Convert a few more ints to bools in libssl.

There was even a bug where we returned -1 out of a function whose
callers use !.

Change-Id: Ic815ea9f013bcbca41ef84b9ffa9fb867f716aa6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58465
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
fips-20230428
David Benjamin 2 years ago committed by Boringssl LUCI CQ
parent 502d24ca80
commit 6e723e5b37
  1. 30
      ssl/internal.h
  2. 2
      ssl/ssl_asn1.cc
  3. 40
      ssl/ssl_session.cc

@ -3132,8 +3132,9 @@ bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
const EVP_PKEY *privkey);
bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey);
bool ssl_get_new_session(SSL_HANDSHAKE *hs);
int ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out, const SSL_SESSION *session);
int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx);
bool ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out,
const SSL_SESSION *session);
bool ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx);
// ssl_session_new returns a newly-allocated blank |SSL_SESSION| or nullptr on
// error.
@ -3149,23 +3150,22 @@ OPENSSL_EXPORT UniquePtr<SSL_SESSION> SSL_SESSION_parse(
CBS *cbs, const SSL_X509_METHOD *x509_method, CRYPTO_BUFFER_POOL *pool);
// ssl_session_serialize writes |in| to |cbb| as if it were serialising a
// session for Session-ID resumption. It returns one on success and zero on
// session for Session-ID resumption. It returns true on success and false on
// error.
OPENSSL_EXPORT int ssl_session_serialize(const SSL_SESSION *in, CBB *cbb);
OPENSSL_EXPORT bool ssl_session_serialize(const SSL_SESSION *in, CBB *cbb);
// ssl_session_is_context_valid returns one if |session|'s session ID context
// matches the one set on |hs| and zero otherwise.
int ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session);
// ssl_session_is_context_valid returns whether |session|'s session ID context
// matches the one set on |hs|.
bool ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session);
// ssl_session_is_time_valid returns one if |session| is still valid and zero if
// it has expired.
int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session);
// ssl_session_is_time_valid returns true if |session| is still valid and false
// if it has expired.
bool ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session);
// ssl_session_is_resumable returns one if |session| is resumable for |hs| and
// zero otherwise.
int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session);
// ssl_session_is_resumable returns whether |session| is resumable for |hs|.
bool ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session);
// ssl_session_protocol_version returns the protocol version associated with
// |session|. Note that despite the name, this is not the same as

@ -782,7 +782,7 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs,
return ret;
}
int ssl_session_serialize(const SSL_SESSION *in, CBB *cbb) {
bool ssl_session_serialize(const SSL_SESSION *in, CBB *cbb) {
return SSL_SESSION_to_bytes_full(in, cbb, 0);
}

@ -400,7 +400,7 @@ bool ssl_get_new_session(SSL_HANDSHAKE *hs) {
return true;
}
int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
bool ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
OPENSSL_timeval now;
ssl_ctx_get_current_time(ctx, &now);
{
@ -412,7 +412,7 @@ int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
ctx->ticket_key_current->next_rotation_tv_sec > now.tv_sec) &&
(!ctx->ticket_key_prev ||
ctx->ticket_key_prev->next_rotation_tv_sec > now.tv_sec)) {
return 1;
return true;
}
}
@ -423,7 +423,7 @@ int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
// The current key has not been initialized or it is expired.
auto new_key = bssl::MakeUnique<TicketKey>();
if (!new_key) {
return 0;
return false;
}
RAND_bytes(new_key->name, 16);
RAND_bytes(new_key->hmac_key, 16);
@ -447,7 +447,7 @@ int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
ctx->ticket_key_prev.reset();
}
return 1;
return true;
}
static int ssl_encrypt_ticket_with_cipher_ctx(SSL_HANDSHAKE *hs, CBB *out,
@ -560,30 +560,28 @@ static int ssl_encrypt_ticket_with_method(SSL_HANDSHAKE *hs, CBB *out,
return 1;
}
int ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out,
bool ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out,
const SSL_SESSION *session) {
// Serialize the SSL_SESSION to be encoded into the ticket.
uint8_t *session_buf = NULL;
uint8_t *session_buf = nullptr;
size_t session_len;
if (!SSL_SESSION_to_bytes_for_ticket(session, &session_buf, &session_len)) {
return -1;
return false;
}
bssl::UniquePtr<uint8_t> free_session_buf(session_buf);
int ret = 0;
if (hs->ssl->session_ctx->ticket_aead_method) {
ret = ssl_encrypt_ticket_with_method(hs, out, session_buf, session_len);
return ssl_encrypt_ticket_with_method(hs, out, session_buf, session_len);
} else {
ret = ssl_encrypt_ticket_with_cipher_ctx(hs, out, session_buf, session_len);
return ssl_encrypt_ticket_with_cipher_ctx(hs, out, session_buf,
session_len);
}
OPENSSL_free(session_buf);
return ret;
}
int ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session) {
bool ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session) {
if (session == NULL) {
return 0;
return false;
}
return session->sid_ctx_length == hs->config->cert->sid_ctx_length &&
@ -591,9 +589,9 @@ int ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
hs->config->cert->sid_ctx_length) == 0;
}
int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
bool ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
if (session == NULL) {
return 0;
return false;
}
struct OPENSSL_timeval now;
@ -601,14 +599,14 @@ int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
// Reject tickets from the future to avoid underflow.
if (now.tv_sec < session->time) {
return 0;
return false;
}
return session->timeout > now.tv_sec - session->time;
}
int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session) {
bool ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session) {
const SSL *const ssl = hs->ssl;
return ssl_session_is_context_valid(hs, session) &&
// The session must have been created by the same type of end point as

Loading…
Cancel
Save