From 610cdbb10265cf66cd111e547117897f6d105a80 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Mon, 22 Jan 2018 19:08:38 -0500
Subject: [PATCH] Switch some ints to bools and Spans.

Change-Id: I505b29ae20fb660229900c4e046a0b1e5606d02c
Reviewed-on: https://boringssl-review.googlesource.com/25164
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
---
 ssl/internal.h | 25 ++++++++++++------------
 ssl/t1_lib.cc  | 53 +++++++++++++++++++++++++-------------------------
 2 files changed, 40 insertions(+), 38 deletions(-)

diff --git a/ssl/internal.h b/ssl/internal.h
index d4f0e3fc..441f62f9 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1677,28 +1677,29 @@ uint16_t ssl_get_grease_value(SSL_HANDSHAKE *hs, enum ssl_grease_index_t index);
 // Signature algorithms.
 
 // tls1_parse_peer_sigalgs parses |sigalgs| as the list of peer signature
-// algorithms and saves them on |hs|. It returns one on success and zero on
+// algorithms and saves them on |hs|. It returns true on success and false on
 // error.
-int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *sigalgs);
+bool tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *sigalgs);
 
 // tls1_get_legacy_signature_algorithm sets |*out| to the signature algorithm
-// that should be used with |pkey| in TLS 1.1 and earlier. It returns one on
-// success and zero if |pkey| may not be used at those versions.
-int tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey);
+// that should be used with |pkey| in TLS 1.1 and earlier. It returns true on
+// success and false if |pkey| may not be used at those versions.
+bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey);
 
 // tls1_choose_signature_algorithm sets |*out| to a signature algorithm for use
 // with |hs|'s private key based on the peer's preferences and the algorithms
-// supported. It returns one on success and zero on error.
-int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out);
+// supported. It returns true on success and false on error.
+bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out);
 
 // tls12_add_verify_sigalgs adds the signature algorithms acceptable for the
-// peer signature to |out|. It returns one on success and zero on error.
-int tls12_add_verify_sigalgs(const SSL *ssl, CBB *out);
+// peer signature to |out|. It returns true on success and false on error.
+bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out);
 
 // tls12_check_peer_sigalg checks if |sigalg| is acceptable for the peer
-// signature. It returns one on success and zero on error, setting |*out_alert|
-// to an alert to send.
-int tls12_check_peer_sigalg(SSL *ssl, uint8_t *out_alert, uint16_t sigalg);
+// signature. It returns true on success and false on error, setting
+// |*out_alert| to an alert to send.
+bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
+                             uint16_t sigalg);
 
 
 // Underdocumented functions.
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index de024768..4303d4e0 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -464,29 +464,30 @@ static const uint16_t kSignSignatureAlgorithms[] = {
     SSL_SIGN_RSA_PKCS1_SHA1,
 };
 
-int tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
-  const uint16_t *sigalgs = kVerifySignatureAlgorithms;
-  size_t num_sigalgs = OPENSSL_ARRAY_SIZE(kVerifySignatureAlgorithms);
-  if (ssl->ctx->num_verify_sigalgs != 0) {
-    sigalgs = ssl->ctx->verify_sigalgs;
-    num_sigalgs = ssl->ctx->num_verify_sigalgs;
+bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
+  bool use_default = ssl->ctx->num_verify_sigalgs == 0;
+  Span<const uint16_t> sigalgs = kVerifySignatureAlgorithms;
+  if (!use_default) {
+    sigalgs = MakeConstSpan(ssl->ctx->verify_sigalgs,
+                            ssl->ctx->num_verify_sigalgs);
   }
 
-  for (size_t i = 0; i < num_sigalgs; i++) {
-    if (sigalgs == kVerifySignatureAlgorithms &&
-        sigalgs[i] == SSL_SIGN_ED25519 &&
+  for (uint16_t sigalg : sigalgs) {
+    if (use_default &&
+        sigalg == SSL_SIGN_ED25519 &&
         !ssl->ctx->ed25519_enabled) {
       continue;
     }
-    if (!CBB_add_u16(out, sigalgs[i])) {
-      return 0;
+    if (!CBB_add_u16(out, sigalg)) {
+      return false;
     }
   }
 
-  return 1;
+  return true;
 }
 
-int tls12_check_peer_sigalg(SSL *ssl, uint8_t *out_alert, uint16_t sigalg) {
+bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
+                             uint16_t sigalg) {
   const uint16_t *sigalgs = kVerifySignatureAlgorithms;
   size_t num_sigalgs = OPENSSL_ARRAY_SIZE(kVerifySignatureAlgorithms);
   if (ssl->ctx->num_verify_sigalgs != 0) {
@@ -501,13 +502,13 @@ int tls12_check_peer_sigalg(SSL *ssl, uint8_t *out_alert, uint16_t sigalg) {
       continue;
     }
     if (sigalg == sigalgs[i]) {
-      return 1;
+      return true;
     }
   }
 
   OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
   *out_alert = SSL_AD_ILLEGAL_PARAMETER;
-  return 0;
+  return false;
 }
 
 // tls_extension represents a TLS extension that is handled internally. The
@@ -3369,29 +3370,29 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
   return ssl_ticket_aead_success;
 }
 
-int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
+bool tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
   // Extension ignored for inappropriate versions
   if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) {
-    return 1;
+    return true;
   }
 
   return parse_u16_array(in_sigalgs, &hs->peer_sigalgs);
 }
 
-int tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) {
+bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) {
   switch (EVP_PKEY_id(pkey)) {
     case EVP_PKEY_RSA:
       *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
-      return 1;
+      return true;
     case EVP_PKEY_EC:
       *out = SSL_SIGN_ECDSA_SHA1;
-      return 1;
+      return true;
     default:
-      return 0;
+      return false;
   }
 }
 
-int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
+bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
   SSL *const ssl = hs->ssl;
   CERT *cert = ssl->cert;
 
@@ -3400,9 +3401,9 @@ int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
   if (ssl_protocol_version(ssl) < TLS1_2_VERSION) {
     if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) {
       OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
-      return 0;
+      return false;
     }
-    return 1;
+    return true;
   }
 
   Span<const uint16_t> sigalgs = kSignSignatureAlgorithms;
@@ -3431,13 +3432,13 @@ int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
     for (uint16_t peer_sigalg : peer_sigalgs) {
       if (sigalg == peer_sigalg) {
         *out = sigalg;
-        return 1;
+        return true;
       }
     }
   }
 
   OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
-  return 0;
+  return false;
 }
 
 int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {