Switch a bunch of ints to bools.
Change-Id: I52eb029a13a126576ff8dfed046bafa465e7ce09
Reviewed-on: https://boringssl-review.googlesource.com/29809
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 3ecba37..0159c9e 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -172,8 +172,8 @@
namespace bssl {
-int ssl_client_cipher_list_contains_cipher(const SSL_CLIENT_HELLO *client_hello,
- uint16_t id) {
+bool ssl_client_cipher_list_contains_cipher(
+ const SSL_CLIENT_HELLO *client_hello, uint16_t id) {
CBS cipher_suites;
CBS_init(&cipher_suites, client_hello->cipher_suites,
client_hello->cipher_suites_len);
@@ -181,19 +181,19 @@
while (CBS_len(&cipher_suites) > 0) {
uint16_t got_id;
if (!CBS_get_u16(&cipher_suites, &got_id)) {
- return 0;
+ return false;
}
if (got_id == id) {
- return 1;
+ return true;
}
}
- return 0;
+ return false;
}
-static int negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
- const SSL_CLIENT_HELLO *client_hello) {
+static bool negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ const SSL_CLIENT_HELLO *client_hello) {
SSL *const ssl = hs->ssl;
assert(!ssl->s3->have_version);
CBS supported_versions, versions;
@@ -204,7 +204,7 @@
CBS_len(&versions) == 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
} else {
// Convert the ClientHello version to an equivalent supported_versions
@@ -243,7 +243,7 @@
}
if (!ssl_negotiate_version(hs, out_alert, &ssl->version, &versions)) {
- return 0;
+ return false;
}
// At this point, the connection's version is known and |ssl->version| is
@@ -257,10 +257,10 @@
ssl_protocol_version(ssl) < hs->max_version) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK);
*out_alert = SSL3_AD_INAPPROPRIATE_FALLBACK;
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static UniquePtr<STACK_OF(SSL_CIPHER)> ssl_parse_client_cipher_list(
diff --git a/ssl/internal.h b/ssl/internal.h
index dc78f1b..7f7ba2b 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1651,8 +1651,8 @@
bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out);
// ssl_is_sct_list_valid does a shallow parse of the SCT list in |contents| and
-// returns one iff it's valid.
-int ssl_is_sct_list_valid(const CBS *contents);
+// returns whether it's valid.
+bool ssl_is_sct_list_valid(const CBS *contents);
int ssl_write_client_hello(SSL_HANDSHAKE *hs);
@@ -1713,14 +1713,14 @@
// ClientHello functions.
-int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out,
- const SSLMessage &msg);
+bool ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out,
+ const SSLMessage &msg);
-int ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
- CBS *out, uint16_t extension_type);
+bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
+ CBS *out, uint16_t extension_type);
-int ssl_client_cipher_list_contains_cipher(const SSL_CLIENT_HELLO *client_hello,
- uint16_t id);
+bool ssl_client_cipher_list_contains_cipher(
+ const SSL_CLIENT_HELLO *client_hello, uint16_t id);
// GREASE.
@@ -2650,14 +2650,14 @@
// tls1_get_grouplist returns the locally-configured group preference list.
Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *ssl);
-// tls1_check_group_id returns one if |group_id| is consistent with
-// locally-configured group preferences.
-int tls1_check_group_id(const SSL_HANDSHAKE *ssl, uint16_t group_id);
+// tls1_check_group_id returns whether |group_id| is consistent with locally-
+// configured group preferences.
+bool tls1_check_group_id(const SSL_HANDSHAKE *ssl, uint16_t group_id);
// tls1_get_shared_group sets |*out_group_id| to the first preferred shared
-// group between client and server preferences and returns one. If none may be
-// found, it returns zero.
-int tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id);
+// group between client and server preferences and returns true. If none may be
+// found, it returns false.
+bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id);
// tls1_set_curves converts the array of NIDs in |curves| into a newly allocated
// array of TLS group IDs. On success, the function returns true and writes the
@@ -2670,16 +2670,16 @@
// false.
bool tls1_set_curves_list(Array<uint16_t> *out_group_ids, const char *curves);
-// ssl_add_clienthello_tlsext writes ClientHello extensions to |out|. It
-// returns one on success and zero on failure. The |header_len| argument is the
-// length of the ClientHello written so far and is used to compute the padding
-// length. (It does not include the record header.)
-int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len);
+// ssl_add_clienthello_tlsext writes ClientHello extensions to |out|. It returns
+// true on success and false on failure. The |header_len| argument is the length
+// of the ClientHello written so far and is used to compute the padding length.
+// (It does not include the record header.)
+bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len);
-int ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out);
-int ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
- const SSL_CLIENT_HELLO *client_hello);
-int ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs);
+bool ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out);
+bool ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
+ const SSL_CLIENT_HELLO *client_hello);
+bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs);
#define tlsext_tick_md EVP_sha256
@@ -2698,9 +2698,9 @@
const uint8_t *session_id, size_t session_id_len);
// tls1_verify_channel_id processes |msg| as a Channel ID message, and verifies
-// the signature. If the key is valid, it saves the Channel ID and returns
-// one. Otherwise, it returns zero.
-int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg);
+// the signature. If the key is valid, it saves the Channel ID and returns true.
+// Otherwise, it returns false.
+bool tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg);
// tls1_write_channel_id generates a Channel ID message and puts the output in
// |cbb|. |ssl->channel_id_private| must already be set before calling. This
@@ -2709,22 +2709,25 @@
// tls1_channel_id_hash computes the hash to be signed by Channel ID and writes
// it to |out|, which must contain at least |EVP_MAX_MD_SIZE| bytes. It returns
-// one on success and zero on failure.
-int tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len);
+// true on success and false on failure.
+bool tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len);
-int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs);
+// tls1_record_handshake_hashes_for_channel_id records the current handshake
+// hashes in |hs->new_session| so that Channel ID resumptions can sign that
+// data.
+bool tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs);
// ssl_do_channel_id_callback checks runs |hs->ssl->ctx->channel_id_cb| if
-// necessary. It returns one on success and zero on fatal error. Note that, on
+// necessary. It returns true on success and false on fatal error. Note that, on
// success, |hs->ssl->channel_id_private| may be unset, in which case the
// operation should be retried later.
-int ssl_do_channel_id_callback(SSL_HANDSHAKE *hs);
+bool ssl_do_channel_id_callback(SSL_HANDSHAKE *hs);
-// ssl_can_write returns one if |ssl| is allowed to write and zero otherwise.
-int ssl_can_write(const SSL *ssl);
+// ssl_can_write returns whether |ssl| is allowed to write.
+bool ssl_can_write(const SSL *ssl);
-// ssl_can_read returns one if |ssl| is allowed to read and zero otherwise.
-int ssl_can_read(const SSL *ssl);
+// ssl_can_read returns wheter |ssl| is allowed to read.
+bool ssl_can_read(const SSL *ssl);
void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock);
void ssl_ctx_get_current_time(const SSL_CTX *ctx,
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 388f661..52f1ccd 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -219,11 +219,11 @@
return true;
}
-int ssl_can_write(const SSL *ssl) {
+bool ssl_can_write(const SSL *ssl) {
return !SSL_in_init(ssl) || ssl->s3->hs->can_early_write;
}
-int ssl_can_read(const SSL *ssl) {
+bool ssl_can_read(const SSL *ssl) {
return !SSL_in_init(ssl) || ssl->s3->hs->can_early_read;
}
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 2e06129..976cbb6 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -131,7 +131,7 @@
namespace bssl {
-static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
+static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
static int compare_uint16_t(const void *p1, const void *p2) {
uint16_t u1 = *((const uint16_t *)p1);
@@ -149,7 +149,7 @@
// more than one extension of the same type in a ClientHello or ServerHello.
// This function does an initial scan over the extensions block to filter those
// out.
-static int tls1_check_duplicate_extensions(const CBS *cbs) {
+static bool tls1_check_duplicate_extensions(const CBS *cbs) {
// First pass: count the extensions.
size_t num_extensions = 0;
CBS extensions = *cbs;
@@ -159,19 +159,19 @@
if (!CBS_get_u16(&extensions, &type) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
- return 0;
+ return false;
}
num_extensions++;
}
if (num_extensions == 0) {
- return 1;
+ return true;
}
Array<uint16_t> extension_types;
if (!extension_types.Init(num_extensions)) {
- return 0;
+ return false;
}
// Second pass: gather the extension types.
@@ -182,7 +182,7 @@
if (!CBS_get_u16(&extensions, &extension_types[i]) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
// This should not happen.
- return 0;
+ return false;
}
}
assert(CBS_len(&extensions) == 0);
@@ -192,15 +192,15 @@
compare_uint16_t);
for (size_t i = 1; i < num_extensions; i++) {
if (extension_types[i - 1] == extension_types[i]) {
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
-int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out,
- const SSLMessage &msg) {
+bool ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out,
+ const SSLMessage &msg) {
OPENSSL_memset(out, 0, sizeof(*out));
out->ssl = ssl;
out->client_hello = CBS_data(&msg.body);
@@ -212,7 +212,7 @@
!CBS_get_bytes(&client_hello, &random, SSL3_RANDOM_SIZE) ||
!CBS_get_u8_length_prefixed(&client_hello, &session_id) ||
CBS_len(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
- return 0;
+ return false;
}
out->random = CBS_data(&random);
@@ -225,7 +225,7 @@
CBS cookie;
if (!CBS_get_u8_length_prefixed(&client_hello, &cookie) ||
CBS_len(&cookie) > DTLS1_COOKIE_LENGTH) {
- return 0;
+ return false;
}
}
@@ -234,7 +234,7 @@
CBS_len(&cipher_suites) < 2 || (CBS_len(&cipher_suites) & 1) != 0 ||
!CBS_get_u8_length_prefixed(&client_hello, &compression_methods) ||
CBS_len(&compression_methods) < 1) {
- return 0;
+ return false;
}
out->cipher_suites = CBS_data(&cipher_suites);
@@ -247,7 +247,7 @@
if (CBS_len(&client_hello) == 0) {
out->extensions = NULL;
out->extensions_len = 0;
- return 1;
+ return true;
}
// Extract extensions and check it is valid.
@@ -255,17 +255,17 @@
if (!CBS_get_u16_length_prefixed(&client_hello, &extensions) ||
!tls1_check_duplicate_extensions(&extensions) ||
CBS_len(&client_hello) != 0) {
- return 0;
+ return false;
}
out->extensions = CBS_data(&extensions);
out->extensions_len = CBS_len(&extensions);
- return 1;
+ return true;
}
-int ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
- CBS *out, uint16_t extension_type) {
+bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
+ CBS *out, uint16_t extension_type) {
CBS extensions;
CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
while (CBS_len(&extensions) != 0) {
@@ -274,16 +274,16 @@
CBS extension;
if (!CBS_get_u16(&extensions, &type) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
- return 0;
+ return false;
}
if (type == extension_type) {
*out = extension;
- return 1;
+ return true;
}
}
- return 0;
+ return false;
}
static const uint16_t kDefaultGroups[] = {
@@ -299,7 +299,7 @@
return Span<const uint16_t>(kDefaultGroups);
}
-int tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
+bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
SSL *const ssl = hs->ssl;
assert(ssl->server);
@@ -326,12 +326,12 @@
for (uint16_t supp_group : supp) {
if (pref_group == supp_group) {
*out_group_id = pref_group;
- return 1;
+ return true;
}
}
}
- return 0;
+ return false;
}
bool tls1_set_curves(Array<uint16_t> *out_group_ids, Span<const int> curves) {
@@ -385,14 +385,14 @@
return true;
}
-int tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
+bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
for (uint16_t supported : tls1_get_grouplist(hs)) {
if (supported == group_id) {
- return 1;
+ return true;
}
}
- return 0;
+ return false;
}
// kVerifySignatureAlgorithms is the default list of accepted signature
@@ -3060,12 +3060,13 @@
return NULL;
}
-int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len) {
+bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,
+ size_t header_len) {
SSL *const ssl = hs->ssl;
CBB extensions;
if (!CBB_add_u16_length_prefixed(out, &extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
hs->extensions.sent = 0;
@@ -3083,7 +3084,7 @@
if (!CBB_add_u16(&extensions, grease_ext1) ||
!CBB_add_u16(&extensions, 0 /* zero length */)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
}
@@ -3092,7 +3093,7 @@
if (!kExtensions[i].add_clienthello(hs, &extensions)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
- return 0;
+ return false;
}
if (CBB_len(&extensions) != len_before) {
@@ -3115,7 +3116,7 @@
!CBB_add_u16(&extensions, 1 /* one byte length */) ||
!CBB_add_u8(&extensions, 0 /* single zero byte as contents */)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
}
@@ -3143,7 +3144,7 @@
!CBB_add_u16(&extensions, padding_len) ||
!CBB_add_space(&extensions, &padding_bytes, padding_len)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
OPENSSL_memset(padding_bytes, 0, padding_len);
@@ -3153,7 +3154,7 @@
// The PSK extension must be last, including after the padding.
if (!ext_pre_shared_key_add_clienthello(hs, &extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
// Discard empty extensions blocks.
@@ -3164,7 +3165,7 @@
return CBB_flush(out);
}
-int ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) {
+bool ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
CBB extensions;
if (!CBB_add_u16_length_prefixed(out, &extensions)) {
@@ -3194,12 +3195,12 @@
err:
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
-static int ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs,
- const SSL_CLIENT_HELLO *client_hello,
- int *out_alert) {
+static bool ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs,
+ const SSL_CLIENT_HELLO *client_hello,
+ int *out_alert) {
for (size_t i = 0; i < kNumExtensions; i++) {
if (kExtensions[i].init != NULL) {
kExtensions[i].init(hs);
@@ -3217,7 +3218,7 @@
if (!CBS_get_u16(&extensions, &type) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
unsigned ext_index;
@@ -3233,7 +3234,7 @@
*out_alert = alert;
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
ERR_add_error_dataf("extension %u", (unsigned)type);
- return 0;
+ return false;
}
}
@@ -3262,36 +3263,36 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
*out_alert = alert;
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
-int ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
- const SSL_CLIENT_HELLO *client_hello) {
+bool ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
+ const SSL_CLIENT_HELLO *client_hello) {
SSL *const ssl = hs->ssl;
int alert = SSL_AD_DECODE_ERROR;
- if (ssl_scan_clienthello_tlsext(hs, client_hello, &alert) <= 0) {
+ if (!ssl_scan_clienthello_tlsext(hs, client_hello, &alert)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
- return 0;
+ return false;
}
- if (ssl_check_clienthello_tlsext(hs) <= 0) {
+ if (!ssl_check_clienthello_tlsext(hs)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_TLSEXT);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
- int *out_alert) {
+static bool ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
+ int *out_alert) {
SSL *const ssl = hs->ssl;
// Before TLS 1.3, ServerHello extensions blocks may be omitted if empty.
if (CBS_len(cbs) == 0 && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
- return 1;
+ return true;
}
// Decode the extensions block and check it is valid.
@@ -3299,7 +3300,7 @@
if (!CBS_get_u16_length_prefixed(cbs, &extensions) ||
!tls1_check_duplicate_extensions(&extensions)) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
uint32_t received = 0;
@@ -3311,7 +3312,7 @@
if (!CBS_get_u16(&extensions, &type) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
*out_alert = SSL_AD_DECODE_ERROR;
- return 0;
+ return false;
}
unsigned ext_index;
@@ -3322,7 +3323,7 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
ERR_add_error_dataf("extension %u", (unsigned)type);
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
- return 0;
+ return false;
}
static_assert(kNumExtensions <= sizeof(hs->extensions.sent) * 8,
@@ -3335,7 +3336,7 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
ERR_add_error_dataf("extension :%u", (unsigned)type);
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
- return 0;
+ return false;
}
received |= (1u << ext_index);
@@ -3345,7 +3346,7 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
ERR_add_error_dataf("extension %u", (unsigned)type);
*out_alert = alert;
- return 0;
+ return false;
}
}
@@ -3358,15 +3359,15 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
*out_alert = alert;
- return 0;
+ return false;
}
}
}
- return 1;
+ return true;
}
-static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
+static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (ssl->s3->token_binding_negotiated &&
@@ -3374,7 +3375,7 @@
SSL_get_extms_support(ssl))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
- return -1;
+ return false;
}
int ret = SSL_TLSEXT_ERR_NOACK;
@@ -3390,26 +3391,26 @@
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:
ssl_send_alert(ssl, SSL3_AL_FATAL, al);
- return -1;
+ return false;
case SSL_TLSEXT_ERR_NOACK:
hs->should_ack_sni = false;
- return 1;
+ return true;
default:
- return 1;
+ return true;
}
}
-int ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
+bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
SSL *const ssl = hs->ssl;
int alert = SSL_AD_DECODE_ERROR;
- if (ssl_scan_serverhello_tlsext(hs, cbs, &alert) <= 0) {
+ if (!ssl_scan_serverhello_tlsext(hs, cbs, &alert)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static enum ssl_ticket_aead_result_t decrypt_ticket_with_cipher_ctx(
@@ -3426,10 +3427,10 @@
}
HMAC_Update(hmac_ctx, ticket, ticket_len - mac_len);
HMAC_Final(hmac_ctx, mac, NULL);
- int mac_ok =
+ bool mac_ok =
CRYPTO_memcmp(mac, ticket + (ticket_len - mac_len), mac_len) == 0;
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- mac_ok = 1;
+ mac_ok = true;
#endif
if (!mac_ok) {
return ssl_ticket_aead_ignore_ticket;
@@ -3682,7 +3683,7 @@
return false;
}
-int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
+bool tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
SSL *const ssl = hs->ssl;
// A Channel ID handshake message is structured to contain multiple
// extensions, but the only one that can be present is Channel ID.
@@ -3695,19 +3696,19 @@
CBS_len(&extension) != TLSEXT_CHANNEL_ID_SIZE) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- return 0;
+ return false;
}
UniquePtr<EC_GROUP> p256(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
if (!p256) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_P256_SUPPORT);
- return 0;
+ return false;
}
UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
if (!sig || !x || !y) {
- return 0;
+ return false;
}
const uint8_t *p = CBS_data(&extension);
@@ -3715,7 +3716,7 @@
BN_bin2bn(p + 32, 32, y.get()) == NULL ||
BN_bin2bn(p + 64, 32, sig->r) == NULL ||
BN_bin2bn(p + 96, 32, sig->s) == NULL) {
- return 0;
+ return false;
}
UniquePtr<EC_KEY> key(EC_KEY_new());
@@ -3725,29 +3726,29 @@
y.get(), nullptr) ||
!EC_KEY_set_group(key.get(), p256.get()) ||
!EC_KEY_set_public_key(key.get(), point.get())) {
- return 0;
+ return false;
}
uint8_t digest[EVP_MAX_MD_SIZE];
size_t digest_len;
if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
- return 0;
+ return false;
}
- int sig_ok = ECDSA_do_verify(digest, digest_len, sig.get(), key.get());
+ bool sig_ok = ECDSA_do_verify(digest, digest_len, sig.get(), key.get());
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- sig_ok = 1;
+ sig_ok = true;
ERR_clear_error();
#endif
if (!sig_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
ssl->s3->channel_id_valid = false;
- return 0;
+ return false;
}
OPENSSL_memcpy(ssl->s3->channel_id, p, 64);
- return 1;
+ return true;
}
bool tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb) {
@@ -3790,17 +3791,17 @@
return true;
}
-int tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) {
+bool tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) {
SSL *const ssl = hs->ssl;
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
Array<uint8_t> msg;
if (!tls13_get_cert_verify_signature_input(hs, &msg,
ssl_cert_verify_channel_id)) {
- return 0;
+ return false;
}
SHA256(msg.data(), msg.size(), out);
*out_len = SHA256_DIGEST_LENGTH;
- return 1;
+ return true;
}
SHA256_CTX ctx;
@@ -3814,7 +3815,7 @@
SHA256_Update(&ctx, kResumptionMagic, sizeof(kResumptionMagic));
if (ssl->session->original_handshake_hash_len == 0) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
SHA256_Update(&ctx, ssl->session->original_handshake_hash,
ssl->session->original_handshake_hash_len);
@@ -3823,24 +3824,21 @@
uint8_t hs_hash[EVP_MAX_MD_SIZE];
size_t hs_hash_len;
if (!hs->transcript.GetHash(hs_hash, &hs_hash_len)) {
- return 0;
+ return false;
}
SHA256_Update(&ctx, hs_hash, (size_t)hs_hash_len);
SHA256_Final(out, &ctx);
*out_len = SHA256_DIGEST_LENGTH;
- return 1;
+ return true;
}
-// tls1_record_handshake_hashes_for_channel_id records the current handshake
-// hashes in |hs->new_session| so that Channel ID resumptions can sign that
-// data.
-int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
+bool tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
// This function should never be called for a resumed session because the
// handshake hashes that we wish to record are for the original, full
// handshake.
if (ssl->session != NULL) {
- return 0;
+ return false;
}
static_assert(
@@ -3850,35 +3848,34 @@
size_t digest_len;
if (!hs->transcript.GetHash(hs->new_session->original_handshake_hash,
&digest_len)) {
- return 0;
+ return false;
}
static_assert(EVP_MAX_MD_SIZE <= 0xff,
"EVP_MAX_MD_SIZE does not fit in uint8_t");
hs->new_session->original_handshake_hash_len = (uint8_t)digest_len;
- return 1;
+ return true;
}
-int ssl_do_channel_id_callback(SSL_HANDSHAKE *hs) {
+bool ssl_do_channel_id_callback(SSL_HANDSHAKE *hs) {
if (hs->config->channel_id_private != NULL ||
hs->ssl->ctx->channel_id_cb == NULL) {
- return 1;
+ return true;
}
EVP_PKEY *key = NULL;
hs->ssl->ctx->channel_id_cb(hs->ssl, &key);
if (key == NULL) {
// The caller should try again later.
- return 1;
+ return true;
}
- int ret = SSL_set1_tls_channel_id(hs->ssl, key);
- EVP_PKEY_free(key);
- return ret;
+ UniquePtr<EVP_PKEY> free_key(key);
+ return SSL_set1_tls_channel_id(hs->ssl, key);
}
-int ssl_is_sct_list_valid(const CBS *contents) {
+bool ssl_is_sct_list_valid(const CBS *contents) {
// Shallow parse the SCT list for sanity. By the RFC
// (https://tools.ietf.org/html/rfc6962#section-3.3) neither the list nor any
// of the SCTs may be empty.
@@ -3887,18 +3884,18 @@
if (!CBS_get_u16_length_prefixed(©, &sct_list) ||
CBS_len(©) != 0 ||
CBS_len(&sct_list) == 0) {
- return 0;
+ return false;
}
while (CBS_len(&sct_list) > 0) {
CBS sct;
if (!CBS_get_u16_length_prefixed(&sct_list, &sct) ||
CBS_len(&sct) == 0) {
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
} // namespace bssl
