (!ssl->s3->tlsext_channel_id_valid) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
!CBB_add_u16(out, 0 /* length */)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -1585,40 +1587,40 @@
hs->ssl->srtp_profile = NULL;
}
-static int ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
if (profiles == NULL ||
sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0) {
- return 1;
+ return true;
}
CBB contents, profile_ids;
if (!CBB_add_u16(out, TLSEXT_TYPE_srtp) ||
!CBB_add_u16_length_prefixed(out, &contents) ||
!CBB_add_u16_length_prefixed(&contents, &profile_ids)) {
- return 0;
+ return false;
}
for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
if (!CBB_add_u16(&profile_ids, profile->id)) {
- return 0;
+ return false;
}
}
if (!CBB_add_u8(&contents, 0 /* empty use_mki value */) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
// The extension consists of a u16-prefixed profile ID list containing a
@@ -1633,14 +1635,14 @@
!CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
CBS_len(contents) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
- return 0;
+ return false;
}
if (CBS_len(&srtp_mki) != 0) {
// Must be no MKI, since we never offer one.
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_MKI_VALUE);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
@@ -1650,20 +1652,20 @@
for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
if (profile->id == profile_id) {
ssl->srtp_profile = profile;
- return 1;
+ return true;
}
}
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
-static int ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
CBS profile_ids, srtp_mki;
@@ -1672,7 +1674,7 @@
!CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
CBS_len(contents) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
- return 0;
+ return false;
}
// Discard the MKI value for now.
@@ -1687,23 +1689,23 @@
while (CBS_len(&profile_ids_tmp) > 0) {
uint16_t profile_id;
if (!CBS_get_u16(&profile_ids_tmp, &profile_id)) {
- return 0;
+ return false;
}
if (server_profile->id == profile_id) {
ssl->srtp_profile = server_profile;
- return 1;
+ return true;
}
}
}
- return 1;
+ return true;
}
-static int ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (ssl->srtp_profile == NULL) {
- return 1;
+ return true;
}
CBB contents, profile_ids;
@@ -1713,10 +1715,10 @@
!CBB_add_u16(&profile_ids, ssl->srtp_profile->id) ||
!CBB_add_u8(&contents, 0 /* empty MKI */) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -1724,42 +1726,42 @@
//
// https://tools.ietf.org/html/rfc4492#section-5.1.2
-static int ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
CBB contents, formats;
if (!CBB_add_u16(out, TLSEXT_TYPE_ec_point_formats) ||
!CBB_add_u16_length_prefixed(out, &contents) ||
!CBB_add_u8_length_prefixed(&contents, &formats) ||
!CBB_add_u8(&formats, TLSEXT_ECPOINTFORMAT_uncompressed) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
// The point format extension is unneccessary in TLS 1.3.
if (hs->min_version >= TLS1_3_VERSION) {
- return 1;
+ return true;
}
return ext_ec_point_add_extension(hs, out);
}
-static int ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- CBS *contents) {
+static bool ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
if (contents == NULL) {
- return 1;
+ return true;
}
if (ssl3_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
- return 0;
+ return false;
}
CBS ec_point_format_list;
if (!CBS_get_u8_length_prefixed(contents, &ec_point_format_list) ||
CBS_len(contents) != 0) {
- return 0;
+ return false;
}
// Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
@@ -1768,33 +1770,33 @@
TLSEXT_ECPOINTFORMAT_uncompressed,
CBS_len(&ec_point_format_list)) == NULL) {
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+static bool ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
if (ssl3_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
- return 1;
+ return true;
}
return ext_ec_point_parse_serverhello(hs, out_alert, contents);
}
-static int ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
- return 1;
+ return true;
}
const uint32_t alg_k = hs->new_cipher->algorithm_mkey;
const uint32_t alg_a = hs->new_cipher->algorithm_auth;
- const int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
+ const bool using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
if (!using_ecc) {
- return 1;
+ return true;
}
return ext_ec_point_add_extension(hs, out);
@@ -1816,11 +1818,11 @@
return 15 + ssl->session->tlsext_ticklen + binder_len;
}
-static int ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (hs->max_version < TLS1_3_VERSION || ssl->session == NULL ||
ssl_session_protocol_version(ssl->session) < TLS1_3_VERSION) {
- return 1;
+ return true;
}
struct OPENSSL_timeval now;
@@ -1844,35 +1846,35 @@
!CBB_add_u16_length_prefixed(&contents, &binders) ||
!CBB_add_u8_length_prefixed(&binders, &binder) ||
!CBB_add_bytes(&binder, zero_binder, binder_len)) {
- return 0;
+ return false;
}
hs->needs_psk_binder = true;
return CBB_flush(out);
}
-int ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert,
- CBS *contents) {
+bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert,
+ CBS *contents) {
uint16_t psk_id;
if (!CBS_get_u16(contents, &psk_id) ||
CBS_len(contents) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
// We only advertise one PSK identity, so the only legal index is zero.
if (psk_id != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
*out_alert = SSL_AD_UNKNOWN_PSK_IDENTITY;
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-int ssl_ext_pre_shared_key_parse_clienthello(
+bool ssl_ext_pre_shared_key_parse_clienthello(
SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders,
uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert, CBS *contents) {
// We only process the first PSK identity since we don't support pure PSK.
@@ -1885,7 +1887,7 @@
CBS_len(contents) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
*out_binders = binders;
@@ -1899,7 +1901,7 @@
!CBS_get_u32(&identities, &unused_obfuscated_ticket_age)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
num_identities++;
@@ -1913,7 +1915,7 @@
if (!CBS_get_u8_length_prefixed(&binders, &binder)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
num_binders++;
@@ -1922,15 +1924,15 @@
if (num_identities != num_binders) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-int ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
if (!hs->ssl->s3->session_reused) {
- return 1;
+ return true;
}
CBB contents;
@@ -1939,10 +1941,10 @@
// We only consider the first identity for resumption
!CBB_add_u16(&contents, 0) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -1950,10 +1952,10 @@
//
// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.7
-static int ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs,
- CBB *out) {
+static bool ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs,
+ CBB *out) {
if (hs->max_version < TLS1_3_VERSION) {
- return 1;
+ return true;
}
CBB contents, ke_modes;
@@ -1961,17 +1963,17 @@
!CBB_add_u16_length_prefixed(out, &contents) ||
!CBB_add_u8_length_prefixed(&contents, &ke_modes) ||
!CBB_add_u8(&ke_modes, SSL_PSK_DHE_KE)) {
- return 0;
+ return false;
}
return CBB_flush(out);
}
-static int ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert,
- CBS *contents) {
+static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert,
+ CBS *contents) {
if (contents == NULL) {
- return 1;
+ return true;
}
CBS ke_modes;
@@ -1979,14 +1981,14 @@
CBS_len(&ke_modes) == 0 ||
CBS_len(contents) != 0) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
// We only support tickets with PSK_DHE_KE.
hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE,
CBS_len(&ke_modes)) != NULL;
- return 1;
+ return true;
}
@@ -1994,14 +1996,14 @@
//
// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.8
-static int ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (ssl->session == NULL ||
ssl_session_protocol_version(ssl->session) < TLS1_3_VERSION ||
ssl->session->ticket_max_early_data == 0 ||
hs->received_hello_retry_request ||
!ssl->cert->enable_early_data) {
- return 1;
+ return true;
}
hs->early_data_offered = true;
@@ -2009,63 +2011,63 @@
if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
!CBB_add_u16(out, 0) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert, CBS *contents) {
+static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert, CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL) {
- return 1;
+ return true;
}
if (CBS_len(contents) != 0) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
if (!ssl->s3->session_reused) {
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
- return 0;
+ return false;
}
ssl->early_data_accepted = true;
- return 1;
+ return true;
}
-static int ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert, CBS *contents) {
+static bool ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert, CBS *contents) {
SSL *const ssl = hs->ssl;
if (contents == NULL ||
ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
- return 1;
+ return true;
}
if (CBS_len(contents) != 0) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
hs->early_data_offered = true;
- return 1;
+ return true;
}
-static int ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
if (!hs->ssl->early_data_accepted) {
- return 1;
+ return true;
}
if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
!CBB_add_u16(out, 0) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -2073,17 +2075,17 @@
//
// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.5
-static int ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (hs->max_version < TLS1_3_VERSION) {
- return 1;
+ return true;
}
CBB contents, kse_bytes;
if (!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
!CBB_add_u16_length_prefixed(out, &contents) ||
!CBB_add_u16_length_prefixed(&contents, &kse_bytes)) {
- return 0;
+ return false;
}
uint16_t group_id = hs->retry_group;
@@ -2093,7 +2095,7 @@
if (group_id == 0 &&
!CBB_add_bytes(&kse_bytes, hs->key_share_bytes.data(),
hs->key_share_bytes.size())) {
- return 0;
+ return false;
}
hs->key_share_bytes.Reset();
if (group_id == 0) {
@@ -2106,14 +2108,14 @@
ssl_get_grease_value(ssl, ssl_grease_group)) ||
!CBB_add_u16(&kse_bytes, 1 /* length */) ||
!CBB_add_u8(&kse_bytes, 0 /* one byte key share */))) {
- return 0;
+ return false;
}
// Predict the most preferred group.
Span<const uint16_t> groups = tls1_get_grouplist(ssl);
if (groups.empty()) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_GROUPS_SPECIFIED);
- return 0;
+ return false;
}
group_id = groups[0];
@@ -2126,62 +2128,62 @@
!CBB_add_u16_length_prefixed(&kse_bytes, &key_exchange) ||
!hs->key_share->Offer(&key_exchange) ||
!CBB_flush(&kse_bytes)) {
- return 0;
+ return false;
}
// Save the contents of the extension to repeat it in the second ClientHello.
if (!hs->received_hello_retry_request &&
!hs->key_share_bytes.CopyFrom(
MakeConstSpan(CBB_data(&kse_bytes), CBB_len(&kse_bytes)))) {
- return 0;
+ return false;
}
return CBB_flush(out);
}
-int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
- Array<uint8_t> *out_secret,
- uint8_t *out_alert, CBS *contents) {
+bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
+ Array<uint8_t> *out_secret,
+ uint8_t *out_alert, CBS *contents) {
CBS peer_key;
uint16_t group_id;
if (!CBS_get_u16(contents, &group_id) ||
!CBS_get_u16_length_prefixed(contents, &peer_key) ||
CBS_len(contents) != 0) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
if (hs->key_share->GroupID() != group_id) {
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
- return 0;
+ return false;
}
if (!hs->key_share->Finish(out_secret, out_alert, peer_key)) {
*out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ return false;
}
hs->new_session->group_id = group_id;
hs->key_share.reset();
- return 1;
+ return true;
}
-int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
- Array<uint8_t> *out_secret,
- uint8_t *out_alert, CBS *contents) {
+bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
+ Array<uint8_t> *out_secret,
+ uint8_t *out_alert, CBS *contents) {
uint16_t group_id;
CBS key_shares;
if (!tls1_get_shared_group(hs, &group_id)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
- return 0;
+ return false;
}
if (!CBS_get_u16_length_prefixed(contents, &key_shares) ||
CBS_len(contents) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return 0;
+ return false;
}
// Find the corresponding key share.
@@ -2193,14 +2195,14 @@
if (!CBS_get_u16(&key_shares, &id) ||
!CBS_get_u16_length_prefixed(&key_shares, &peer_key_tmp)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return 0;
+ return false;
}
if (id == group_id) {
if (found) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_KEY_SHARE);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
found = true;
@@ -2212,7 +2214,7 @@
if (!found) {
*out_found = false;
out_secret->Reset();
- return 1;
+ return true;
}
// Compute the DH secret.
@@ -2224,15 +2226,15 @@
!key_share->Accept(public_key.get(), &secret, out_alert, peer_key) ||
!CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) {
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
+ return false;
}
*out_secret = std::move(secret);
*out_found = true;
- return 1;
+ return true;
}
-int ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
uint16_t group_id;
CBB kse_bytes, public_key;
if (!tls1_get_shared_group(hs, &group_id) ||
@@ -2243,13 +2245,13 @@
!CBB_add_bytes(&public_key, hs->ecdh_public_key.data(),
hs->ecdh_public_key.size()) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
hs->ecdh_public_key.Reset();
hs->new_session->group_id = group_id;
- return 1;
+ return true;
}
@@ -2257,31 +2259,31 @@
//
// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.1
-static int ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
if (hs->max_version <= TLS1_2_VERSION) {
- return 1;
+ return true;
}
CBB contents, versions;
if (!CBB_add_u16(out, TLSEXT_TYPE_supported_versions) ||
!CBB_add_u16_length_prefixed(out, &contents) ||
!CBB_add_u8_length_prefixed(&contents, &versions)) {
- return 0;
+ return false;
}
// Add a fake version. See draft-davidben-tls-grease-01.
if (ssl->ctx->grease_enabled &&
!CBB_add_u16(&versions, ssl_get_grease_value(ssl, ssl_grease_version))) {
- return 0;
+ return false;
}
if (!ssl_add_supported_versions(hs, &versions) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
@@ -2289,9 +2291,9 @@
//
// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.2
-static int ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
if (hs->cookie.empty()) {
- return 1;
+ return true;
}
CBB contents, cookie;
@@ -2300,12 +2302,12 @@
!CBB_add_u16_length_prefixed(&contents, &cookie) ||
!CBB_add_bytes(&cookie, hs->cookie.data(), hs->cookie.size()) ||
!CBB_flush(out)) {
- return 0;
+ return false;
}
// The cookie is no longer needed in memory.
hs->cookie.Reset();
- return 1;
+ return true;
}
@@ -2314,37 +2316,37 @@
// https://tools.ietf.org/html/rfc4492#section-5.1.2
// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.4
-static int ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
CBB contents, groups_bytes;
if (!CBB_add_u16(out, TLSEXT_TYPE_supported_groups) ||
!CBB_add_u16_length_prefixed(out, &contents) ||
!CBB_add_u16_length_prefixed(&contents, &groups_bytes)) {
- return 0;
+ return false;
}
// Add a fake group. See draft-davidben-tls-grease-01.
if (ssl->ctx->grease_enabled &&
!CBB_add_u16(&groups_bytes,
ssl_get_grease_value(ssl, ssl_grease_group))) {
- return 0;
+ return false;
}
for (uint16_t group : tls1_get_grouplist(ssl)) {
if (!CBB_add_u16(&groups_bytes, group)) {
- return 0;
+ return false;
}
}
return CBB_flush(out);
}
-static int ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
- uint8_t *out_alert,
- CBS *contents) {
+static bool ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert,
+ CBS *contents) {
// This extension is not expected to be echoed by servers in TLS 1.2, but some
// BigIP servers send it nonetheless, so do not enforce this.
- return 1;
+ return true;
}
static bool parse_u16_array(const CBS *cbs, Array<uint16_t> *out) {
@@ -2370,11 +2372,11 @@
return 1;
}
-static int ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
+static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
uint8_t *out_alert,
- CBS *contents) {
+ CBS *contents) {
if (contents == NULL) {
- return 1;
+ return true;
}
CBS supported_group_list;
@@ -2382,15 +2384,10 @@
CBS_len(&supported_group_list) == 0 ||
CBS_len(contents) != 0 ||
!parse_u16_array(&supported_group_list, &hs->peer_supported_group_list)) {
- return 0;
+ return false;
}
- return 1;
-}
-
-static int ext_supported_groups_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
- // Servers don't echo this extension.
- return 1;
+ return true;
}
@@ -2543,7 +2540,7 @@
ext_supported_groups_add_clienthello,
ext_supported_groups_parse_serverhello,
ext_supported_groups_parse_clienthello,
- ext_supported_groups_add_serverhello,
+ dont_add_serverhello,
},
};
