kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

int to bool in ssl_versions.cc.

Browse Source 
Bug: 132
Change-Id: I1d6cd1dd7470a3f64ec91b954042ed3f8c6b561e
Reviewed-on: https://boringssl-review.googlesource.com/20825
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
This commit is contained in:
David Benjamin 2017-09-27 19:24:09 -04:00
parent 63a0797ff2
commit ed9aed1ac6
2 changed files with 50 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ssl/internal.h
View File

@ -353,32 +353,31 @@ bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out);
// compared numerically.
// ssl_protocol_version_from_wire sets |*out| to the protocol version
// corresponding to wire version |version| and returns one. If |version| is not
// a valid TLS or DTLS version, it returns zero.
// corresponding to wire version |version| and returns true. If |version| is not
// a valid TLS or DTLS version, it returns false.
//
// Note this simultaneously handles both DTLS and TLS. Use one of the
// higher-level functions below for most operations.
int ssl_protocol_version_from_wire(uint16_t *out, uint16_t version);
bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version);
// ssl_get_version_range sets |*out_min_version| and |*out_max_version| to the
// minimum and maximum enabled protocol versions, respectively.
int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
uint16_t *out_max_version);
bool ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
uint16_t *out_max_version);
// ssl_supports_version returns one if |hs| supports |version| and zero
// otherwise.
int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version);
// ssl_supports_version returns whether |hs| supports |version|.
bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version);
// ssl_add_supported_versions writes the supported versions of |hs| to |cbb|, in
// decreasing preference order.
int ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb);
bool ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb);
// ssl_negotiate_version negotiates a common version based on |hs|'s preferences
// and the peer preference list in |peer_versions|. On success, it returns one
// and sets |*out_version| to the selected version. Otherwise, it returns zero
// and the peer preference list in |peer_versions|. On success, it returns true
// and sets |*out_version| to the selected version. Otherwise, it returns false
// and sets |*out_alert| to an alert to send.
int ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
uint16_t *out_version, const CBS *peer_versions);
bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
uint16_t *out_version, const CBS *peer_versions);
// ssl3_protocol_version returns |ssl|'s protocol version. It is an error to
// call this function before the version is determined.

76
ssl/ssl_versions.cc
View File

@ -25,14 +25,14 @@
namespace bssl {
int ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
switch (version) {
case SSL3_VERSION:
case TLS1_VERSION:
case TLS1_1_VERSION:
case TLS1_2_VERSION:
*out = version;
return 1;
return true;
case TLS1_3_DRAFT_VERSION:
case TLS1_3_EXPERIMENT_VERSION:
@ -40,19 +40,19 @@ int ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
case TLS1_3_EXPERIMENT3_VERSION:
case TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION:
*out = TLS1_3_VERSION;
return 1;
return true;
case DTLS1_VERSION:
// DTLS 1.0 is analogous to TLS 1.1, not TLS 1.0.
*out = TLS1_1_VERSION;
return 1;
return true;
case DTLS1_2_VERSION:
*out = TLS1_2_VERSION;
return 1;
return true;
default:
return 0;
return false;
}
}
@ -87,21 +87,21 @@ static void get_method_versions(const SSL_PROTOCOL_METHOD *method,
}
}
static int method_supports_version(const SSL_PROTOCOL_METHOD *method,
uint16_t version) {
static bool method_supports_version(const SSL_PROTOCOL_METHOD *method,
uint16_t version) {
const uint16_t *versions;
size_t num_versions;
get_method_versions(method, &versions, &num_versions);
for (size_t i = 0; i < num_versions; i++) {
if (versions[i] == version) {
return 1;
return true;
}
}
return 0;
return false;
}
static int set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
uint16_t version) {
static bool set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
uint16_t version) {
// The public API uses wire versions, except we use |TLS1_3_VERSION|
// everywhere to refer to any draft TLS 1.3 versions. In this direction, we
// map it to some representative TLS 1.3 draft version.
@ -111,7 +111,7 @@ static int set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
version == TLS1_3_EXPERIMENT3_VERSION ||
version == TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_SSL_VERSION);
return 0;
return false;
}
if (version == TLS1_3_VERSION) {
version = TLS1_3_DRAFT_VERSION;
@ -120,30 +120,30 @@ static int set_version_bound(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
if (!method_supports_version(method, version) ||
!ssl_protocol_version_from_wire(out, version)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_SSL_VERSION);
return 0;
return false;
}
return 1;
return true;
}
static int set_min_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
uint16_t version) {
static bool set_min_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
uint16_t version) {
// Zero is interpreted as the default minimum version.
if (version == 0) {
// SSL 3.0 is disabled by default and TLS 1.0 does not exist in DTLS.
*out = method->is_dtls ? TLS1_1_VERSION : TLS1_VERSION;
return 1;
return true;
}
return set_version_bound(method, out, version);
}
static int set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
uint16_t version) {
static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
uint16_t version) {
// Zero is interpreted as the default maximum version.
if (version == 0) {
*out = TLS1_2_VERSION;
return 1;
return true;
}
return set_version_bound(method, out, version);
@ -160,8 +160,8 @@ const struct {
{TLS1_3_VERSION, SSL_OP_NO_TLSv1_3},
};
int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
uint16_t *out_max_version) {
bool ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
uint16_t *out_max_version) {
// For historical reasons, |SSL_OP_NO_DTLSv1| aliases |SSL_OP_NO_TLSv1|, but
// DTLS 1.0 should be mapped to TLS 1.1.
uint32_t options = ssl->options;
@ -185,7 +185,7 @@ int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
// as a min/max range by picking the lowest contiguous non-empty range of
// enabled protocols. Note that this means it is impossible to set a maximum
// version of the higest supported TLS version in a future-proof way.
int any_enabled = 0;
bool any_enabled = false;
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kProtocolVersions); i++) {
// Only look at the versions already enabled.
if (min_version > kProtocolVersions[i].version) {
@ -198,7 +198,7 @@ int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
if (!(options & kProtocolVersions[i].flag)) {
// The minimum version is the first enabled version.
if (!any_enabled) {
any_enabled = 1;
any_enabled = true;
min_version = kProtocolVersions[i].version;
}
continue;
@ -214,12 +214,12 @@ int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
if (!any_enabled) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SUPPORTED_VERSIONS_ENABLED);
return 0;
return false;
}
*out_min_version = min_version;
*out_max_version = max_version;
return 1;
return true;
}
static uint16_t ssl_version(const SSL *ssl) {
@ -275,7 +275,7 @@ uint16_t ssl3_protocol_version(const SSL *ssl) {
return version;
}
int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
SSL *const ssl = hs->ssl;
// As a client, only allow the configured TLS 1.3 variant. As a server,
// support all TLS 1.3 variants as long as tls13_variant is set to a
@ -286,7 +286,7 @@ int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
version == TLS1_3_EXPERIMENT2_VERSION ||
version == TLS1_3_EXPERIMENT3_VERSION ||
version == TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION)) {
return 0;
return false;
}
} else {
if ((ssl->tls13_variant != tls13_experiment &&
@ -300,7 +300,7 @@ int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
version == TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION) ||
(ssl->tls13_variant != tls13_default &&
version == TLS1_3_DRAFT_VERSION)) {
return 0;
return false;
}
}
@ -311,21 +311,21 @@ int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
protocol_version <= hs->max_version;
}
int ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb) {
bool ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb) {
const uint16_t *versions;
size_t num_versions;
get_method_versions(hs->ssl->method, &versions, &num_versions);
for (size_t i = 0; i < num_versions; i++) {
if (ssl_supports_version(hs, versions[i]) &&
!CBB_add_u16(cbb, versions[i])) {
return 0;
return false;
}
}
return 1;
return true;
}
int ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
uint16_t *out_version, const CBS *peer_versions) {
bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
uint16_t *out_version, const CBS *peer_versions) {
const uint16_t *versions;
size_t num_versions;
get_method_versions(hs->ssl->method, &versions, &num_versions);
@ -340,19 +340,19 @@ int ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
if (!CBS_get_u16(&copy, &version)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
*out_alert = SSL_AD_DECODE_ERROR;
return 0;
return false;
}
if (version == versions[i]) {
*out_version = version;
return 1;
return true;
}
}
}
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL);
*out_alert = SSL_AD_PROTOCOL_VERSION;
return 0;
return false;
}
bool ssl_is_resumption_experiment(uint16_t version) {