Replace bits in SSL_HANDSHAKE with bool. Change-Id: I23f1449d8652a4aa3a9006e04c86c9430127800e Reviewed-on: https://boringssl-review.googlesource.com/19924 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake.cc b/ssl/handshake.cc index 8087310..8d74b7b 100644 --- a/ssl/handshake.cc +++ b/ssl/handshake.cc
@@ -122,25 +122,25 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg) : ssl(ssl_arg), - scts_requested(0), - needs_psk_binder(0), - received_hello_retry_request(0), - received_custom_extension(0), - handshake_finalized(0), - accept_psk_mode(0), - cert_request(0), - certificate_status_expected(0), - ocsp_stapling_requested(0), - should_ack_sni(0), - in_false_start(0), - in_early_data(0), - early_data_offered(0), - can_early_read(0), - can_early_write(0), - next_proto_neg_seen(0), - ticket_expected(0), - extended_master_secret(0), - pending_private_key_op(0) { + scts_requested(false), + needs_psk_binder(false), + received_hello_retry_request(false), + received_custom_extension(false), + handshake_finalized(false), + accept_psk_mode(false), + cert_request(false), + certificate_status_expected(false), + ocsp_stapling_requested(false), + should_ack_sni(false), + in_false_start(false), + in_early_data(false), + early_data_offered(false), + can_early_read(false), + can_early_write(false), + next_proto_neg_seen(false), + ticket_expected(false), + extended_master_secret(false), + pending_private_key_op(false) { } SSL_HANDSHAKE::~SSL_HANDSHAKE() { @@ -534,7 +534,7 @@ case ssl_hs_early_data_rejected: ssl->rwstate = SSL_EARLY_DATA_REJECTED; // Cause |SSL_write| to start failing immediately. - hs->can_early_write = 0; + hs->can_early_write = false; return -1; case ssl_hs_early_return:
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index 6afd44f..ee8cf7a 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc
@@ -507,10 +507,10 @@ // Stash the early data session, so connection properties may be queried out // of it. - hs->in_early_data = 1; + hs->in_early_data = true; SSL_SESSION_up_ref(ssl->session); hs->early_session.reset(ssl->session); - hs->can_early_write = 1; + hs->can_early_write = true; hs->state = state_read_server_hello; return ssl_hs_early_return; @@ -1129,7 +1129,7 @@ return ssl_hs_error; } - hs->cert_request = 1; + hs->cert_request = true; hs->ca_names = std::move(ca_names); ssl->ctx->x509_method->hs_flush_cached_ca_names(hs); @@ -1566,8 +1566,8 @@ ssl3_can_false_start(ssl) && // No False Start on renegotiation (would complicate the state machine). !ssl->s3->initial_handshake_complete) { - hs->in_false_start = 1; - hs->can_early_write = 1; + hs->in_false_start = true; + hs->can_early_write = true; return ssl_hs_early_return; } @@ -1606,7 +1606,7 @@ // RFC 5077 allows a server to change its mind and send no ticket after // negotiating the extension. The value of |ticket_expected| is checked in // |ssl_update_cache| so is cleared here to avoid an unnecessary update. - hs->ticket_expected = 0; + hs->ticket_expected = false; ssl->method->next_message(ssl); hs->state = state_process_change_cipher_spec; return ssl_hs_read_change_cipher_spec; @@ -1709,7 +1709,7 @@ hs->new_session.reset(); } - hs->handshake_finalized = 1; + hs->handshake_finalized = true; ssl->s3->initial_handshake_complete = 1; ssl_update_cache(hs, SSL_SESS_CACHE_CLIENT);
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 71590cf..eeb9f7f 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc
@@ -579,7 +579,7 @@ // Determine whether we are doing session resumption. UniquePtr<SSL_SESSION> session; - int tickets_supported = 0, renew_ticket = 0; + bool tickets_supported = false, renew_ticket = false; enum ssl_hs_wait_t wait = ssl_get_prev_session( ssl, &session, &tickets_supported, &renew_ticket, &client_hello); if (wait != ssl_hs_ok) { @@ -647,11 +647,11 @@ // Only request a certificate if Channel ID isn't negotiated. if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) && ssl->s3->tlsext_channel_id_valid) { - hs->cert_request = 0; + hs->cert_request = false; } // CertificateRequest may only be sent in certificate-based ciphers. if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) { - hs->cert_request = 0; + hs->cert_request = false; } if (!hs->cert_request) { @@ -1568,7 +1568,7 @@ ssl->s3->established_session->not_resumable = 0; } - hs->handshake_finalized = 1; + hs->handshake_finalized = true; ssl->s3->initial_handshake_complete = 1; ssl_update_cache(hs, SSL_SESS_CACHE_SERVER);
diff --git a/ssl/internal.h b/ssl/internal.h index 5fa3869..03b7f8b 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -1232,74 +1232,73 @@ uint8_t *key_block = nullptr; uint8_t key_block_len = 0; - // scts_requested is one if the SCT extension is in the ClientHello. - unsigned scts_requested:1; + // scts_requested is true if the SCT extension is in the ClientHello. + bool scts_requested:1; - // needs_psk_binder if the ClientHello has a placeholder PSK binder to be - // filled in. - unsigned needs_psk_binder:1; + // needs_psk_binder is true if the ClientHello has a placeholder PSK binder to + // be filled in. + bool needs_psk_binder:1; - unsigned received_hello_retry_request:1; + bool received_hello_retry_request:1; - unsigned received_custom_extension:1; + bool received_custom_extension:1; // handshake_finalized is true once the handshake has completed, at which // point accessors should use the established state. - unsigned handshake_finalized:1; + bool handshake_finalized:1; // accept_psk_mode stores whether the client's PSK mode is compatible with our // preferences. - unsigned accept_psk_mode:1; + bool accept_psk_mode:1; - // cert_request is one if a client certificate was requested and zero - // otherwise. - unsigned cert_request:1; + // cert_request is true if a client certificate was requested. + bool cert_request:1; - // certificate_status_expected is one if OCSP stapling was negotiated and the + // certificate_status_expected is true if OCSP stapling was negotiated and the // server is expected to send a CertificateStatus message. (This is used on // both the client and server sides.) - unsigned certificate_status_expected:1; + bool certificate_status_expected:1; - // ocsp_stapling_requested is one if a client requested OCSP stapling. - unsigned ocsp_stapling_requested:1; + // ocsp_stapling_requested is true if a client requested OCSP stapling. + bool ocsp_stapling_requested:1; // should_ack_sni is used by a server and indicates that the SNI extension // should be echoed in the ServerHello. - unsigned should_ack_sni:1; + bool should_ack_sni:1; - // in_false_start is one if there is a pending client handshake in False + // in_false_start is true if there is a pending client handshake in False // Start. The client may write data at this point. - unsigned in_false_start:1; + bool in_false_start:1; - // in_early_data is one if there is a pending handshake that has progressed + // in_early_data is true if there is a pending handshake that has progressed // enough to send and receive early data. - unsigned in_early_data:1; + bool in_early_data:1; - // early_data_offered is one if the client sent the early_data extension. - unsigned early_data_offered:1; + // early_data_offered is true if the client sent the early_data extension. + bool early_data_offered:1; - // can_early_read is one if application data may be read at this point in the + // can_early_read is true if application data may be read at this point in the // handshake. - unsigned can_early_read:1; + bool can_early_read:1; - // can_early_write is one if application data may be written at this point in + // can_early_write is true if application data may be written at this point in // the handshake. - unsigned can_early_write:1; + bool can_early_write:1; // next_proto_neg_seen is one of NPN was negotiated. - unsigned next_proto_neg_seen:1; + bool next_proto_neg_seen:1; - // ticket_expected is one if a TLS 1.2 NewSessionTicket message is to be sent + // ticket_expected is true if a TLS 1.2 NewSessionTicket message is to be sent // or received. - unsigned ticket_expected:1; + bool ticket_expected:1; - // extended_master_secret is one if the extended master secret extension is + // extended_master_secret is true if the extended master secret extension is // negotiated in this handshake. - unsigned extended_master_secret:1; + bool extended_master_secret:1; - // pending_private_key_op is one if there is a pending private key operation + // pending_private_key_op is true if there is a pending private key operation // in progress. - unsigned pending_private_key_op:1; + bool pending_private_key_op:1; // client_version is the value sent or received in the ClientHello version. uint16_t client_version = 0; @@ -2117,8 +2116,8 @@ // be called again. Otherwise, it returns |ssl_hs_error|. enum ssl_hs_wait_t ssl_get_prev_session(SSL *ssl, UniquePtr<SSL_SESSION> *out_session, - int *out_tickets_supported, - int *out_renew_ticket, + bool *out_tickets_supported, + bool *out_renew_ticket, const SSL_CLIENT_HELLO *client_hello); // The following flags determine which parts of the session are duplicated. @@ -2293,7 +2292,7 @@ // Retry later. // |ssl_ticket_aead_error|: an error occured that is fatal to the connection. enum ssl_ticket_aead_result_t ssl_process_ticket( - SSL *ssl, UniquePtr<SSL_SESSION> *out_session, int *out_renew_ticket, + SSL *ssl, UniquePtr<SSL_SESSION> *out_session, bool *out_renew_ticket, const uint8_t *ticket, size_t ticket_len, const uint8_t *session_id, size_t session_id_len);
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc index 858d77a..9051b40 100644 --- a/ssl/s3_pkt.cc +++ b/ssl/s3_pkt.cc
@@ -228,7 +228,7 @@ max = ssl->session->ticket_max_early_data - ssl->s3->hs->early_data_written; if (max == 0) { ssl->s3->wnum = tot; - ssl->s3->hs->can_early_write = 0; + ssl->s3->hs->can_early_write = false; *out_needs_handshake = 1; return -1; } @@ -433,7 +433,7 @@ rr->length = 0; ssl_read_buffer_discard(ssl); // Stop accepting early data. - ssl->s3->hs->can_early_read = 0; + ssl->s3->hs->can_early_read = false; *out_got_handshake = 1; return -1; }
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 1f1461f..ed97561 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc
@@ -1084,7 +1084,7 @@ } hs->wait = ssl_hs_ok; - hs->in_early_data = 0; + hs->in_early_data = false; hs->early_session.reset(); // Discard any unfinished writes from the perspective of |SSL_write|'s
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc index cdae03a..32d3b35 100644 --- a/ssl/ssl_session.cc +++ b/ssl/ssl_session.cc
@@ -730,18 +730,18 @@ enum ssl_hs_wait_t ssl_get_prev_session(SSL *ssl, UniquePtr<SSL_SESSION> *out_session, - int *out_tickets_supported, - int *out_renew_ticket, + bool *out_tickets_supported, + bool *out_renew_ticket, const SSL_CLIENT_HELLO *client_hello) { // This is used only by servers. assert(ssl->server); UniquePtr<SSL_SESSION> session; - int renew_ticket = 0; + bool renew_ticket = false; // If tickets are disabled, always behave as if no tickets are present. const uint8_t *ticket = NULL; size_t ticket_len = 0; - const int tickets_supported = + const bool tickets_supported = !(SSL_get_options(ssl) & SSL_OP_NO_TICKET) && ssl->version > SSL3_VERSION && SSL_early_callback_ctx_extension_get(
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 0ff5a09..301096f 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc
@@ -681,7 +681,7 @@ } hs->hostname.reset(hostname_raw); - hs->should_ack_sni = 1; + hs->should_ack_sni = true; return 1; } @@ -894,13 +894,13 @@ return 0; } - hs->extended_master_secret = 1; + hs->extended_master_secret = true; } // Whether EMS is negotiated may not change on renegotiation. if (ssl->s3->established_session != NULL && hs->extended_master_secret != - ssl->s3->established_session->extended_master_secret) { + !!ssl->s3->established_session->extended_master_secret) { OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH); *out_alert = SSL_AD_ILLEGAL_PARAMETER; return 0; @@ -925,7 +925,7 @@ return 0; } - hs->extended_master_secret = 1; + hs->extended_master_secret = true; return 1; } @@ -1002,7 +1002,7 @@ return 0; } - hs->ticket_expected = 1; + hs->ticket_expected = true; return 1; } @@ -1112,7 +1112,7 @@ // status_request here does not make sense, but OpenSSL does so and the // specification does not say anything. Tolerate it but ignore it. - hs->certificate_status_expected = 1; + hs->certificate_status_expected = true; return 1; } @@ -1144,7 +1144,7 @@ return 1; } - hs->certificate_status_expected = 1; + hs->certificate_status_expected = true; return CBB_add_u16(out, TLSEXT_TYPE_status_request) && CBB_add_u16(out, 0 /* length */); @@ -1225,7 +1225,7 @@ } ssl->s3->next_proto_negotiated_len = selected_len; - hs->next_proto_neg_seen = 1; + hs->next_proto_neg_seen = true; return 1; } @@ -1248,7 +1248,7 @@ return 1; } - hs->next_proto_neg_seen = 1; + hs->next_proto_neg_seen = true; return 1; } @@ -1266,7 +1266,7 @@ if (ssl->ctx->next_protos_advertised_cb( ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) != SSL_TLSEXT_ERR_OK) { - hs->next_proto_neg_seen = 0; + hs->next_proto_neg_seen = false; return 1; } @@ -1350,7 +1350,7 @@ return 0; } - hs->scts_requested = 1; + hs->scts_requested = true; return 1; } @@ -1478,7 +1478,7 @@ } // ALPN takes precedence over NPN. - hs->next_proto_neg_seen = 0; + hs->next_proto_neg_seen = false; CBS protocol_name_list; if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) || @@ -1886,7 +1886,7 @@ return 0; } - hs->needs_psk_binder = 1; + hs->needs_psk_binder = true; return CBB_flush(out); } @@ -2043,7 +2043,7 @@ return 1; } - hs->early_data_offered = 1; + hs->early_data_offered = true; if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) || !CBB_add_u16(out, 0) || @@ -2089,7 +2089,7 @@ return 0; } - hs->early_data_offered = 1; + hs->early_data_offered = true; return 1; } @@ -2921,7 +2921,7 @@ tls_extension_find(&ext_index, type); if (ext == NULL) { - hs->received_custom_extension = 1; + hs->received_custom_extension = true; if (!custom_ext_parse_serverhello(hs, out_alert, type, &extension)) { return 0; } @@ -2988,7 +2988,7 @@ return -1; case SSL_TLSEXT_ERR_NOACK: - hs->should_ack_sni = 0; + hs->should_ack_sni = false; return 1; default: @@ -3062,7 +3062,7 @@ } static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_cb( - SSL *ssl, uint8_t **out, size_t *out_len, int *out_renew_ticket, + SSL *ssl, uint8_t **out, size_t *out_len, bool *out_renew_ticket, const uint8_t *ticket, size_t ticket_len) { assert(ticket_len >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH); ScopedEVP_CIPHER_CTX cipher_ctx; @@ -3076,7 +3076,7 @@ } else if (cb_ret == 0) { return ssl_ticket_aead_ignore_ticket; } else if (cb_ret == 2) { - *out_renew_ticket = 1; + *out_renew_ticket = true; } else { assert(cb_ret == 1); } @@ -3125,7 +3125,7 @@ } static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_method( - SSL *ssl, uint8_t **out, size_t *out_len, int *out_renew_ticket, + SSL *ssl, uint8_t **out, size_t *out_len, bool *out_renew_ticket, const uint8_t *ticket, size_t ticket_len) { uint8_t *plaintext = (uint8_t *)OPENSSL_malloc(ticket_len); if (plaintext == NULL) { @@ -3149,10 +3149,10 @@ } enum ssl_ticket_aead_result_t ssl_process_ticket( - SSL *ssl, UniquePtr<SSL_SESSION> *out_session, int *out_renew_ticket, + SSL *ssl, UniquePtr<SSL_SESSION> *out_session, bool *out_renew_ticket, const uint8_t *ticket, size_t ticket_len, const uint8_t *session_id, size_t session_id_len) { - *out_renew_ticket = 0; + *out_renew_ticket = false; out_session->reset(); if ((SSL_get_options(ssl) & SSL_OP_NO_TICKET) ||
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index 51d275c..717a34d 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc
@@ -147,7 +147,7 @@ } ssl->method->next_message(ssl); - hs->received_hello_retry_request = 1; + hs->received_hello_retry_request = true; hs->tls13_state = state_send_second_client_hello; // 0-RTT is rejected if we receive a HelloRetryRequest. if (hs->in_early_data) { @@ -483,7 +483,7 @@ return ssl_hs_error; } - hs->cert_request = 1; + hs->cert_request = true; hs->ca_names = std::move(ca_names); ssl->ctx->x509_method->hs_flush_cached_ca_names(hs); @@ -565,7 +565,7 @@ SSL *const ssl = hs->ssl; if (ssl->early_data_accepted) { - hs->can_early_write = 0; + hs->can_early_write = false; if (!ssl->method->add_alert(ssl, SSL3_AL_WARNING, TLS1_AD_END_OF_EARLY_DATA)) { return ssl_hs_error;
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index 26ce0e1..969f2ec 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc
@@ -289,7 +289,7 @@ // TLS 1.3 session tickets are renewed separately as part of the // NewSessionTicket. - int unused_renew; + bool unused_renew; UniquePtr<SSL_SESSION> session; enum ssl_ticket_aead_result_t ret = ssl_process_ticket(ssl, &session, &unused_renew, CBS_data(&ticket), @@ -588,7 +588,7 @@ // Only request a certificate if Channel ID isn't negotiated. if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) && ssl->s3->tlsext_channel_id_valid) { - hs->cert_request = 0; + hs->cert_request = false; } } @@ -698,9 +698,9 @@ hs->hash_len)) { return ssl_hs_error; } - hs->can_early_write = 1; - hs->can_early_read = 1; - hs->in_early_data = 1; + hs->can_early_write = true; + hs->can_early_read = true; + hs->in_early_data = true; hs->tls13_state = state_process_end_of_early_data; return ssl_hs_read_end_of_early_data; }