Replace bits in SSL_HANDSHAKE with bool.
Change-Id: I23f1449d8652a4aa3a9006e04c86c9430127800e
Reviewed-on: https://boringssl-review.googlesource.com/19924
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake.cc b/ssl/handshake.cc
index 8087310..8d74b7b 100644
--- a/ssl/handshake.cc
+++ b/ssl/handshake.cc
@@ -122,25 +122,25 @@
SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
: ssl(ssl_arg),
- scts_requested(0),
- needs_psk_binder(0),
- received_hello_retry_request(0),
- received_custom_extension(0),
- handshake_finalized(0),
- accept_psk_mode(0),
- cert_request(0),
- certificate_status_expected(0),
- ocsp_stapling_requested(0),
- should_ack_sni(0),
- in_false_start(0),
- in_early_data(0),
- early_data_offered(0),
- can_early_read(0),
- can_early_write(0),
- next_proto_neg_seen(0),
- ticket_expected(0),
- extended_master_secret(0),
- pending_private_key_op(0) {
+ scts_requested(false),
+ needs_psk_binder(false),
+ received_hello_retry_request(false),
+ received_custom_extension(false),
+ handshake_finalized(false),
+ accept_psk_mode(false),
+ cert_request(false),
+ certificate_status_expected(false),
+ ocsp_stapling_requested(false),
+ should_ack_sni(false),
+ in_false_start(false),
+ in_early_data(false),
+ early_data_offered(false),
+ can_early_read(false),
+ can_early_write(false),
+ next_proto_neg_seen(false),
+ ticket_expected(false),
+ extended_master_secret(false),
+ pending_private_key_op(false) {
}
SSL_HANDSHAKE::~SSL_HANDSHAKE() {
@@ -534,7 +534,7 @@
case ssl_hs_early_data_rejected:
ssl->rwstate = SSL_EARLY_DATA_REJECTED;
// Cause |SSL_write| to start failing immediately.
- hs->can_early_write = 0;
+ hs->can_early_write = false;
return -1;
case ssl_hs_early_return:
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 6afd44f..ee8cf7a 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -507,10 +507,10 @@
// Stash the early data session, so connection properties may be queried out
// of it.
- hs->in_early_data = 1;
+ hs->in_early_data = true;
SSL_SESSION_up_ref(ssl->session);
hs->early_session.reset(ssl->session);
- hs->can_early_write = 1;
+ hs->can_early_write = true;
hs->state = state_read_server_hello;
return ssl_hs_early_return;
@@ -1129,7 +1129,7 @@
return ssl_hs_error;
}
- hs->cert_request = 1;
+ hs->cert_request = true;
hs->ca_names = std::move(ca_names);
ssl->ctx->x509_method->hs_flush_cached_ca_names(hs);
@@ -1566,8 +1566,8 @@
ssl3_can_false_start(ssl) &&
// No False Start on renegotiation (would complicate the state machine).
!ssl->s3->initial_handshake_complete) {
- hs->in_false_start = 1;
- hs->can_early_write = 1;
+ hs->in_false_start = true;
+ hs->can_early_write = true;
return ssl_hs_early_return;
}
@@ -1606,7 +1606,7 @@
// RFC 5077 allows a server to change its mind and send no ticket after
// negotiating the extension. The value of |ticket_expected| is checked in
// |ssl_update_cache| so is cleared here to avoid an unnecessary update.
- hs->ticket_expected = 0;
+ hs->ticket_expected = false;
ssl->method->next_message(ssl);
hs->state = state_process_change_cipher_spec;
return ssl_hs_read_change_cipher_spec;
@@ -1709,7 +1709,7 @@
hs->new_session.reset();
}
- hs->handshake_finalized = 1;
+ hs->handshake_finalized = true;
ssl->s3->initial_handshake_complete = 1;
ssl_update_cache(hs, SSL_SESS_CACHE_CLIENT);
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 71590cf..eeb9f7f 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -579,7 +579,7 @@
// Determine whether we are doing session resumption.
UniquePtr<SSL_SESSION> session;
- int tickets_supported = 0, renew_ticket = 0;
+ bool tickets_supported = false, renew_ticket = false;
enum ssl_hs_wait_t wait = ssl_get_prev_session(
ssl, &session, &tickets_supported, &renew_ticket, &client_hello);
if (wait != ssl_hs_ok) {
@@ -647,11 +647,11 @@
// Only request a certificate if Channel ID isn't negotiated.
if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) &&
ssl->s3->tlsext_channel_id_valid) {
- hs->cert_request = 0;
+ hs->cert_request = false;
}
// CertificateRequest may only be sent in certificate-based ciphers.
if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
- hs->cert_request = 0;
+ hs->cert_request = false;
}
if (!hs->cert_request) {
@@ -1568,7 +1568,7 @@
ssl->s3->established_session->not_resumable = 0;
}
- hs->handshake_finalized = 1;
+ hs->handshake_finalized = true;
ssl->s3->initial_handshake_complete = 1;
ssl_update_cache(hs, SSL_SESS_CACHE_SERVER);
diff --git a/ssl/internal.h b/ssl/internal.h
index 5fa3869..03b7f8b 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1232,74 +1232,73 @@
uint8_t *key_block = nullptr;
uint8_t key_block_len = 0;
- // scts_requested is one if the SCT extension is in the ClientHello.
- unsigned scts_requested:1;
+ // scts_requested is true if the SCT extension is in the ClientHello.
+ bool scts_requested:1;
- // needs_psk_binder if the ClientHello has a placeholder PSK binder to be
- // filled in.
- unsigned needs_psk_binder:1;
+ // needs_psk_binder is true if the ClientHello has a placeholder PSK binder to
+ // be filled in.
+ bool needs_psk_binder:1;
- unsigned received_hello_retry_request:1;
+ bool received_hello_retry_request:1;
- unsigned received_custom_extension:1;
+ bool received_custom_extension:1;
// handshake_finalized is true once the handshake has completed, at which
// point accessors should use the established state.
- unsigned handshake_finalized:1;
+ bool handshake_finalized:1;
// accept_psk_mode stores whether the client's PSK mode is compatible with our
// preferences.
- unsigned accept_psk_mode:1;
+ bool accept_psk_mode:1;
- // cert_request is one if a client certificate was requested and zero
- // otherwise.
- unsigned cert_request:1;
+ // cert_request is true if a client certificate was requested.
+ bool cert_request:1;
- // certificate_status_expected is one if OCSP stapling was negotiated and the
+ // certificate_status_expected is true if OCSP stapling was negotiated and the
// server is expected to send a CertificateStatus message. (This is used on
// both the client and server sides.)
- unsigned certificate_status_expected:1;
+ bool certificate_status_expected:1;
- // ocsp_stapling_requested is one if a client requested OCSP stapling.
- unsigned ocsp_stapling_requested:1;
+ // ocsp_stapling_requested is true if a client requested OCSP stapling.
+ bool ocsp_stapling_requested:1;
// should_ack_sni is used by a server and indicates that the SNI extension
// should be echoed in the ServerHello.
- unsigned should_ack_sni:1;
+ bool should_ack_sni:1;
- // in_false_start is one if there is a pending client handshake in False
+ // in_false_start is true if there is a pending client handshake in False
// Start. The client may write data at this point.
- unsigned in_false_start:1;
+ bool in_false_start:1;
- // in_early_data is one if there is a pending handshake that has progressed
+ // in_early_data is true if there is a pending handshake that has progressed
// enough to send and receive early data.
- unsigned in_early_data:1;
+ bool in_early_data:1;
- // early_data_offered is one if the client sent the early_data extension.
- unsigned early_data_offered:1;
+ // early_data_offered is true if the client sent the early_data extension.
+ bool early_data_offered:1;
- // can_early_read is one if application data may be read at this point in the
+ // can_early_read is true if application data may be read at this point in the
// handshake.
- unsigned can_early_read:1;
+ bool can_early_read:1;
- // can_early_write is one if application data may be written at this point in
+ // can_early_write is true if application data may be written at this point in
// the handshake.
- unsigned can_early_write:1;
+ bool can_early_write:1;
// next_proto_neg_seen is one of NPN was negotiated.
- unsigned next_proto_neg_seen:1;
+ bool next_proto_neg_seen:1;
- // ticket_expected is one if a TLS 1.2 NewSessionTicket message is to be sent
+ // ticket_expected is true if a TLS 1.2 NewSessionTicket message is to be sent
// or received.
- unsigned ticket_expected:1;
+ bool ticket_expected:1;
- // extended_master_secret is one if the extended master secret extension is
+ // extended_master_secret is true if the extended master secret extension is
// negotiated in this handshake.
- unsigned extended_master_secret:1;
+ bool extended_master_secret:1;
- // pending_private_key_op is one if there is a pending private key operation
+ // pending_private_key_op is true if there is a pending private key operation
// in progress.
- unsigned pending_private_key_op:1;
+ bool pending_private_key_op:1;
// client_version is the value sent or received in the ClientHello version.
uint16_t client_version = 0;
@@ -2117,8 +2116,8 @@
// be called again. Otherwise, it returns |ssl_hs_error|.
enum ssl_hs_wait_t ssl_get_prev_session(SSL *ssl,
UniquePtr<SSL_SESSION> *out_session,
- int *out_tickets_supported,
- int *out_renew_ticket,
+ bool *out_tickets_supported,
+ bool *out_renew_ticket,
const SSL_CLIENT_HELLO *client_hello);
// The following flags determine which parts of the session are duplicated.
@@ -2293,7 +2292,7 @@
// Retry later.
// |ssl_ticket_aead_error|: an error occured that is fatal to the connection.
enum ssl_ticket_aead_result_t ssl_process_ticket(
- SSL *ssl, UniquePtr<SSL_SESSION> *out_session, int *out_renew_ticket,
+ SSL *ssl, UniquePtr<SSL_SESSION> *out_session, bool *out_renew_ticket,
const uint8_t *ticket, size_t ticket_len, const uint8_t *session_id,
size_t session_id_len);
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc
index 858d77a..9051b40 100644
--- a/ssl/s3_pkt.cc
+++ b/ssl/s3_pkt.cc
@@ -228,7 +228,7 @@
max = ssl->session->ticket_max_early_data - ssl->s3->hs->early_data_written;
if (max == 0) {
ssl->s3->wnum = tot;
- ssl->s3->hs->can_early_write = 0;
+ ssl->s3->hs->can_early_write = false;
*out_needs_handshake = 1;
return -1;
}
@@ -433,7 +433,7 @@
rr->length = 0;
ssl_read_buffer_discard(ssl);
// Stop accepting early data.
- ssl->s3->hs->can_early_read = 0;
+ ssl->s3->hs->can_early_read = false;
*out_got_handshake = 1;
return -1;
}
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 1f1461f..ed97561 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -1084,7 +1084,7 @@
}
hs->wait = ssl_hs_ok;
- hs->in_early_data = 0;
+ hs->in_early_data = false;
hs->early_session.reset();
// Discard any unfinished writes from the perspective of |SSL_write|'s
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index cdae03a..32d3b35 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -730,18 +730,18 @@
enum ssl_hs_wait_t ssl_get_prev_session(SSL *ssl,
UniquePtr<SSL_SESSION> *out_session,
- int *out_tickets_supported,
- int *out_renew_ticket,
+ bool *out_tickets_supported,
+ bool *out_renew_ticket,
const SSL_CLIENT_HELLO *client_hello) {
// This is used only by servers.
assert(ssl->server);
UniquePtr<SSL_SESSION> session;
- int renew_ticket = 0;
+ bool renew_ticket = false;
// If tickets are disabled, always behave as if no tickets are present.
const uint8_t *ticket = NULL;
size_t ticket_len = 0;
- const int tickets_supported =
+ const bool tickets_supported =
!(SSL_get_options(ssl) & SSL_OP_NO_TICKET) &&
ssl->version > SSL3_VERSION &&
SSL_early_callback_ctx_extension_get(
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 0ff5a09..301096f 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -681,7 +681,7 @@
}
hs->hostname.reset(hostname_raw);
- hs->should_ack_sni = 1;
+ hs->should_ack_sni = true;
return 1;
}
@@ -894,13 +894,13 @@
return 0;
}
- hs->extended_master_secret = 1;
+ hs->extended_master_secret = true;
}
// Whether EMS is negotiated may not change on renegotiation.
if (ssl->s3->established_session != NULL &&
hs->extended_master_secret !=
- ssl->s3->established_session->extended_master_secret) {
+ !!ssl->s3->established_session->extended_master_secret) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
@@ -925,7 +925,7 @@
return 0;
}
- hs->extended_master_secret = 1;
+ hs->extended_master_secret = true;
return 1;
}
@@ -1002,7 +1002,7 @@
return 0;
}
- hs->ticket_expected = 1;
+ hs->ticket_expected = true;
return 1;
}
@@ -1112,7 +1112,7 @@
// status_request here does not make sense, but OpenSSL does so and the
// specification does not say anything. Tolerate it but ignore it.
- hs->certificate_status_expected = 1;
+ hs->certificate_status_expected = true;
return 1;
}
@@ -1144,7 +1144,7 @@
return 1;
}
- hs->certificate_status_expected = 1;
+ hs->certificate_status_expected = true;
return CBB_add_u16(out, TLSEXT_TYPE_status_request) &&
CBB_add_u16(out, 0 /* length */);
@@ -1225,7 +1225,7 @@
}
ssl->s3->next_proto_negotiated_len = selected_len;
- hs->next_proto_neg_seen = 1;
+ hs->next_proto_neg_seen = true;
return 1;
}
@@ -1248,7 +1248,7 @@
return 1;
}
- hs->next_proto_neg_seen = 1;
+ hs->next_proto_neg_seen = true;
return 1;
}
@@ -1266,7 +1266,7 @@
if (ssl->ctx->next_protos_advertised_cb(
ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) !=
SSL_TLSEXT_ERR_OK) {
- hs->next_proto_neg_seen = 0;
+ hs->next_proto_neg_seen = false;
return 1;
}
@@ -1350,7 +1350,7 @@
return 0;
}
- hs->scts_requested = 1;
+ hs->scts_requested = true;
return 1;
}
@@ -1478,7 +1478,7 @@
}
// ALPN takes precedence over NPN.
- hs->next_proto_neg_seen = 0;
+ hs->next_proto_neg_seen = false;
CBS protocol_name_list;
if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) ||
@@ -1886,7 +1886,7 @@
return 0;
}
- hs->needs_psk_binder = 1;
+ hs->needs_psk_binder = true;
return CBB_flush(out);
}
@@ -2043,7 +2043,7 @@
return 1;
}
- hs->early_data_offered = 1;
+ hs->early_data_offered = true;
if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
!CBB_add_u16(out, 0) ||
@@ -2089,7 +2089,7 @@
return 0;
}
- hs->early_data_offered = 1;
+ hs->early_data_offered = true;
return 1;
}
@@ -2921,7 +2921,7 @@
tls_extension_find(&ext_index, type);
if (ext == NULL) {
- hs->received_custom_extension = 1;
+ hs->received_custom_extension = true;
if (!custom_ext_parse_serverhello(hs, out_alert, type, &extension)) {
return 0;
}
@@ -2988,7 +2988,7 @@
return -1;
case SSL_TLSEXT_ERR_NOACK:
- hs->should_ack_sni = 0;
+ hs->should_ack_sni = false;
return 1;
default:
@@ -3062,7 +3062,7 @@
}
static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_cb(
- SSL *ssl, uint8_t **out, size_t *out_len, int *out_renew_ticket,
+ SSL *ssl, uint8_t **out, size_t *out_len, bool *out_renew_ticket,
const uint8_t *ticket, size_t ticket_len) {
assert(ticket_len >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH);
ScopedEVP_CIPHER_CTX cipher_ctx;
@@ -3076,7 +3076,7 @@
} else if (cb_ret == 0) {
return ssl_ticket_aead_ignore_ticket;
} else if (cb_ret == 2) {
- *out_renew_ticket = 1;
+ *out_renew_ticket = true;
} else {
assert(cb_ret == 1);
}
@@ -3125,7 +3125,7 @@
}
static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_method(
- SSL *ssl, uint8_t **out, size_t *out_len, int *out_renew_ticket,
+ SSL *ssl, uint8_t **out, size_t *out_len, bool *out_renew_ticket,
const uint8_t *ticket, size_t ticket_len) {
uint8_t *plaintext = (uint8_t *)OPENSSL_malloc(ticket_len);
if (plaintext == NULL) {
@@ -3149,10 +3149,10 @@
}
enum ssl_ticket_aead_result_t ssl_process_ticket(
- SSL *ssl, UniquePtr<SSL_SESSION> *out_session, int *out_renew_ticket,
+ SSL *ssl, UniquePtr<SSL_SESSION> *out_session, bool *out_renew_ticket,
const uint8_t *ticket, size_t ticket_len, const uint8_t *session_id,
size_t session_id_len) {
- *out_renew_ticket = 0;
+ *out_renew_ticket = false;
out_session->reset();
if ((SSL_get_options(ssl) & SSL_OP_NO_TICKET) ||
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index 51d275c..717a34d 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -147,7 +147,7 @@
}
ssl->method->next_message(ssl);
- hs->received_hello_retry_request = 1;
+ hs->received_hello_retry_request = true;
hs->tls13_state = state_send_second_client_hello;
// 0-RTT is rejected if we receive a HelloRetryRequest.
if (hs->in_early_data) {
@@ -483,7 +483,7 @@
return ssl_hs_error;
}
- hs->cert_request = 1;
+ hs->cert_request = true;
hs->ca_names = std::move(ca_names);
ssl->ctx->x509_method->hs_flush_cached_ca_names(hs);
@@ -565,7 +565,7 @@
SSL *const ssl = hs->ssl;
if (ssl->early_data_accepted) {
- hs->can_early_write = 0;
+ hs->can_early_write = false;
if (!ssl->method->add_alert(ssl, SSL3_AL_WARNING,
TLS1_AD_END_OF_EARLY_DATA)) {
return ssl_hs_error;
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 26ce0e1..969f2ec 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -289,7 +289,7 @@
// TLS 1.3 session tickets are renewed separately as part of the
// NewSessionTicket.
- int unused_renew;
+ bool unused_renew;
UniquePtr<SSL_SESSION> session;
enum ssl_ticket_aead_result_t ret =
ssl_process_ticket(ssl, &session, &unused_renew, CBS_data(&ticket),
@@ -588,7 +588,7 @@
// Only request a certificate if Channel ID isn't negotiated.
if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) &&
ssl->s3->tlsext_channel_id_valid) {
- hs->cert_request = 0;
+ hs->cert_request = false;
}
}
@@ -698,9 +698,9 @@
hs->hash_len)) {
return ssl_hs_error;
}
- hs->can_early_write = 1;
- hs->can_early_read = 1;
- hs->in_early_data = 1;
+ hs->can_early_write = true;
+ hs->can_early_read = true;
+ hs->in_early_data = true;
hs->tls13_state = state_process_end_of_early_data;
return ssl_hs_read_end_of_early_data;
}
