diff --git a/ssl/internal.h b/ssl/internal.h index 97e3be1f..ac45d1fa 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -353,32 +353,31 @@ bool CBBFinishArray(CBB *cbb, Array *out); // compared numerically. // ssl_protocol_version_from_wire sets |*out| to the protocol version -// corresponding to wire version |version| and returns one. If |version| is not -// a valid TLS or DTLS version, it returns zero. +// corresponding to wire version |version| and returns true. If |version| is not +// a valid TLS or DTLS version, it returns false. // // Note this simultaneously handles both DTLS and TLS. Use one of the // higher-level functions below for most operations. -int ssl_protocol_version_from_wire(uint16_t *out, uint16_t version); +bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version); // ssl_get_version_range sets |*out_min_version| and |*out_max_version| to the // minimum and maximum enabled protocol versions, respectively. -int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version, - uint16_t *out_max_version); +bool ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version, + uint16_t *out_max_version); -// ssl_supports_version returns one if |hs| supports |version| and zero -// otherwise. -int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version); +// ssl_supports_version returns whether |hs| supports |version|. +bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version); // ssl_add_supported_versions writes the supported versions of |hs| to |cbb|, in // decreasing preference order. -int ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb); +bool ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb); // ssl_negotiate_version negotiates a common version based on |hs|'s preferences -// and the peer preference list in |peer_versions|. On success, it returns one -// and sets |*out_version| to the selected version. Otherwise, it returns zero +// and the peer preference list in |peer_versions|. On success, it returns true +// and sets |*out_version| to the selected version. Otherwise, it returns false // and sets |*out_alert| to an alert to send. -int ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, - uint16_t *out_version, const CBS *peer_versions); +bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, + uint16_t *out_version, const CBS *peer_versions); // ssl3_protocol_version returns |ssl|'s protocol version. It is an error to // call this function before the version is determined. diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc index 560d0cfe..c06a90e1 100644 --- a/ssl/ssl_versions.cc +++ b/ssl/ssl_versions.cc @@ -25,14 +25,14 @@ namespace bssl { -int ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { +bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { switch (version) { case SSL3_VERSION: case TLS1_VERSION: case TLS1_1_VERSION: case TLS1_2_VERSION: *out = version; - return 1; + return true; case TLS1_3_DRAFT_VERSION: case TLS1_3_EXPERIMENT_VERSION: @@ -40,19 +40,19 @@ int ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { case TLS1_3_EXPERIMENT3_VERSION: case TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION: *out = TLS1_3_VERSION; - return 1; + return true; case DTLS1_VERSION: // DTLS 1.0 is analogous to TLS 1.1, not TLS 1.0. *out = TLS1_1_VERSION; - return 1; + return true; case DTLS1_2_VERSION: *out = TLS1_2_VERSION; - return 1; + return true; default: - return 0; + return false; } } @@ -87,21 +87,21 @@ static void get_method_versions(const SSL_PROTOCOL_METHOD *method, } } -static int method_supports_version(const SSL_PROTOCOL_METHOD *method, - uint16_t version) { +static bool method_supports_version(const SSL_PROTOCOL_METHOD *method, + uint16_t version) { const uint16_t *versions; size_t num_versions; get_method_versions(method, &versions, &num_versions); for (size_t i = 0; i < num_versions; i++) { if (versions[i] == version) { - return 1; + return true; } } - return 0; + return false; } -static int set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out, - uint16_t version) { +static bool set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out, + uint16_t version) { // The public API uses wire versions, except we use |TLS1_3_VERSION| // everywhere to refer to any draft TLS 1.3 versions. In this direction, we // map it to some representative TLS 1.3 draft version. @@ -111,7 +111,7 @@ static int set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out, version == TLS1_3_EXPERIMENT3_VERSION || version == TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_SSL_VERSION); - return 0; + return false; } if (version == TLS1_3_VERSION) { version = TLS1_3_DRAFT_VERSION; @@ -120,30 +120,30 @@ static int set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out, if (!method_supports_version(method, version) || !ssl_protocol_version_from_wire(out, version)) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_SSL_VERSION); - return 0; + return false; } - return 1; + return true; } -static int set_min_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out, - uint16_t version) { +static bool set_min_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out, + uint16_t version) { // Zero is interpreted as the default minimum version. if (version == 0) { // SSL 3.0 is disabled by default and TLS 1.0 does not exist in DTLS. *out = method->is_dtls ? TLS1_1_VERSION : TLS1_VERSION; - return 1; + return true; } return set_version_bound(method, out, version); } -static int set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out, - uint16_t version) { +static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out, + uint16_t version) { // Zero is interpreted as the default maximum version. if (version == 0) { *out = TLS1_2_VERSION; - return 1; + return true; } return set_version_bound(method, out, version); @@ -160,8 +160,8 @@ const struct { {TLS1_3_VERSION, SSL_OP_NO_TLSv1_3}, }; -int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version, - uint16_t *out_max_version) { +bool ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version, + uint16_t *out_max_version) { // For historical reasons, |SSL_OP_NO_DTLSv1| aliases |SSL_OP_NO_TLSv1|, but // DTLS 1.0 should be mapped to TLS 1.1. uint32_t options = ssl->options; @@ -185,7 +185,7 @@ int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version, // as a min/max range by picking the lowest contiguous non-empty range of // enabled protocols. Note that this means it is impossible to set a maximum // version of the higest supported TLS version in a future-proof way. - int any_enabled = 0; + bool any_enabled = false; for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kProtocolVersions); i++) { // Only look at the versions already enabled. if (min_version > kProtocolVersions[i].version) { @@ -198,7 +198,7 @@ int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version, if (!(options & kProtocolVersions[i].flag)) { // The minimum version is the first enabled version. if (!any_enabled) { - any_enabled = 1; + any_enabled = true; min_version = kProtocolVersions[i].version; } continue; @@ -214,12 +214,12 @@ int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version, if (!any_enabled) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SUPPORTED_VERSIONS_ENABLED); - return 0; + return false; } *out_min_version = min_version; *out_max_version = max_version; - return 1; + return true; } static uint16_t ssl_version(const SSL *ssl) { @@ -275,7 +275,7 @@ uint16_t ssl3_protocol_version(const SSL *ssl) { return version; } -int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) { +bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) { SSL *const ssl = hs->ssl; // As a client, only allow the configured TLS 1.3 variant. As a server, // support all TLS 1.3 variants as long as tls13_variant is set to a @@ -286,7 +286,7 @@ int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) { version == TLS1_3_EXPERIMENT2_VERSION || version == TLS1_3_EXPERIMENT3_VERSION || version == TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION)) { - return 0; + return false; } } else { if ((ssl->tls13_variant != tls13_experiment && @@ -300,7 +300,7 @@ int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) { version == TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION) || (ssl->tls13_variant != tls13_default && version == TLS1_3_DRAFT_VERSION)) { - return 0; + return false; } } @@ -311,21 +311,21 @@ int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) { protocol_version <= hs->max_version; } -int ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb) { +bool ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb) { const uint16_t *versions; size_t num_versions; get_method_versions(hs->ssl->method, &versions, &num_versions); for (size_t i = 0; i < num_versions; i++) { if (ssl_supports_version(hs, versions[i]) && !CBB_add_u16(cbb, versions[i])) { - return 0; + return false; } } - return 1; + return true; } -int ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, - uint16_t *out_version, const CBS *peer_versions) { +bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, + uint16_t *out_version, const CBS *peer_versions) { const uint16_t *versions; size_t num_versions; get_method_versions(hs->ssl->method, &versions, &num_versions); @@ -340,19 +340,19 @@ int ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, if (!CBS_get_u16(©, &version)) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); *out_alert = SSL_AD_DECODE_ERROR; - return 0; + return false; } if (version == versions[i]) { *out_version = version; - return 1; + return true; } } } OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL); *out_alert = SSL_AD_PROTOCOL_VERSION; - return 0; + return false; } bool ssl_is_resumption_experiment(uint16_t version) {