Convert a few more ints to bools in libssl.

There was even a bug where we returned -1 out of a function whose callers use !. Change-Id: Ic815ea9f013bcbca41ef84b9ffa9fb867f716aa6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58465 Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: Bob Beck <bbe@google.com>
2 years ago · 6e723e5b37
parent 502d24ca80
commit 6e723e5b37
3 changed files with 35 additions and 37 deletions
--- a/ssl/internal.h
+++ b/ssl/internal.h
@ -3132,8 +3132,9 @@ bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
                                       const EVP_PKEY *privkey);
 bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey);
 bool ssl_get_new_session(SSL_HANDSHAKE *hs);
-int ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out, const SSL_SESSION *session);
-int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx);
+bool ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out,
+                        const SSL_SESSION *session);
+bool ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx);

 // ssl_session_new returns a newly-allocated blank |SSL_SESSION| or nullptr on
 // error.
@ -3149,22 +3150,21 @@ OPENSSL_EXPORT UniquePtr<SSL_SESSION> SSL_SESSION_parse(
    CBS *cbs, const SSL_X509_METHOD *x509_method, CRYPTO_BUFFER_POOL *pool);

 // ssl_session_serialize writes |in| to |cbb| as if it were serialising a
-// session for Session-ID resumption. It returns one on success and zero on
+// session for Session-ID resumption. It returns true on success and false on
 // error.
-OPENSSL_EXPORT int ssl_session_serialize(const SSL_SESSION *in, CBB *cbb);
+OPENSSL_EXPORT bool ssl_session_serialize(const SSL_SESSION *in, CBB *cbb);

-// ssl_session_is_context_valid returns one if |session|'s session ID context
-// matches the one set on |hs| and zero otherwise.
-int ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
+// ssl_session_is_context_valid returns whether |session|'s session ID context
+// matches the one set on |hs|.
+bool ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
                                  const SSL_SESSION *session);

-// ssl_session_is_time_valid returns one if |session| is still valid and zero if
-// it has expired.
-int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session);
+// ssl_session_is_time_valid returns true if |session| is still valid and false
+// if it has expired.
+bool ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session);

-// ssl_session_is_resumable returns one if |session| is resumable for |hs| and
-// zero otherwise.
-int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
+// ssl_session_is_resumable returns whether |session| is resumable for |hs|.
+bool ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
                              const SSL_SESSION *session);

 // ssl_session_protocol_version returns the protocol version associated with
--- a/ssl/ssl_asn1.cc
+++ b/ssl/ssl_asn1.cc
@ -782,7 +782,7 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs,
  return ret;
 }

-int ssl_session_serialize(const SSL_SESSION *in, CBB *cbb) {
+bool ssl_session_serialize(const SSL_SESSION *in, CBB *cbb) {
  return SSL_SESSION_to_bytes_full(in, cbb, 0);
 }

--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@ -400,7 +400,7 @@ bool ssl_get_new_session(SSL_HANDSHAKE *hs) {
  return true;
 }

-int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
+bool ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
  OPENSSL_timeval now;
  ssl_ctx_get_current_time(ctx, &now);
  {
@ -412,7 +412,7 @@ int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
         ctx->ticket_key_current->next_rotation_tv_sec > now.tv_sec) &&
        (!ctx->ticket_key_prev ||
         ctx->ticket_key_prev->next_rotation_tv_sec > now.tv_sec)) {
-      return 1;
+      return true;
    }
  }

@ -423,7 +423,7 @@ int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
    // The current key has not been initialized or it is expired.
    auto new_key = bssl::MakeUnique<TicketKey>();
    if (!new_key) {
-      return 0;
+      return false;
    }
    RAND_bytes(new_key->name, 16);
    RAND_bytes(new_key->hmac_key, 16);
@ -447,7 +447,7 @@ int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx) {
    ctx->ticket_key_prev.reset();
  }

-  return 1;
+  return true;
 }

 static int ssl_encrypt_ticket_with_cipher_ctx(SSL_HANDSHAKE *hs, CBB *out,
@ -560,30 +560,28 @@ static int ssl_encrypt_ticket_with_method(SSL_HANDSHAKE *hs, CBB *out,
  return 1;
 }

-int ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out,
+bool ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out,
                       const SSL_SESSION *session) {
  // Serialize the SSL_SESSION to be encoded into the ticket.
-  uint8_t *session_buf = NULL;
+  uint8_t *session_buf = nullptr;
  size_t session_len;
  if (!SSL_SESSION_to_bytes_for_ticket(session, &session_buf, &session_len)) {
-    return -1;
+    return false;
  }
+  bssl::UniquePtr<uint8_t> free_session_buf(session_buf);

-  int ret = 0;
  if (hs->ssl->session_ctx->ticket_aead_method) {
-    ret = ssl_encrypt_ticket_with_method(hs, out, session_buf, session_len);
+    return ssl_encrypt_ticket_with_method(hs, out, session_buf, session_len);
  } else {
-    ret = ssl_encrypt_ticket_with_cipher_ctx(hs, out, session_buf, session_len);
+    return ssl_encrypt_ticket_with_cipher_ctx(hs, out, session_buf,
+                                              session_len);
  }
-
-  OPENSSL_free(session_buf);
-  return ret;
 }

-int ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
+bool ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
                                  const SSL_SESSION *session) {
  if (session == NULL) {
-    return 0;
+    return false;
  }

  return session->sid_ctx_length == hs->config->cert->sid_ctx_length &&
@ -591,9 +589,9 @@ int ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
                        hs->config->cert->sid_ctx_length) == 0;
 }

-int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
+bool ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
  if (session == NULL) {
-    return 0;
+    return false;
  }

  struct OPENSSL_timeval now;
@ -601,13 +599,13 @@ int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {

  // Reject tickets from the future to avoid underflow.
  if (now.tv_sec < session->time) {
-    return 0;
+    return false;
  }

  return session->timeout > now.tv_sec - session->time;
 }

-int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
+bool ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
                              const SSL_SESSION *session) {
  const SSL *const ssl = hs->ssl;
  return ssl_session_is_context_valid(hs, session) &&