Convert a few more things from int to bool.
Change-Id: Iee4b8bbe82ea700e3c9c6538f981662a90747642
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35786
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index ee2952a..99993f2 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2029,7 +2029,7 @@
// check_client_CA_list returns one if |names| is a good list of X.509
// distinguished names and zero otherwise. This is used to ensure that we can
// reject unparsable values at handshake time when using crypto/x509.
- int (*check_client_CA_list)(STACK_OF(CRYPTO_BUFFER) *names);
+ bool (*check_client_CA_list)(STACK_OF(CRYPTO_BUFFER) *names);
// cert_clear frees and NULLs all X509 certificate-related state.
void (*cert_clear)(CERT *cert);
@@ -2046,35 +2046,35 @@
// session_cache_objects fills out |sess->x509_peer| and |sess->x509_chain|
// from |sess->certs| and erases |sess->x509_chain_without_leaf|. It returns
- // one on success or zero on error.
- int (*session_cache_objects)(SSL_SESSION *session);
+ // true on success or false on error.
+ bool (*session_cache_objects)(SSL_SESSION *session);
// session_dup duplicates any needed fields from |session| to |new_session|.
- // It returns one on success or zero on error.
- int (*session_dup)(SSL_SESSION *new_session, const SSL_SESSION *session);
+ // It returns true on success or false on error.
+ bool (*session_dup)(SSL_SESSION *new_session, const SSL_SESSION *session);
// session_clear frees any X509-related state from |session|.
void (*session_clear)(SSL_SESSION *session);
// session_verify_cert_chain verifies the certificate chain in |session|,
- // sets |session->verify_result| and returns one on success or zero on
+ // sets |session->verify_result| and returns true on success or false on
// error.
- int (*session_verify_cert_chain)(SSL_SESSION *session, SSL_HANDSHAKE *ssl,
- uint8_t *out_alert);
+ bool (*session_verify_cert_chain)(SSL_SESSION *session, SSL_HANDSHAKE *ssl,
+ uint8_t *out_alert);
// hs_flush_cached_ca_names drops any cached |X509_NAME|s from |hs|.
void (*hs_flush_cached_ca_names)(SSL_HANDSHAKE *hs);
- // ssl_new does any neccessary initialisation of |hs|. It returns one on
- // success or zero on error.
- int (*ssl_new)(SSL_HANDSHAKE *hs);
+ // ssl_new does any neccessary initialisation of |hs|. It returns true on
+ // success or false on error.
+ bool (*ssl_new)(SSL_HANDSHAKE *hs);
// ssl_free frees anything created by |ssl_new|.
void (*ssl_config_free)(SSL_CONFIG *cfg);
// ssl_flush_cached_client_CA drops any cached |X509_NAME|s from |ssl|.
void (*ssl_flush_cached_client_CA)(SSL_CONFIG *cfg);
// ssl_auto_chain_if_needed runs the deprecated auto-chaining logic if
// necessary. On success, it updates |ssl|'s certificate configuration as
- // needed and returns one. Otherwise, it returns zero.
- int (*ssl_auto_chain_if_needed)(SSL_HANDSHAKE *hs);
- // ssl_ctx_new does any neccessary initialisation of |ctx|. It returns one on
- // success or zero on error.
- int (*ssl_ctx_new)(SSL_CTX *ctx);
+ // needed and returns true. Otherwise, it returns false.
+ bool (*ssl_auto_chain_if_needed)(SSL_HANDSHAKE *hs);
+ // ssl_ctx_new does any neccessary initialisation of |ctx|. It returns true on
+ // success or false on error.
+ bool (*ssl_ctx_new)(SSL_CTX *ctx);
// ssl_ctx_free frees anything created by |ssl_ctx_new|.
void (*ssl_ctx_free)(SSL_CTX *ctx);
// ssl_ctx_flush_cached_client_CA drops any cached |X509_NAME|s from |ctx|.
diff --git a/ssl/ssl_x509.cc b/ssl/ssl_x509.cc
index 841482f..f76118c 100644
--- a/ssl/ssl_x509.cc
+++ b/ssl/ssl_x509.cc
@@ -200,19 +200,19 @@
// forms of elements of |chain|. It returns one on success or zero on error, in
// which case no change to |cert->chain| is made. It preverses the existing
// leaf from |cert->chain|, if any.
-static int ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {
+static bool ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {
UniquePtr<STACK_OF(CRYPTO_BUFFER)> new_chain;
if (cert->chain != nullptr) {
new_chain.reset(sk_CRYPTO_BUFFER_new_null());
if (!new_chain) {
- return 0;
+ return false;
}
// |leaf| might be NULL if it's a “leafless” chain.
CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain.get(), 0);
if (!PushToStack(new_chain.get(), UpRef(leaf))) {
- return 0;
+ return false;
}
}
@@ -220,32 +220,32 @@
if (!new_chain) {
new_chain = new_leafless_chain();
if (!new_chain) {
- return 0;
+ return false;
}
}
UniquePtr<CRYPTO_BUFFER> buffer = x509_to_buffer(x509);
if (!buffer ||
!PushToStack(new_chain.get(), std::move(buffer))) {
- return 0;
+ return false;
}
}
cert->chain = std::move(new_chain);
- return 1;
+ return true;
}
static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {
X509_free(cert->x509_leaf);
- cert->x509_leaf = NULL;
+ cert->x509_leaf = nullptr;
}
static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {
sk_X509_pop_free(cert->x509_chain, X509_free);
- cert->x509_chain = NULL;
+ cert->x509_chain = nullptr;
}
-static int ssl_crypto_x509_check_client_CA_list(
+static bool ssl_crypto_x509_check_client_CA_list(
STACK_OF(CRYPTO_BUFFER) *names) {
for (const CRYPTO_BUFFER *buffer : names) {
const uint8_t *inp = CRYPTO_BUFFER_data(buffer);
@@ -253,11 +253,11 @@
d2i_X509_NAME(nullptr, &inp, CRYPTO_BUFFER_len(buffer)));
if (name == nullptr ||
inp != CRYPTO_BUFFER_data(buffer) + CRYPTO_BUFFER_len(buffer)) {
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
static void ssl_crypto_x509_cert_clear(CERT *cert) {
@@ -265,7 +265,7 @@
ssl_crypto_x509_cert_flush_cached_chain(cert);
X509_free(cert->x509_stash);
- cert->x509_stash = NULL;
+ cert->x509_stash = nullptr;
}
static void ssl_crypto_x509_cert_free(CERT *cert) {
@@ -274,19 +274,19 @@
}
static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {
- if (cert->verify_store != NULL) {
+ if (cert->verify_store != nullptr) {
X509_STORE_up_ref(cert->verify_store);
new_cert->verify_store = cert->verify_store;
}
}
-static int ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) {
+static bool ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) {
bssl::UniquePtr<STACK_OF(X509)> chain, chain_without_leaf;
if (sk_CRYPTO_BUFFER_num(sess->certs.get()) > 0) {
chain.reset(sk_X509_new_null());
if (!chain) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- return 0;
+ return false;
}
if (sess->is_server) {
// chain_without_leaf is only needed for server sessions. See
@@ -294,7 +294,7 @@
chain_without_leaf.reset(sk_X509_new_null());
if (!chain_without_leaf) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- return 0;
+ return false;
}
}
}
@@ -304,18 +304,18 @@
UniquePtr<X509> x509(X509_parse_from_buffer(cert));
if (!x509) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return 0;
+ return false;
}
if (leaf == nullptr) {
leaf = UpRef(x509);
} else if (chain_without_leaf &&
!PushToStack(chain_without_leaf.get(), UpRef(x509))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- return 0;
+ return false;
}
if (!PushToStack(chain.get(), std::move(x509))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- return 0;
+ return false;
}
}
@@ -327,50 +327,50 @@
X509_free(sess->x509_peer);
sess->x509_peer = leaf.release();
- return 1;
+ return true;
}
-static int ssl_crypto_x509_session_dup(SSL_SESSION *new_session,
- const SSL_SESSION *session) {
+static bool ssl_crypto_x509_session_dup(SSL_SESSION *new_session,
+ const SSL_SESSION *session) {
new_session->x509_peer = UpRef(session->x509_peer).release();
if (session->x509_chain != nullptr) {
new_session->x509_chain = X509_chain_up_ref(session->x509_chain);
if (new_session->x509_chain == nullptr) {
- return 0;
+ return false;
}
}
if (session->x509_chain_without_leaf != nullptr) {
new_session->x509_chain_without_leaf =
X509_chain_up_ref(session->x509_chain_without_leaf);
if (new_session->x509_chain_without_leaf == nullptr) {
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
static void ssl_crypto_x509_session_clear(SSL_SESSION *session) {
X509_free(session->x509_peer);
- session->x509_peer = NULL;
+ session->x509_peer = nullptr;
sk_X509_pop_free(session->x509_chain, X509_free);
- session->x509_chain = NULL;
+ session->x509_chain = nullptr;
sk_X509_pop_free(session->x509_chain_without_leaf, X509_free);
- session->x509_chain_without_leaf = NULL;
+ session->x509_chain_without_leaf = nullptr;
}
-static int ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session,
- SSL_HANDSHAKE *hs,
- uint8_t *out_alert) {
+static bool ssl_crypto_x509_session_verify_cert_chain(SSL_SESSION *session,
+ SSL_HANDSHAKE *hs,
+ uint8_t *out_alert) {
*out_alert = SSL_AD_INTERNAL_ERROR;
STACK_OF(X509) *const cert_chain = session->x509_chain;
- if (cert_chain == NULL || sk_X509_num(cert_chain) == 0) {
- return 0;
+ if (cert_chain == nullptr || sk_X509_num(cert_chain) == 0) {
+ return false;
}
SSL_CTX *ssl_ctx = hs->ssl->ctx.get();
X509_STORE *verify_store = ssl_ctx->cert_store;
- if (hs->config->cert->verify_store != NULL) {
+ if (hs->config->cert->verify_store != nullptr) {
verify_store = hs->config->cert->verify_store;
}
@@ -378,11 +378,11 @@
ScopedX509_STORE_CTX ctx;
if (!X509_STORE_CTX_init(ctx.get(), verify_store, leaf, cert_chain)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
- return 0;
+ return false;
}
if (!X509_STORE_CTX_set_ex_data(
ctx.get(), SSL_get_ex_data_X509_STORE_CTX_idx(), hs->ssl)) {
- return 0;
+ return false;
}
// We need to inherit the verify parameters. These can be determined by the
@@ -400,7 +400,7 @@
}
int verify_ret;
- if (ssl_ctx->app_verify_callback != NULL) {
+ if (ssl_ctx->app_verify_callback != nullptr) {
verify_ret =
ssl_ctx->app_verify_callback(ctx.get(), ssl_ctx->app_verify_arg);
} else {
@@ -412,59 +412,59 @@
// If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result.
if (verify_ret <= 0 && hs->config->verify_mode != SSL_VERIFY_NONE) {
*out_alert = SSL_alert_from_verify_result(ctx->error);
- return 0;
+ return false;
}
ERR_clear_error();
- return 1;
+ return true;
}
static void ssl_crypto_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {
sk_X509_NAME_pop_free(hs->cached_x509_ca_names, X509_NAME_free);
- hs->cached_x509_ca_names = NULL;
+ hs->cached_x509_ca_names = nullptr;
}
-static int ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) {
+static bool ssl_crypto_x509_ssl_new(SSL_HANDSHAKE *hs) {
hs->config->param = X509_VERIFY_PARAM_new();
- if (hs->config->param == NULL) {
- return 0;
+ if (hs->config->param == nullptr) {
+ return false;
}
X509_VERIFY_PARAM_inherit(hs->config->param, hs->ssl->ctx->param);
- return 1;
+ return true;
}
static void ssl_crypto_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) {
sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
- cfg->cached_x509_client_CA = NULL;
+ cfg->cached_x509_client_CA = nullptr;
}
static void ssl_crypto_x509_ssl_config_free(SSL_CONFIG *cfg) {
sk_X509_NAME_pop_free(cfg->cached_x509_client_CA, X509_NAME_free);
- cfg->cached_x509_client_CA = NULL;
+ cfg->cached_x509_client_CA = nullptr;
X509_VERIFY_PARAM_free(cfg->param);
}
-static int ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {
+static bool ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {
// Only build a chain if there are no intermediates configured and the feature
// isn't disabled.
if ((hs->ssl->mode & SSL_MODE_NO_AUTO_CHAIN) ||
!ssl_has_certificate(hs) || hs->config->cert->chain == NULL ||
sk_CRYPTO_BUFFER_num(hs->config->cert->chain.get()) > 1) {
- return 1;
+ return true;
}
UniquePtr<X509> leaf(X509_parse_from_buffer(
sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0)));
if (!leaf) {
OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
- return 0;
+ return false;
}
ScopedX509_STORE_CTX ctx;
if (!X509_STORE_CTX_init(ctx.get(), hs->ssl->ctx->cert_store, leaf.get(),
NULL)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
- return 0;
+ return false;
}
// Attempt to build a chain, ignoring the result.
@@ -475,23 +475,23 @@
X509_free(sk_X509_shift(ctx->chain));
if (!ssl_cert_set_chain(hs->config->cert.get(), ctx->chain)) {
- return 0;
+ return false;
}
ssl_crypto_x509_cert_flush_cached_chain(hs->config->cert.get());
- return 1;
+ return true;
}
static void ssl_crypto_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {
sk_X509_NAME_pop_free(ctx->cached_x509_client_CA, X509_NAME_free);
- ctx->cached_x509_client_CA = NULL;
+ ctx->cached_x509_client_CA = nullptr;
}
-static int ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) {
+static bool ssl_crypto_x509_ssl_ctx_new(SSL_CTX *ctx) {
ctx->cert_store = X509_STORE_new();
ctx->param = X509_VERIFY_PARAM_new();
- return (ctx->cert_store != NULL && ctx->param != NULL);
+ return (ctx->cert_store != nullptr && ctx->param != nullptr);
}
static void ssl_crypto_x509_ssl_ctx_free(SSL_CTX *ctx) {
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc
index bc9410b..95fac4d 100644
--- a/ssl/tls_method.cc
+++ b/ssl/tls_method.cc
@@ -125,9 +125,9 @@
ssl3_set_write_state,
};
-static int ssl_noop_x509_check_client_CA_names(
+static bool ssl_noop_x509_check_client_CA_names(
STACK_OF(CRYPTO_BUFFER) *names) {
- return 1;
+ return true;
}
static void ssl_noop_x509_clear(CERT *cert) {}
@@ -135,29 +135,29 @@
static void ssl_noop_x509_dup(CERT *new_cert, const CERT *cert) {}
static void ssl_noop_x509_flush_cached_leaf(CERT *cert) {}
static void ssl_noop_x509_flush_cached_chain(CERT *cert) {}
-static int ssl_noop_x509_session_cache_objects(SSL_SESSION *sess) {
- return 1;
+static bool ssl_noop_x509_session_cache_objects(SSL_SESSION *sess) {
+ return true;
}
-static int ssl_noop_x509_session_dup(SSL_SESSION *new_session,
- const SSL_SESSION *session) {
- return 1;
+static bool ssl_noop_x509_session_dup(SSL_SESSION *new_session,
+ const SSL_SESSION *session) {
+ return true;
}
static void ssl_noop_x509_session_clear(SSL_SESSION *session) {}
-static int ssl_noop_x509_session_verify_cert_chain(SSL_SESSION *session,
- SSL_HANDSHAKE *hs,
- uint8_t *out_alert) {
- return 0;
+static bool ssl_noop_x509_session_verify_cert_chain(SSL_SESSION *session,
+ SSL_HANDSHAKE *hs,
+ uint8_t *out_alert) {
+ return false;
}
static void ssl_noop_x509_hs_flush_cached_ca_names(SSL_HANDSHAKE *hs) {}
-static int ssl_noop_x509_ssl_new(SSL_HANDSHAKE *hs) { return 1; }
+static bool ssl_noop_x509_ssl_new(SSL_HANDSHAKE *hs) { return true; }
static void ssl_noop_x509_ssl_config_free(SSL_CONFIG *cfg) {}
static void ssl_noop_x509_ssl_flush_cached_client_CA(SSL_CONFIG *cfg) {}
-static int ssl_noop_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {
- return 1;
+static bool ssl_noop_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) {
+ return true;
}
-static int ssl_noop_x509_ssl_ctx_new(SSL_CTX *ctx) { return 1; }
-static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) { }
+static bool ssl_noop_x509_ssl_ctx_new(SSL_CTX *ctx) { return true; }
+static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) {}
static void ssl_noop_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {}
const SSL_X509_METHOD ssl_noop_x509_method = {