external/boringssl: Sync to 689019fe40d5ad94df46ffeebcd794ff359a7074.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/67e64342c1aa0b31b0b5c11e5ee21c481ce530e8..689019fe40d5ad94df46ffeebcd794ff359a7074
Test: BoringSSL CTS Presubmits
Change-Id: Ib675c5478b0e45270e31248d1dadc5f4841da990
diff --git a/src/ssl/CMakeLists.txt b/src/ssl/CMakeLists.txt
index 6881089..d6c1294 100644
--- a/src/ssl/CMakeLists.txt
+++ b/src/ssl/CMakeLists.txt
@@ -41,6 +41,8 @@
tls13_server.cc
)
+add_dependencies(ssl global_target)
+
target_link_libraries(ssl crypto)
add_executable(
@@ -53,6 +55,8 @@
$<TARGET_OBJECTS:test_support>
)
+add_dependencies(ssl_test global_target)
+
target_link_libraries(ssl_test ssl crypto boringssl_gtest)
if(WIN32)
target_link_libraries(ssl_test ws2_32)
diff --git a/src/ssl/d1_both.cc b/src/ssl/d1_both.cc
index f22a498..3f7739e 100644
--- a/src/ssl/d1_both.cc
+++ b/src/ssl/d1_both.cc
@@ -127,7 +127,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// TODO(davidben): 28 comes from the size of IP + UDP header. Is this reasonable
// for these values? Notably, why is kMinMTU a function of the transport
@@ -848,4 +848,4 @@
return kMinMTU;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/d1_lib.cc b/src/ssl/d1_lib.cc
index d73e538..0e0b211 100644
--- a/src/ssl/d1_lib.cc
+++ b/src/ssl/d1_lib.cc
@@ -68,7 +68,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire
// before starting to decrease the MTU.
@@ -187,7 +187,7 @@
return true;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/d1_pkt.cc b/src/ssl/d1_pkt.cc
index a694c5f..be595b0 100644
--- a/src/ssl/d1_pkt.cc
+++ b/src/ssl/d1_pkt.cc
@@ -126,7 +126,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
ssl_open_record_t dtls1_open_app_data(SSL *ssl, Span<uint8_t> *out,
size_t *out_consumed, uint8_t *out_alert,
@@ -271,4 +271,4 @@
return 1;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/dtls_record.cc b/src/ssl/dtls_record.cc
index d348601..992fb52 100644
--- a/src/ssl/dtls_record.cc
+++ b/src/ssl/dtls_record.cc
@@ -121,7 +121,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// to_u64_be treats |in| as a 8-byte big-endian integer and returns the value as
// a |uint64_t|.
@@ -137,13 +137,13 @@
// dtls1_bitmap_should_discard returns one if |seq_num| has been seen in
// |bitmap| or is stale. Otherwise it returns zero.
-static int dtls1_bitmap_should_discard(DTLS1_BITMAP *bitmap,
- const uint8_t seq_num[8]) {
+static bool dtls1_bitmap_should_discard(DTLS1_BITMAP *bitmap,
+ const uint8_t seq_num[8]) {
const unsigned kWindowSize = sizeof(bitmap->map) * 8;
uint64_t seq_num_u = to_u64_be(seq_num);
if (seq_num_u > bitmap->max_seq_num) {
- return 0;
+ return false;
}
uint64_t idx = bitmap->max_seq_num - seq_num_u;
return idx >= kWindowSize || (bitmap->map & (((uint64_t)1) << idx));
@@ -291,14 +291,14 @@
get_write_aead(ssl, use_epoch)->ExplicitNonceLen();
}
-int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
- uint8_t type, const uint8_t *in, size_t in_len,
- enum dtls1_use_epoch_t use_epoch) {
+bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
+ uint8_t type, const uint8_t *in, size_t in_len,
+ enum dtls1_use_epoch_t use_epoch) {
const size_t prefix = dtls_seal_prefix_len(ssl, use_epoch);
if (buffers_alias(in, in_len, out, max_out) &&
(max_out < prefix || out + prefix != in)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
- return 0;
+ return false;
}
// Determine the parameters for the current epoch.
@@ -314,7 +314,7 @@
if (max_out < DTLS1_RT_HEADER_LENGTH) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
- return 0;
+ return false;
}
out[0] = type;
@@ -330,7 +330,7 @@
size_t ciphertext_len;
if (!aead->CiphertextLen(&ciphertext_len, in_len, 0)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE);
- return 0;
+ return false;
}
out[11] = ciphertext_len >> 8;
out[12] = ciphertext_len & 0xff;
@@ -341,13 +341,13 @@
max_out - DTLS1_RT_HEADER_LENGTH, type, record_version,
&out[3] /* seq */, header, in, in_len) ||
!ssl_record_sequence_update(&seq[2], 6)) {
- return 0;
+ return false;
}
assert(ciphertext_len == len_copy);
*out_len = DTLS1_RT_HEADER_LENGTH + ciphertext_len;
ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, header);
- return 1;
+ return true;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/handoff.cc b/src/ssl/handoff.cc
index 68cac5b..a47b7c1 100644
--- a/src/ssl/handoff.cc
+++ b/src/ssl/handoff.cc
@@ -19,7 +19,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
constexpr int kHandoffVersion = 0;
constexpr int kHandbackVersion = 0;
@@ -359,4 +359,4 @@
return CBS_len(&seq) == 0;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/handshake.cc b/src/ssl/handshake.cc
index 8e5c62c..963038f 100644
--- a/src/ssl/handshake.cc
+++ b/src/ssl/handshake.cc
@@ -122,7 +122,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
: ssl(ssl_arg),
@@ -667,4 +667,4 @@
}
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc
index 9f9e483..ae96bcf 100644
--- a/src/ssl/handshake_client.cc
+++ b/src/ssl/handshake_client.cc
@@ -166,12 +166,13 @@
#include <openssl/md5.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
+#include <openssl/sha.h>
#include "../crypto/internal.h"
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
enum ssl_client_hs_state_t {
state_start_connect = 0,
@@ -212,20 +213,20 @@
}
}
-static int ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) {
+static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
uint32_t mask_a, mask_k;
ssl_get_client_disabled(hs, &mask_a, &mask_k);
CBB child;
if (!CBB_add_u16_length_prefixed(out, &child)) {
- return 0;
+ return false;
}
// Add a fake cipher suite. See draft-davidben-tls-grease-01.
if (ssl->ctx->grease_enabled &&
!CBB_add_u16(&child, ssl_get_grease_value(hs, ssl_grease_cipher))) {
- return 0;
+ return false;
}
// Add TLS 1.3 ciphers. Order ChaCha20-Poly1305 relative to AES-GCM based on
@@ -233,20 +234,20 @@
if (hs->max_version >= TLS1_3_VERSION) {
if (!EVP_has_aes_hardware() &&
!CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
- return 0;
+ return false;
}
if (!CBB_add_u16(&child, TLS1_CK_AES_128_GCM_SHA256 & 0xffff) ||
!CBB_add_u16(&child, TLS1_CK_AES_256_GCM_SHA384 & 0xffff)) {
- return 0;
+ return false;
}
if (EVP_has_aes_hardware() &&
!CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
- return 0;
+ return false;
}
}
if (hs->min_version < TLS1_3_VERSION) {
- int any_enabled = 0;
+ bool any_enabled = false;
for (const SSL_CIPHER *cipher : SSL_get_ciphers(ssl)) {
// Skip disabled ciphers
if ((cipher->algorithm_mkey & mask_k) ||
@@ -257,53 +258,53 @@
SSL_CIPHER_get_max_version(cipher) < hs->min_version) {
continue;
}
- any_enabled = 1;
+ any_enabled = true;
if (!CBB_add_u16(&child, ssl_cipher_get_value(cipher))) {
- return 0;
+ return false;
}
}
// If all ciphers were disabled, return the error to the caller.
if (!any_enabled && hs->max_version < TLS1_3_VERSION) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHERS_AVAILABLE);
- return 0;
+ return false;
}
}
if (ssl->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
if (!CBB_add_u16(&child, SSL3_CK_FALLBACK_SCSV & 0xffff)) {
- return 0;
+ return false;
}
}
return CBB_flush(out);
}
-int ssl_write_client_hello(SSL_HANDSHAKE *hs) {
+bool ssl_write_client_hello(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
ScopedCBB cbb;
CBB body;
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO)) {
- return 0;
+ return false;
}
CBB child;
if (!CBB_add_u16(&body, hs->client_version) ||
!CBB_add_bytes(&body, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
!CBB_add_u8_length_prefixed(&body, &child)) {
- return 0;
+ return false;
}
// Do not send a session ID on renegotiation.
if (!ssl->s3->initial_handshake_complete &&
!CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) {
- return 0;
+ return false;
}
if (SSL_is_dtls(ssl)) {
if (!CBB_add_u8_length_prefixed(&body, &child) ||
!CBB_add_bytes(&child, ssl->d1->cookie, ssl->d1->cookie_len)) {
- return 0;
+ return false;
}
}
@@ -313,19 +314,19 @@
!CBB_add_u8(&body, 1 /* one compression method */) ||
!CBB_add_u8(&body, 0 /* null compression */) ||
!ssl_add_clienthello_tlsext(hs, &body, header_len + CBB_len(&body))) {
- return 0;
+ return false;
}
Array<uint8_t> msg;
if (!ssl->method->finish_message(ssl, cbb.get(), &msg)) {
- return 0;
+ return false;
}
// Now that the length prefixes have been computed, fill in the placeholder
// PSK binder.
if (hs->needs_psk_binder &&
!tls13_write_psk_binder(hs, msg.data(), msg.size())) {
- return 0;
+ return false;
}
return ssl->method->add_message(ssl, std::move(msg));
@@ -607,7 +608,7 @@
}
}
- if (!ssl->s3->initial_handshake_complete && ssl->session != NULL &&
+ if (!ssl->s3->initial_handshake_complete && ssl->session != nullptr &&
ssl->session->session_id_length != 0 &&
CBS_mem_equal(&session_id, ssl->session->session_id,
ssl->session->session_id_length)) {
@@ -1606,14 +1607,11 @@
}
session->ticket_lifetime_hint = ticket_lifetime_hint;
- // Generate a session ID for this session based on the session ticket. We use
- // the session ID mechanism for detecting ticket resumption. This also fits in
- // with assumptions elsewhere in OpenSSL.
- if (!EVP_Digest(CBS_data(&ticket), CBS_len(&ticket),
- session->session_id, &session->session_id_length,
- EVP_sha256(), NULL)) {
- return ssl_hs_error;
- }
+ // Generate a session ID for this session. Some callers expect all sessions to
+ // have a session ID. Additionally, it acts as the session ID to signal
+ // resumption.
+ SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id);
+ session->session_id_length = SHA256_DIGEST_LENGTH;
if (renewed_session) {
session->not_resumable = false;
@@ -1822,4 +1820,4 @@
return "TLS client unknown";
}
-}
+BSSL_NAMESPACE_END
diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index f0ed0d8..c546088 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc
@@ -170,7 +170,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
bool ssl_client_cipher_list_contains_cipher(
const SSL_CLIENT_HELLO *client_hello, uint16_t id) {
@@ -1626,4 +1626,4 @@
return "TLS server unknown";
}
-}
+BSSL_NAMESPACE_END
diff --git a/src/ssl/internal.h b/src/ssl/internal.h
index 087f5fb..7ba23ef 100644
--- a/src/ssl/internal.h
+++ b/src/ssl/internal.h
@@ -173,7 +173,7 @@
#endif
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
struct SSL_CONFIG;
struct SSL_HANDSHAKE;
@@ -414,7 +414,7 @@
// Cipher suites.
-} // namespace bssl
+BSSL_NAMESPACE_END
struct ssl_cipher_st {
// name is the OpenSSL name for the cipher.
@@ -432,7 +432,7 @@
uint32_t algorithm_prf;
};
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// Bits for |algorithm_mkey| (key exchange algorithm).
#define SSL_kRSA 0x00000001u
@@ -522,7 +522,7 @@
bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
size_t *out_mac_secret_len,
size_t *out_fixed_iv_len, const SSL_CIPHER *cipher,
- uint16_t version, int is_dtls);
+ uint16_t version, bool is_dtls);
// ssl_get_handshake_digest returns the |EVP_MD| corresponding to |version| and
// |cipher|.
@@ -659,7 +659,7 @@
// resulting object, depending on |direction|. |version| is the normalized
// protocol version, so DTLS 1.0 is represented as 0x0301, not 0xffef.
static UniquePtr<SSLAEADContext> Create(enum evp_aead_direction_t direction,
- uint16_t version, int is_dtls,
+ uint16_t version, bool is_dtls,
const SSL_CIPHER *cipher,
Span<const uint8_t> enc_key,
Span<const uint8_t> mac_key,
@@ -797,8 +797,8 @@
// Record layer.
// ssl_record_sequence_update increments the sequence number in |seq|. It
-// returns one on success and zero on wraparound.
-int ssl_record_sequence_update(uint8_t *seq, size_t seq_len);
+// returns true on success and false on wraparound.
+bool ssl_record_sequence_update(uint8_t *seq, size_t seq_len);
// ssl_record_prefix_len returns the length of the prefix before the ciphertext
// of a record for |ssl|.
@@ -863,9 +863,9 @@
size_t ssl_seal_align_prefix_len(const SSL *ssl);
// tls_seal_record seals a new record of type |type| and body |in| and writes it
-// to |out|. At most |max_out| bytes will be written. It returns one on success
-// and zero on error. If enabled, |tls_seal_record| implements TLS 1.0 CBC 1/n-1
-// record splitting and may write two records concatenated.
+// to |out|. At most |max_out| bytes will be written. It returns true on success
+// and false on error. If enabled, |tls_seal_record| implements TLS 1.0 CBC
+// 1/n-1 record splitting and may write two records concatenated.
//
// For a large record, the bulk of the ciphertext will begin
// |ssl_seal_align_prefix_len| bytes into out. Aligning |out| appropriately may
@@ -873,8 +873,8 @@
// bytes to |out|.
//
// |in| and |out| may not alias.
-int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
- uint8_t type, const uint8_t *in, size_t in_len);
+bool tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
+ uint8_t type, const uint8_t *in, size_t in_len);
enum dtls1_use_epoch_t {
dtls1_use_previous_epoch,
@@ -893,9 +893,9 @@
// which epoch's cipher state to use. Unlike |tls_seal_record|, |in| and |out|
// may alias but, if they do, |in| must be exactly |dtls_seal_prefix_len| bytes
// ahead of |out|.
-int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
- uint8_t type, const uint8_t *in, size_t in_len,
- enum dtls1_use_epoch_t use_epoch);
+bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
+ uint8_t type, const uint8_t *in, size_t in_len,
+ enum dtls1_use_epoch_t use_epoch);
// ssl_process_alert processes |in| as an alert and updates |ssl|'s shutdown
// state. It returns one of |ssl_open_record_discard|, |ssl_open_record_error|,
@@ -907,9 +907,8 @@
// Private key operations.
-// ssl_has_private_key returns one if |cfg| has a private key configured and
-// zero otherwise.
-int ssl_has_private_key(const SSL_CONFIG *cfg);
+// ssl_has_private_key returns whether |cfg| has a private key configured.
+bool ssl_has_private_key(const SSL_CONFIG *cfg);
// ssl_private_key_* perform the corresponding operation on
// |SSL_PRIVATE_KEY_METHOD|. If there is a custom private key configured, they
@@ -990,14 +989,14 @@
};
// ssl_nid_to_group_id looks up the group corresponding to |nid|. On success, it
-// sets |*out_group_id| to the group ID and returns one. Otherwise, it returns
-// zero.
-int ssl_nid_to_group_id(uint16_t *out_group_id, int nid);
+// sets |*out_group_id| to the group ID and returns true. Otherwise, it returns
+// false.
+bool ssl_nid_to_group_id(uint16_t *out_group_id, int nid);
-// ssl_name_to_group_id looks up the group corresponding to the |name| string
-// of length |len|. On success, it sets |*out_group_id| to the group ID and
-// returns one. Otherwise, it returns zero.
-int ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len);
+// ssl_name_to_group_id looks up the group corresponding to the |name| string of
+// length |len|. On success, it sets |*out_group_id| to the group ID and returns
+// true. Otherwise, it returns false.
+bool ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len);
// Handshake messages.
@@ -1146,9 +1145,9 @@
// Certificate functions.
-// ssl_has_certificate returns one if a certificate and private key are
-// configured and zero otherwise.
-int ssl_has_certificate(const SSL_CONFIG *cfg);
+// ssl_has_certificate returns whether a certificate and private key are
+// configured.
+bool ssl_has_certificate(const SSL_CONFIG *cfg);
// ssl_parse_cert_chain parses a certificate list from |cbs| in the format used
// by a TLS Certificate message. On success, it advances |cbs| and returns
@@ -1169,14 +1168,14 @@
// ssl_add_cert_chain adds |hs->ssl|'s certificate chain to |cbb| in the format
// used by a TLS Certificate message. If there is no certificate chain, it emits
-// an empty certificate list. It returns one on success and zero on error.
-int ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb);
+// an empty certificate list. It returns true on success and false on error.
+bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb);
// ssl_cert_check_digital_signature_key_usage parses the DER-encoded, X.509
-// certificate in |in| and returns one if doesn't specify a key usage or, if it
-// does, if it includes digitalSignature. Otherwise it pushes to the error
-// queue and returns zero.
-int ssl_cert_check_digital_signature_key_usage(const CBS *in);
+// certificate in |in| and returns true if doesn't specify a key usage or, if it
+// does, if it includes digitalSignature. Otherwise it pushes to the error queue
+// and returns false.
+bool ssl_cert_check_digital_signature_key_usage(const CBS *in);
// ssl_cert_parse_pubkey extracts the public key from the DER-encoded, X.509
// certificate in |in|. It returns an allocated |EVP_PKEY| or else returns
@@ -1195,80 +1194,80 @@
bool ssl_has_client_CAs(const SSL_CONFIG *cfg);
// ssl_add_client_CA_list adds the configured CA list to |cbb| in the format
-// used by a TLS CertificateRequest message. It returns one on success and zero
-// on error.
-int ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb);
+// used by a TLS CertificateRequest message. It returns true on success and
+// false on error.
+bool ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb);
// ssl_check_leaf_certificate returns one if |pkey| and |leaf| are suitable as
// a server's leaf certificate for |hs|. Otherwise, it returns zero and pushes
// an error on the error queue.
-int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
+bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
const CRYPTO_BUFFER *leaf);
// ssl_on_certificate_selected is called once the certificate has been selected.
// It finalizes the certificate and initializes |hs->local_pubkey|. It returns
-// one on success and zero on error.
-int ssl_on_certificate_selected(SSL_HANDSHAKE *hs);
+// true on success and false on error.
+bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs);
// TLS 1.3 key derivation.
// tls13_init_key_schedule initializes the handshake hash and key derivation
// state, and incorporates the PSK. The cipher suite and PRF hash must have been
-// selected at this point. It returns one on success and zero on error.
-int tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk,
- size_t psk_len);
+// selected at this point. It returns true on success and false on error.
+bool tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk,
+ size_t psk_len);
// tls13_init_early_key_schedule initializes the handshake hash and key
// derivation state from the resumption secret and incorporates the PSK to
// derive the early secrets. It returns one on success and zero on error.
-int tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk,
- size_t psk_len);
+bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk,
+ size_t psk_len);
// tls13_advance_key_schedule incorporates |in| into the key schedule with
-// HKDF-Extract. It returns one on success and zero on error.
-int tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in,
+// HKDF-Extract. It returns true on success and false on error.
+bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in,
size_t len);
// tls13_set_traffic_key sets the read or write traffic keys to
-// |traffic_secret|. It returns one on success and zero on error.
-int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction,
- const uint8_t *traffic_secret,
- size_t traffic_secret_len);
+// |traffic_secret|. It returns true on success and false on error.
+bool tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction,
+ const uint8_t *traffic_secret,
+ size_t traffic_secret_len);
-// tls13_derive_early_secrets derives the early traffic secret. It returns one
-// on success and zero on error.
-int tls13_derive_early_secrets(SSL_HANDSHAKE *hs);
+// tls13_derive_early_secrets derives the early traffic secret. It returns true
+// on success and false on error.
+bool tls13_derive_early_secrets(SSL_HANDSHAKE *hs);
// tls13_derive_handshake_secrets derives the handshake traffic secret. It
-// returns one on success and zero on error.
-int tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs);
+// returns true on success and false on error.
+bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs);
// tls13_rotate_traffic_key derives the next read or write traffic secret. It
-// returns one on success and zero on error.
-int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction);
+// returns true on success and false on error.
+bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction);
// tls13_derive_application_secrets derives the initial application data traffic
// and exporter secrets based on the handshake transcripts and |master_secret|.
-// It returns one on success and zero on error.
-int tls13_derive_application_secrets(SSL_HANDSHAKE *hs);
+// It returns true on success and false on error.
+bool tls13_derive_application_secrets(SSL_HANDSHAKE *hs);
// tls13_derive_resumption_secret derives the |resumption_secret|.
-int tls13_derive_resumption_secret(SSL_HANDSHAKE *hs);
+bool tls13_derive_resumption_secret(SSL_HANDSHAKE *hs);
// tls13_export_keying_material provides an exporter interface to use the
// |exporter_secret|.
-int tls13_export_keying_material(SSL *ssl, Span<uint8_t> out,
- Span<const uint8_t> secret,
- Span<const char> label,
- Span<const uint8_t> context);
+bool tls13_export_keying_material(SSL *ssl, Span<uint8_t> out,
+ Span<const uint8_t> secret,
+ Span<const char> label,
+ Span<const uint8_t> context);
// tls13_finished_mac calculates the MAC of the handshake transcript to verify
// the integrity of the Finished message, and stores the result in |out| and
-// length in |out_len|. |is_server| is 1 if this is for the Server Finished and
-// 0 for the Client Finished.
-int tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len,
- int is_server);
+// length in |out_len|. |is_server| is true if this is for the Server Finished
+// and false for the Client Finished.
+bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len,
+ bool is_server);
// tls13_derive_session_psk calculates the PSK for this session based on the
// resumption master secret and |nonce|. It returns true on success, and false
@@ -1276,15 +1275,15 @@
bool tls13_derive_session_psk(SSL_SESSION *session, Span<const uint8_t> nonce);
// tls13_write_psk_binder calculates the PSK binder value and replaces the last
-// bytes of |msg| with the resulting value. It returns 1 on success, and 0 on
-// failure.
-int tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len);
+// bytes of |msg| with the resulting value. It returns true on success, and
+// false on failure.
+bool tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len);
-// tls13_verify_psk_binder verifies that the handshake transcript, truncated
-// up to the binders has a valid signature using the value of |session|'s
-// resumption secret. It returns 1 on success, and 0 on failure.
-int tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session,
- const SSLMessage &msg, CBS *binders);
+// tls13_verify_psk_binder verifies that the handshake transcript, truncated up
+// to the binders has a valid signature using the value of |session|'s
+// resumption secret. It returns true on success, and false on failure.
+bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session,
+ const SSLMessage &msg, CBS *binders);
// Handshake functions.
@@ -1616,29 +1615,29 @@
const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs);
const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs);
-// tls13_post_handshake processes a post-handshake message. It returns one on
-// success and zero on failure.
-int tls13_post_handshake(SSL *ssl, const SSLMessage &msg);
+// tls13_post_handshake processes a post-handshake message. It returns true on
+// success and false on failure.
+bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg);
-int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
- int allow_anonymous);
-int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg);
+bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
+ bool allow_anonymous);
+bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg);
// tls13_process_finished processes |msg| as a Finished message from the
-// peer. If |use_saved_value| is one, the verify_data is compared against
+// peer. If |use_saved_value| is true, the verify_data is compared against
// |hs->expected_client_finished| rather than computed fresh.
-int tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,
- int use_saved_value);
+bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,
+ bool use_saved_value);
-int tls13_add_certificate(SSL_HANDSHAKE *hs);
+bool tls13_add_certificate(SSL_HANDSHAKE *hs);
// tls13_add_certificate_verify adds a TLS 1.3 CertificateVerify message to the
// handshake. If it returns |ssl_private_key_retry|, it should be called again
// to retry when the signing operation is completed.
enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs);
-int tls13_add_finished(SSL_HANDSHAKE *hs);
-int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg);
+bool tls13_add_finished(SSL_HANDSHAKE *hs);
+bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg);
bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
Array<uint8_t> *out_secret,
@@ -1660,7 +1659,7 @@
// returns whether it's valid.
bool ssl_is_sct_list_valid(const CBS *contents);
-int ssl_write_client_hello(SSL_HANDSHAKE *hs);
+bool ssl_write_client_hello(SSL_HANDSHAKE *hs);
enum ssl_cert_verify_context_t {
ssl_cert_verify_server,
@@ -2015,13 +2014,13 @@
uint16_t alg_id = 0;
};
-} // namespace bssl
+BSSL_NAMESPACE_END
DECLARE_LHASH_OF(SSL_SESSION)
DEFINE_NAMED_STACK_OF(CertCompressionAlg, bssl::CertCompressionAlg);
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// An ssl_shutdown_t describes the shutdown state of one end of the connection,
// whether it is alive or has been shutdown via close_notify or fatal alert.
@@ -2476,14 +2475,14 @@
UniquePtr<CERT> ssl_cert_dup(CERT *cert);
void ssl_cert_clear_certs(CERT *cert);
-int ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer);
-int ssl_is_key_type_supported(int key_type);
-// ssl_compare_public_and_private_key returns one if |pubkey| is the public
-// counterpart to |privkey|. Otherwise it returns zero and pushes a helpful
+bool ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer);
+bool ssl_is_key_type_supported(int key_type);
+// ssl_compare_public_and_private_key returns true if |pubkey| is the public
+// counterpart to |privkey|. Otherwise it returns false and pushes a helpful
// message on the error queue.
-int ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
+bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
const EVP_PKEY *privkey);
-int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey);
+bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey);
int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server);
int ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out, const SSL_SESSION *session);
int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx);
@@ -2749,7 +2748,7 @@
// current state of the error queue.
void ssl_set_read_error(SSL *ssl);
-} // namespace bssl
+BSSL_NAMESPACE_END
// Opaque C types.
diff --git a/src/ssl/s3_both.cc b/src/ssl/s3_both.cc
index 98896a3..c1d4b65 100644
--- a/src/ssl/s3_both.cc
+++ b/src/ssl/s3_both.cc
@@ -130,7 +130,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
static bool add_record_to_flight(SSL *ssl, uint8_t type,
Span<const uint8_t> in) {
@@ -636,4 +636,4 @@
}
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/s3_lib.cc b/src/ssl/s3_lib.cc
index 0b24f94..0e0770c 100644
--- a/src/ssl/s3_lib.cc
+++ b/src/ssl/s3_lib.cc
@@ -162,7 +162,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
SSL3_STATE::SSL3_STATE()
: skip_early_data(false),
@@ -215,4 +215,4 @@
ssl->s3 = NULL;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/s3_pkt.cc b/src/ssl/s3_pkt.cc
index 50e709b..1ccbf9f 100644
--- a/src/ssl/s3_pkt.cc
+++ b/src/ssl/s3_pkt.cc
@@ -122,7 +122,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len);
@@ -425,4 +425,4 @@
return 1;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/span_test.cc b/src/ssl/span_test.cc
index 0aa7f3d..7db3d70 100644
--- a/src/ssl/span_test.cc
+++ b/src/ssl/span_test.cc
@@ -19,7 +19,7 @@
#include <openssl/ssl.h>
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
namespace {
static void TestCtor(Span<int> s, const int *ptr, size_t size) {
@@ -87,4 +87,4 @@
}
} // namespace
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/ssl_aead_ctx.cc b/src/ssl/ssl_aead_ctx.cc
index 322b1b5..335f6f4 100644
--- a/src/ssl/ssl_aead_ctx.cc
+++ b/src/ssl/ssl_aead_ctx.cc
@@ -31,7 +31,7 @@
#define FUZZER_MODE false
#endif
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
SSLAEADContext::SSLAEADContext(uint16_t version_arg, bool is_dtls_arg,
const SSL_CIPHER *cipher_arg)
@@ -55,7 +55,7 @@
}
UniquePtr<SSLAEADContext> SSLAEADContext::Create(
- enum evp_aead_direction_t direction, uint16_t version, int is_dtls,
+ enum evp_aead_direction_t direction, uint16_t version, bool is_dtls,
const SSL_CIPHER *cipher, Span<const uint8_t> enc_key,
Span<const uint8_t> mac_key, Span<const uint8_t> fixed_iv) {
const EVP_AEAD *aead;
@@ -433,4 +433,4 @@
EVP_AEAD_CTX_get_iv(ctx_.get(), out_iv, out_iv_len);
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/ssl_asn1.cc b/src/ssl/ssl_asn1.cc
index 5dfacb2..caccef4 100644
--- a/src/ssl/ssl_asn1.cc
+++ b/src/ssl/ssl_asn1.cc
@@ -104,7 +104,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// An SSL_SESSION is serialized as the following ASN.1 structure:
//
@@ -751,7 +751,7 @@
return SSL_SESSION_to_bytes_full(in, cbb, 0);
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/ssl_buffer.cc b/src/ssl/ssl_buffer.cc
index 72647a4..b94f081 100644
--- a/src/ssl/ssl_buffer.cc
+++ b/src/ssl/ssl_buffer.cc
@@ -27,7 +27,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// BIO uses int instead of size_t. No lengths will exceed uint16_t, so this will
// not overflow.
@@ -284,4 +284,4 @@
}
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/ssl_cert.cc b/src/ssl/ssl_cert.cc
index 4842974..37d6501 100644
--- a/src/ssl/ssl_cert.cc
+++ b/src/ssl/ssl_cert.cc
@@ -133,7 +133,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
CERT::CERT(const SSL_X509_METHOD *x509_method_arg)
: x509_method(x509_method_arg) {}
@@ -289,10 +289,10 @@
return 1;
}
-int ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer) {
+bool ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer) {
switch (check_leaf_cert_and_privkey(buffer.get(), cert->privatekey.get())) {
case leaf_cert_and_privkey_error:
- return 0;
+ return false;
case leaf_cert_and_privkey_mismatch:
// don't fail for a cert/key mismatch, just free current private key
// (when switching to a different cert & key, first this function should
@@ -308,23 +308,23 @@
if (cert->chain != nullptr) {
CRYPTO_BUFFER_free(sk_CRYPTO_BUFFER_value(cert->chain.get(), 0));
sk_CRYPTO_BUFFER_set(cert->chain.get(), 0, buffer.release());
- return 1;
+ return true;
}
cert->chain.reset(sk_CRYPTO_BUFFER_new_null());
if (cert->chain == nullptr) {
- return 0;
+ return false;
}
if (!PushToStack(cert->chain.get(), std::move(buffer))) {
cert->chain.reset();
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-int ssl_has_certificate(const SSL_CONFIG *cfg) {
+bool ssl_has_certificate(const SSL_CONFIG *cfg) {
return cfg->cert->chain != nullptr &&
sk_CRYPTO_BUFFER_value(cfg->cert->chain.get(), 0) != nullptr &&
ssl_has_private_key(cfg);
@@ -394,7 +394,7 @@
return true;
}
-int ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) {
+bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) {
if (!ssl_has_certificate(hs->config)) {
return CBB_add_u24(cbb, 0);
}
@@ -402,7 +402,7 @@
CBB certs;
if (!CBB_add_u24_length_prefixed(cbb, &certs)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
STACK_OF(CRYPTO_BUFFER) *chain = hs->config->cert->chain.get();
@@ -414,7 +414,7 @@
CRYPTO_BUFFER_len(buffer)) ||
!CBB_flush(&certs)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
}
@@ -424,7 +424,7 @@
// ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from |in| and
// positions |*out_tbs_cert| to cover the TBSCertificate, starting at the
// subjectPublicKeyInfo.
-static int ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) {
+static bool ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) {
/* From RFC 5280, section 4.1
* Certificate ::= SEQUENCE {
* tbsCertificate TBSCertificate,
@@ -460,10 +460,10 @@
!CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
// subject
!CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
UniquePtr<EVP_PKEY> ssl_cert_parse_pubkey(const CBS *in) {
@@ -476,47 +476,42 @@
return UniquePtr<EVP_PKEY>(EVP_parse_public_key(&tbs_cert));
}
-int ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
- const EVP_PKEY *privkey) {
+bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
+ const EVP_PKEY *privkey) {
if (EVP_PKEY_is_opaque(privkey)) {
// We cannot check an opaque private key and have to trust that it
// matches.
- return 1;
+ return true;
}
- int ret = 0;
-
switch (EVP_PKEY_cmp(pubkey, privkey)) {
case 1:
- ret = 1;
- break;
+ return true;
case 0:
OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH);
- break;
+ return false;
case -1:
OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH);
- break;
+ return false;
case -2:
OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);
- break;
- default:
- assert(0);
- break;
+ return false;
}
- return ret;
+ assert(0);
+ return false;
}
-int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) {
+bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) {
if (privkey == nullptr) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return 0;
+ return false;
}
if (cert->chain == nullptr ||
sk_CRYPTO_BUFFER_value(cert->chain.get(), 0) == nullptr) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
+ return false;
}
CBS cert_cbs;
@@ -525,13 +520,13 @@
UniquePtr<EVP_PKEY> pubkey = ssl_cert_parse_pubkey(&cert_cbs);
if (!pubkey) {
OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);
- return 0;
+ return false;
}
return ssl_compare_public_and_private_key(pubkey.get(), privkey);
}
-int ssl_cert_check_digital_signature_key_usage(const CBS *in) {
+bool ssl_cert_check_digital_signature_key_usage(const CBS *in) {
CBS buf = *in;
CBS tbs_cert, outer_extensions;
@@ -551,17 +546,17 @@
&tbs_cert, &outer_extensions, &has_extensions,
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
- return 0;
+ return false;
}
if (!has_extensions) {
- return 1;
+ return true;
}
CBS extensions;
if (!CBS_get_asn1(&outer_extensions, &extensions, CBS_ASN1_SEQUENCE)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
- return 0;
+ return false;
}
while (CBS_len(&extensions) > 0) {
@@ -573,7 +568,7 @@
!CBS_get_asn1(&extension, &contents, CBS_ASN1_OCTETSTRING) ||
CBS_len(&extension) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
- return 0;
+ return false;
}
static const uint8_t kKeyUsageOID[3] = {0x55, 0x1d, 0x0f};
@@ -587,26 +582,26 @@
if (!CBS_get_asn1(&contents, &bit_string, CBS_ASN1_BITSTRING) ||
CBS_len(&contents) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
- return 0;
+ return false;
}
// This is the KeyUsage extension. See
// https://tools.ietf.org/html/rfc5280#section-4.2.1.3
if (!CBS_is_valid_asn1_bitstring(&bit_string)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
- return 0;
+ return false;
}
if (!CBS_asn1_bitstring_has_bit(&bit_string, 0)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
// No KeyUsage extension found.
- return 1;
+ return true;
}
UniquePtr<STACK_OF(CRYPTO_BUFFER)> ssl_parse_client_CA_list(SSL *ssl,
@@ -666,10 +661,10 @@
return sk_CRYPTO_BUFFER_num(names) > 0;
}
-int ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb) {
+bool ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb) {
CBB child, name_cbb;
if (!CBB_add_u16_length_prefixed(cbb, &child)) {
- return 0;
+ return false;
}
const STACK_OF(CRYPTO_BUFFER) *names = hs->config->client_CA.get();
@@ -684,21 +679,21 @@
if (!CBB_add_u16_length_prefixed(&child, &name_cbb) ||
!CBB_add_bytes(&name_cbb, CRYPTO_BUFFER_data(name),
CRYPTO_BUFFER_len(name))) {
- return 0;
+ return false;
}
}
return CBB_flush(cbb);
}
-int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
- const CRYPTO_BUFFER *leaf) {
+bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
+ const CRYPTO_BUFFER *leaf) {
assert(ssl_protocol_version(hs->ssl) < TLS1_3_VERSION);
// Check the certificate's type matches the cipher.
if (!(hs->new_cipher->algorithm_auth & ssl_cipher_auth_mask_for_key(pkey))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE);
- return 0;
+ return false;
}
// Check key usages for all key types but RSA. This is needed to distinguish
@@ -711,7 +706,7 @@
CBS leaf_cbs;
CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf));
if (!ssl_cert_check_digital_signature_key_usage(&leaf_cbs)) {
- return 0;
+ return false;
}
}
@@ -724,22 +719,22 @@
!tls1_check_group_id(hs, group_id) ||
EC_KEY_get_conv_form(ec_key) != POINT_CONVERSION_UNCOMPRESSED) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
-int ssl_on_certificate_selected(SSL_HANDSHAKE *hs) {
+bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (!ssl_has_certificate(hs->config)) {
// Nothing to do.
- return 1;
+ return true;
}
if (!ssl->ctx->x509_method->ssl_auto_chain_if_needed(hs)) {
- return 0;
+ return false;
}
CBS leaf;
@@ -750,7 +745,7 @@
return hs->local_pubkey != NULL;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/ssl_cipher.cc b/src/ssl/ssl_cipher.cc
index 5899500..0ed91d6 100644
--- a/src/ssl/ssl_cipher.cc
+++ b/src/ssl/ssl_cipher.cc
@@ -154,7 +154,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// kCiphers is an array of all supported ciphers, sorted by id.
static constexpr SSL_CIPHER kCiphers[] = {
@@ -559,13 +559,13 @@
bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
size_t *out_mac_secret_len,
size_t *out_fixed_iv_len, const SSL_CIPHER *cipher,
- uint16_t version, int is_dtls) {
+ uint16_t version, bool is_dtls) {
*out_aead = NULL;
*out_mac_secret_len = 0;
*out_fixed_iv_len = 0;
- const int is_tls12 = version == TLS1_2_VERSION && !is_dtls;
- const int is_tls13 = version == TLS1_3_VERSION && !is_dtls;
+ const bool is_tls12 = version == TLS1_2_VERSION && !is_dtls;
+ const bool is_tls13 = version == TLS1_3_VERSION && !is_dtls;
if (cipher->algorithm_mac == SSL_AEAD) {
if (cipher->algorithm_enc == SSL_AES128GCM) {
@@ -649,7 +649,7 @@
}
}
-static bool is_cipher_list_separator(char c, int is_strict) {
+static bool is_cipher_list_separator(char c, bool is_strict) {
if (c == ':') {
return true;
}
@@ -1306,7 +1306,7 @@
return ret;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/ssl_key_share.cc b/src/ssl/ssl_key_share.cc
index c7f6f88..8466eab 100644
--- a/src/ssl/ssl_key_share.cc
+++ b/src/ssl/ssl_key_share.cc
@@ -31,7 +31,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
namespace {
@@ -266,33 +266,33 @@
Finish(out_secret, out_alert, peer_key);
}
-int ssl_nid_to_group_id(uint16_t *out_group_id, int nid) {
+bool ssl_nid_to_group_id(uint16_t *out_group_id, int nid) {
for (const auto &group : kNamedGroups) {
if (group.nid == nid) {
*out_group_id = group.group_id;
- return 1;
+ return true;
}
}
- return 0;
+ return false;
}
-int ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len) {
+bool ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len) {
for (const auto &group : kNamedGroups) {
if (len == strlen(group.name) &&
!strncmp(group.name, name, len)) {
*out_group_id = group.group_id;
- return 1;
+ return true;
}
if (len == strlen(group.alias) &&
!strncmp(group.alias, name, len)) {
*out_group_id = group.group_id;
- return 1;
+ return true;
}
}
- return 0;
+ return false;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/ssl_lib.cc b/src/ssl/ssl_lib.cc
index 120c276..13b9cac 100644
--- a/src/ssl/ssl_lib.cc
+++ b/src/ssl/ssl_lib.cc
@@ -162,7 +162,7 @@
#endif
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
// to avoid downstream churn.
@@ -506,7 +506,7 @@
ssl->config->handoff = on;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/ssl_privkey.cc b/src/ssl/ssl_privkey.cc
index fecac39..e716c9a 100644
--- a/src/ssl/ssl_privkey.cc
+++ b/src/ssl/ssl_privkey.cc
@@ -69,28 +69,28 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
-int ssl_is_key_type_supported(int key_type) {
+bool ssl_is_key_type_supported(int key_type) {
return key_type == EVP_PKEY_RSA || key_type == EVP_PKEY_EC ||
key_type == EVP_PKEY_ED25519;
}
-static int ssl_set_pkey(CERT *cert, EVP_PKEY *pkey) {
+static bool ssl_set_pkey(CERT *cert, EVP_PKEY *pkey) {
if (!ssl_is_key_type_supported(pkey->type)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- return 0;
+ return false;
}
if (cert->chain != nullptr &&
sk_CRYPTO_BUFFER_value(cert->chain.get(), 0) != nullptr &&
// Sanity-check that the private key and the certificate match.
!ssl_cert_check_private_key(cert, pkey)) {
- return 0;
+ return false;
}
cert->privatekey = UpRef(pkey);
- return 1;
+ return true;
}
typedef struct {
@@ -98,29 +98,30 @@
int pkey_type;
int curve;
const EVP_MD *(*digest_func)(void);
- char is_rsa_pss;
+ bool is_rsa_pss;
} SSL_SIGNATURE_ALGORITHM;
static const SSL_SIGNATURE_ALGORITHM kSignatureAlgorithms[] = {
- {SSL_SIGN_RSA_PKCS1_MD5_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_md5_sha1, 0},
- {SSL_SIGN_RSA_PKCS1_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_sha1, 0},
- {SSL_SIGN_RSA_PKCS1_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 0},
- {SSL_SIGN_RSA_PKCS1_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 0},
- {SSL_SIGN_RSA_PKCS1_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 0},
+ {SSL_SIGN_RSA_PKCS1_MD5_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_md5_sha1,
+ false},
+ {SSL_SIGN_RSA_PKCS1_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_sha1, false},
+ {SSL_SIGN_RSA_PKCS1_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, false},
+ {SSL_SIGN_RSA_PKCS1_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, false},
+ {SSL_SIGN_RSA_PKCS1_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, false},
- {SSL_SIGN_RSA_PSS_RSAE_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 1},
- {SSL_SIGN_RSA_PSS_RSAE_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 1},
- {SSL_SIGN_RSA_PSS_RSAE_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 1},
+ {SSL_SIGN_RSA_PSS_RSAE_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, true},
+ {SSL_SIGN_RSA_PSS_RSAE_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, true},
+ {SSL_SIGN_RSA_PSS_RSAE_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, true},
- {SSL_SIGN_ECDSA_SHA1, EVP_PKEY_EC, NID_undef, &EVP_sha1, 0},
+ {SSL_SIGN_ECDSA_SHA1, EVP_PKEY_EC, NID_undef, &EVP_sha1, false},
{SSL_SIGN_ECDSA_SECP256R1_SHA256, EVP_PKEY_EC, NID_X9_62_prime256v1,
- &EVP_sha256, 0},
+ &EVP_sha256, false},
{SSL_SIGN_ECDSA_SECP384R1_SHA384, EVP_PKEY_EC, NID_secp384r1, &EVP_sha384,
- 0},
+ false},
{SSL_SIGN_ECDSA_SECP521R1_SHA512, EVP_PKEY_EC, NID_secp521r1, &EVP_sha512,
- 0},
+ false},
- {SSL_SIGN_ED25519, EVP_PKEY_ED25519, NID_undef, NULL, 0},
+ {SSL_SIGN_ED25519, EVP_PKEY_ED25519, NID_undef, nullptr, false},
};
static const SSL_SIGNATURE_ALGORITHM *get_signature_algorithm(uint16_t sigalg) {
@@ -132,22 +133,22 @@
return NULL;
}
-int ssl_has_private_key(const SSL_CONFIG *cfg) {
+bool ssl_has_private_key(const SSL_CONFIG *cfg) {
return cfg->cert->privatekey != nullptr || cfg->cert->key_method != nullptr;
}
-static int pkey_supports_algorithm(const SSL *ssl, EVP_PKEY *pkey,
- uint16_t sigalg) {
+static bool pkey_supports_algorithm(const SSL *ssl, EVP_PKEY *pkey,
+ uint16_t sigalg) {
const SSL_SIGNATURE_ALGORITHM *alg = get_signature_algorithm(sigalg);
if (alg == NULL ||
EVP_PKEY_id(pkey) != alg->pkey_type) {
- return 0;
+ return false;
}
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
// RSA keys may only be used with RSA-PSS.
if (alg->pkey_type == EVP_PKEY_RSA && !alg->is_rsa_pss) {
- return 0;
+ return false;
}
// EC keys have a curve requirement.
@@ -155,18 +156,18 @@
(alg->curve == NID_undef ||
EC_GROUP_get_curve_name(
EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey))) != alg->curve)) {
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
-static int setup_ctx(SSL *ssl, EVP_MD_CTX *ctx, EVP_PKEY *pkey, uint16_t sigalg,
- int is_verify) {
+static bool setup_ctx(SSL *ssl, EVP_MD_CTX *ctx, EVP_PKEY *pkey,
+ uint16_t sigalg, bool is_verify) {
if (!pkey_supports_algorithm(ssl, pkey, sigalg)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
- return 0;
+ return false;
}
const SSL_SIGNATURE_ALGORITHM *alg = get_signature_algorithm(sigalg);
@@ -174,20 +175,20 @@
EVP_PKEY_CTX *pctx;
if (is_verify) {
if (!EVP_DigestVerifyInit(ctx, &pctx, digest, NULL, pkey)) {
- return 0;
+ return false;
}
} else if (!EVP_DigestSignInit(ctx, &pctx, digest, NULL, pkey)) {
- return 0;
+ return false;
}
if (alg->is_rsa_pss) {
if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* salt len = hash len */)) {
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
enum ssl_private_key_result_t ssl_private_key_sign(
@@ -212,7 +213,7 @@
*out_len = max_out;
ScopedEVP_MD_CTX ctx;
if (!setup_ctx(ssl, ctx.get(), hs->config->cert->privatekey.get(), sigalg,
- 0 /* sign */) ||
+ false /* sign */) ||
!EVP_DigestSign(ctx.get(), out, out_len, in.data(), in.size())) {
return ssl_private_key_failure;
}
@@ -223,7 +224,7 @@
uint16_t sigalg, EVP_PKEY *pkey,
Span<const uint8_t> in) {
ScopedEVP_MD_CTX ctx;
- return setup_ctx(ssl, ctx.get(), pkey, sigalg, 1 /* verify */) &&
+ return setup_ctx(ssl, ctx.get(), pkey, sigalg, true /* verify */) &&
EVP_DigestVerify(ctx.get(), signature.data(), signature.size(),
in.data(), in.size());
}
@@ -287,7 +288,7 @@
return true;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/ssl_session.cc b/src/ssl/ssl_session.cc
index 1b0b68a..927dd1b 100644
--- a/src/ssl/ssl_session.cc
+++ b/src/ssl/ssl_session.cc
@@ -151,7 +151,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// The address of this is a magic value, a pointer to which is returned by
// SSL_magic_pending_session_ptr(). It allows a session callback to indicate
@@ -838,7 +838,7 @@
}
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index 74c4e9e..894bb14 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc
@@ -53,7 +53,7 @@
#endif
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
namespace {
@@ -1966,18 +1966,18 @@
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09,
0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
- 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
- 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
- 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}},
+ 0x01, 0x00, 0x00, 0x1f, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01,
+ 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00,
+ 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00}},
{TLS1_1_VERSION,
{0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00, 0x56, 0x03, 0x02, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09,
0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a,
- 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
- 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
- 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}},
+ 0x01, 0x00, 0x00, 0x1f, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01,
+ 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00,
+ 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00}},
{TLS1_2_VERSION,
{0x16, 0x03, 0x01, 0x00, 0x82, 0x01, 0x00, 0x00, 0x7e, 0x03, 0x03, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1985,12 +1985,12 @@
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0xcc, 0xa9,
0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xc0, 0x09,
0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
- 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
- 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
- 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
- 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
- 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
- 0x17, 0x00, 0x18}},
+ 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0x00, 0x17, 0x00, 0x00,
+ 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00,
+ 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
+ 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08,
+ 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06,
+ 0x01, 0x02, 0x01}},
// TODO(davidben): Add a change detector for TLS 1.3 once the spec and our
// implementation has settled enough that it won't change.
};
@@ -2033,7 +2033,7 @@
}
}
if (i + 12 >= client_hello.size()) {
- printf("}}");
+ printf("}},");
}
printf("\n");
}
@@ -4281,6 +4281,21 @@
server_ctx_.get()));
}
+// Test that ticket-based sessions on the client get fake session IDs.
+TEST_P(SSLVersionTest, FakeIDsForTickets) {
+ SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH);
+ SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH);
+
+ bssl::UniquePtr<SSL_SESSION> session =
+ CreateClientSession(client_ctx_.get(), server_ctx_.get());
+ ASSERT_TRUE(session);
+
+ EXPECT_TRUE(SSL_SESSION_has_ticket(session.get()));
+ unsigned session_id_length;
+ SSL_SESSION_get_id(session.get(), &session_id_length);
+ EXPECT_NE(session_id_length, 0u);
+}
+
// These tests test multi-threaded behavior. They are intended to run with
// ThreadSanitizer.
#if !defined(OPENSSL_NO_THREADS)
@@ -4428,4 +4443,4 @@
}
} // namespace
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/ssl_transcript.cc b/src/ssl/ssl_transcript.cc
index 24b86bf..8bb513d 100644
--- a/src/ssl/ssl_transcript.cc
+++ b/src/ssl/ssl_transcript.cc
@@ -141,7 +141,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
SSLTranscript::SSLTranscript() {}
@@ -261,4 +261,4 @@
return true;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/ssl_versions.cc b/src/ssl/ssl_versions.cc
index 212c3ac..911fb7e 100644
--- a/src/ssl/ssl_versions.cc
+++ b/src/ssl/ssl_versions.cc
@@ -23,7 +23,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
switch (version) {
@@ -360,7 +360,7 @@
return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/ssl_x509.cc b/src/ssl/ssl_x509.cc
index ef09589..9fa800f 100644
--- a/src/ssl/ssl_x509.cc
+++ b/src/ssl/ssl_x509.cc
@@ -155,7 +155,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// check_ssl_x509_method asserts that |ssl| has the X509-based method
// installed. Calling an X509-based method on an |ssl| with a different method
@@ -506,7 +506,7 @@
ssl_crypto_x509_ssl_ctx_flush_cached_client_CA,
};
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/t1_enc.cc b/src/ssl/t1_enc.cc
index 93170b9..c6b2844 100644
--- a/src/ssl/t1_enc.cc
+++ b/src/ssl/t1_enc.cc
@@ -153,7 +153,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
bool tls1_prf(const EVP_MD *digest, Span<uint8_t> out,
Span<const uint8_t> secret, Span<const char> label,
@@ -277,7 +277,7 @@
return SSL3_MASTER_SECRET_SIZE;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/t1_lib.cc b/src/ssl/t1_lib.cc
index 32ea2d4..678e4a3 100644
--- a/src/ssl/t1_lib.cc
+++ b/src/ssl/t1_lib.cc
@@ -129,7 +129,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
@@ -2775,14 +2775,6 @@
// kExtensions contains all the supported extensions.
static const struct tls_extension kExtensions[] = {
{
- TLSEXT_TYPE_renegotiate,
- NULL,
- ext_ri_add_clienthello,
- ext_ri_parse_serverhello,
- ext_ri_parse_clienthello,
- ext_ri_add_serverhello,
- },
- {
TLSEXT_TYPE_server_name,
NULL,
ext_sni_add_clienthello,
@@ -2799,6 +2791,30 @@
ext_ems_add_serverhello,
},
{
+ TLSEXT_TYPE_renegotiate,
+ NULL,
+ ext_ri_add_clienthello,
+ ext_ri_parse_serverhello,
+ ext_ri_parse_clienthello,
+ ext_ri_add_serverhello,
+ },
+ {
+ TLSEXT_TYPE_supported_groups,
+ NULL,
+ ext_supported_groups_add_clienthello,
+ ext_supported_groups_parse_serverhello,
+ ext_supported_groups_parse_clienthello,
+ dont_add_serverhello,
+ },
+ {
+ TLSEXT_TYPE_ec_point_formats,
+ NULL,
+ ext_ec_point_add_clienthello,
+ ext_ec_point_parse_serverhello,
+ ext_ec_point_parse_clienthello,
+ ext_ec_point_add_serverhello,
+ },
+ {
TLSEXT_TYPE_session_ticket,
NULL,
ext_ticket_add_clienthello,
@@ -2808,6 +2824,23 @@
ext_ticket_add_serverhello,
},
{
+ TLSEXT_TYPE_application_layer_protocol_negotiation,
+ NULL,
+ ext_alpn_add_clienthello,
+ ext_alpn_parse_serverhello,
+ // ALPN is negotiated late in |ssl_negotiate_alpn|.
+ ignore_parse_clienthello,
+ ext_alpn_add_serverhello,
+ },
+ {
+ TLSEXT_TYPE_status_request,
+ NULL,
+ ext_ocsp_add_clienthello,
+ ext_ocsp_parse_serverhello,
+ ext_ocsp_parse_clienthello,
+ ext_ocsp_add_serverhello,
+ },
+ {
TLSEXT_TYPE_signature_algorithms,
NULL,
ext_sigalgs_add_clienthello,
@@ -2824,14 +2857,6 @@
dont_add_serverhello,
},
{
- TLSEXT_TYPE_status_request,
- NULL,
- ext_ocsp_add_clienthello,
- ext_ocsp_parse_serverhello,
- ext_ocsp_parse_clienthello,
- ext_ocsp_add_serverhello,
- },
- {
TLSEXT_TYPE_next_proto_neg,
NULL,
ext_npn_add_clienthello,
@@ -2848,15 +2873,6 @@
ext_sct_add_serverhello,
},
{
- TLSEXT_TYPE_application_layer_protocol_negotiation,
- NULL,
- ext_alpn_add_clienthello,
- ext_alpn_parse_serverhello,
- // ALPN is negotiated late in |ssl_negotiate_alpn|.
- ignore_parse_clienthello,
- ext_alpn_add_serverhello,
- },
- {
TLSEXT_TYPE_channel_id,
ext_channel_id_init,
ext_channel_id_add_clienthello,
@@ -2873,14 +2889,6 @@
ext_srtp_add_serverhello,
},
{
- TLSEXT_TYPE_ec_point_formats,
- NULL,
- ext_ec_point_add_clienthello,
- ext_ec_point_parse_serverhello,
- ext_ec_point_parse_clienthello,
- ext_ec_point_add_serverhello,
- },
- {
TLSEXT_TYPE_key_share,
NULL,
ext_key_share_add_clienthello,
@@ -2929,14 +2937,6 @@
ext_quic_transport_params_add_serverhello,
},
{
- TLSEXT_TYPE_supported_groups,
- NULL,
- ext_supported_groups_add_clienthello,
- ext_supported_groups_parse_serverhello,
- ext_supported_groups_parse_clienthello,
- dont_add_serverhello,
- },
- {
TLSEXT_TYPE_token_binding,
NULL,
ext_token_binding_add_clienthello,
@@ -3836,7 +3836,7 @@
return true;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/test/CMakeLists.txt b/src/ssl/test/CMakeLists.txt
index 425b43b..d86464c 100644
--- a/src/ssl/test/CMakeLists.txt
+++ b/src/ssl/test/CMakeLists.txt
@@ -14,6 +14,8 @@
$<TARGET_OBJECTS:test_support>
)
+add_dependencies(bssl_shim global_target)
+
target_link_libraries(bssl_shim ssl crypto)
if(UNIX AND NOT APPLE AND NOT ANDROID)
@@ -31,6 +33,8 @@
$<TARGET_OBJECTS:test_support>
)
+ add_dependencies(handshaker global_target)
+
target_link_libraries(handshaker ssl crypto)
else()
# Declare a dummy target for run_tests to depend on.
diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go
index 6bbaecf..4bcf603 100644
--- a/src/ssl/test/runner/runner.go
+++ b/src/ssl/test/runner/runner.go
@@ -7625,17 +7625,6 @@
},
})
} else {
- error := ":OLD_SESSION_VERSION_NOT_RETURNED:"
- // Clients offering TLS 1.3 will send a fake session ID
- // unrelated to the session being offer. This session ID is
- // invalid for the server to echo, so the handshake fails at
- // a different point. It's not syntactically possible for a
- // server to convince our client that it's accepted a TLS
- // 1.3 session at an older version.
- if resumeVers.version < VersionTLS13 && sessionVers.version >= VersionTLS13 {
- error = ":SERVER_ECHOED_INVALID_SESSION_ID:"
- }
-
testCases = append(testCases, testCase{
protocol: protocol,
name: "Resume-Client-Mismatch" + suffix,
@@ -7654,7 +7643,7 @@
},
expectedResumeVersion: resumeVers.version,
shouldFail: true,
- expectedError: error,
+ expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
flags: []string{
"-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant),
"-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant),
diff --git a/src/ssl/tls13_both.cc b/src/ssl/tls13_both.cc
index a1793da..a02d35d 100644
--- a/src/ssl/tls13_both.cc
+++ b/src/ssl/tls13_both.cc
@@ -30,7 +30,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// kMaxKeyUpdates is the number of consecutive KeyUpdates that will be
// processed. Without this limit an attacker could force unbounded processing
@@ -101,8 +101,8 @@
return true;
}
-int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
- int allow_anonymous) {
+bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
+ bool allow_anonymous) {
SSL *const ssl = hs->ssl;
CBS body = msg.body;
bssl::UniquePtr<CRYPTO_BUFFER> decompressed;
@@ -118,7 +118,7 @@
CBS_len(&body) != 0) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return 0;
+ return false;
}
if (uncompressed_len > ssl->max_cert_list) {
@@ -126,7 +126,7 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_UNCOMPRESSED_CERT_TOO_LARGE);
ERR_add_error_dataf("requested=%u",
static_cast<unsigned>(uncompressed_len));
- return 0;
+ return false;
}
ssl_cert_decompression_func_t decompress = nullptr;
@@ -141,7 +141,7 @@
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERT_COMPRESSION_ALG);
ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id));
- return 0;
+ return false;
}
CRYPTO_BUFFER *decompressed_ptr = nullptr;
@@ -150,7 +150,7 @@
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_DECOMPRESSION_FAILED);
ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id));
- return 0;
+ return false;
}
decompressed.reset(decompressed_ptr);
@@ -161,7 +161,7 @@
"alg=%d got=%u expected=%u", static_cast<int>(alg_id),
static_cast<unsigned>(CRYPTO_BUFFER_len(decompressed_ptr)),
static_cast<unsigned>(uncompressed_len));
- return 0;
+ return false;
}
CBS_init(&body, CRYPTO_BUFFER_data(decompressed_ptr),
@@ -177,14 +177,14 @@
CBS_len(&body) != 0) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return 0;
+ return false;
}
UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs(sk_CRYPTO_BUFFER_new_null());
if (!certs) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- return 0;
+ return false;
}
const bool retain_sha256 =
@@ -197,7 +197,7 @@
CBS_len(&certificate) == 0) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
- return 0;
+ return false;
}
if (sk_CRYPTO_BUFFER_num(certs.get()) == 0) {
@@ -205,13 +205,13 @@
if (!pkey) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return 0;
+ return false;
}
// TLS 1.3 always uses certificate keys for signing thus the correct
// keyUsage is enforced.
if (!ssl_cert_check_digital_signature_key_usage(&certificate)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
- return 0;
+ return false;
}
if (retain_sha256) {
@@ -227,7 +227,7 @@
!PushToStack(certs.get(), std::move(buf))) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- return 0;
+ return false;
}
// Parse out the extensions.
@@ -243,7 +243,7 @@
OPENSSL_ARRAY_SIZE(ext_types),
0 /* reject unknown */)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
- return 0;
+ return false;
}
// All Certificate extensions are parsed, but only the leaf extensions are
@@ -252,7 +252,7 @@
if (ssl->server || !hs->config->ocsp_stapling_enabled) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
- return 0;
+ return false;
}
uint8_t status_type;
@@ -263,7 +263,7 @@
CBS_len(&ocsp_response) == 0 ||
CBS_len(&status_request) != 0) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- return 0;
+ return false;
}
if (sk_CRYPTO_BUFFER_num(certs.get()) == 1) {
@@ -271,7 +271,7 @@
CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool));
if (hs->new_session->ocsp_response == nullptr) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- return 0;
+ return false;
}
}
}
@@ -280,13 +280,13 @@
if (ssl->server || !hs->config->signed_cert_timestamps_enabled) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
- return 0;
+ return false;
}
if (!ssl_is_sct_list_valid(&sct)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- return 0;
+ return false;
}
if (sk_CRYPTO_BUFFER_num(certs.get()) == 1) {
@@ -294,7 +294,7 @@
CRYPTO_BUFFER_new_from_CBS(&sct, ssl->ctx->pool));
if (hs->new_session->signed_cert_timestamp_list == nullptr) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- return 0;
+ return false;
}
}
}
@@ -312,14 +312,14 @@
if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- return 0;
+ return false;
}
if (sk_CRYPTO_BUFFER_num(hs->new_session->certs.get()) == 0) {
if (!allow_anonymous) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED);
- return 0;
+ return false;
}
// OpenSSL returns X509_V_OK when no certificates are requested. This is
@@ -327,18 +327,18 @@
hs->new_session->verify_result = X509_V_OK;
// No certificate, so nothing more to do.
- return 1;
+ return true;
}
hs->new_session->peer_sha256_valid = retain_sha256;
- return 1;
+ return true;
}
-int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
+bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
SSL *const ssl = hs->ssl;
if (hs->peer_pubkey == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
CBS body = msg.body, signature;
@@ -348,13 +348,13 @@
CBS_len(&body) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- return 0;
+ return false;
}
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
- return 0;
+ return false;
}
hs->new_session->peer_signature_algorithm = signature_algorithm;
@@ -363,7 +363,7 @@
hs, &input,
ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- return 0;
+ return false;
}
bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm,
@@ -375,14 +375,14 @@
if (!sig_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-int tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,
- int use_saved_value) {
+bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,
+ bool use_saved_value) {
SSL *const ssl = hs->ssl;
uint8_t verify_data_buf[EVP_MAX_MD_SIZE];
const uint8_t *verify_data;
@@ -394,25 +394,25 @@
} else {
if (!tls13_finished_mac(hs, verify_data_buf, &verify_data_len,
!ssl->server)) {
- return 0;
+ return false;
}
verify_data = verify_data_buf;
}
- int finished_ok = CBS_mem_equal(&msg.body, verify_data, verify_data_len);
+ bool finished_ok = CBS_mem_equal(&msg.body, verify_data, verify_data_len);
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- finished_ok = 1;
+ finished_ok = true;
#endif
if (!finished_ok) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-int tls13_add_certificate(SSL_HANDSHAKE *hs) {
+bool tls13_add_certificate(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
CERT *const cert = hs->config->cert.get();
@@ -435,7 +435,7 @@
!CBB_add_u8(body, 0) ||
!CBB_add_u24_length_prefixed(body, &certificate_list)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
if (!ssl_has_certificate(hs->config)) {
@@ -449,7 +449,7 @@
CRYPTO_BUFFER_len(leaf_buf)) ||
!CBB_add_u16_length_prefixed(&certificate_list, &extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
if (hs->scts_requested && cert->signed_cert_timestamp_list != nullptr) {
@@ -462,7 +462,7 @@
CRYPTO_BUFFER_len(cert->signed_cert_timestamp_list.get())) ||
!CBB_flush(&extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
}
@@ -477,7 +477,7 @@
CRYPTO_BUFFER_len(cert->ocsp_response.get())) ||
!CBB_flush(&extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
}
@@ -489,7 +489,7 @@
CRYPTO_BUFFER_len(cert_buf)) ||
!CBB_add_u16(&certificate_list, 0 /* no extensions */)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
}
@@ -500,7 +500,7 @@
Array<uint8_t> msg;
if (!CBBFinishArray(cbb.get(), &msg)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
const CertCompressionAlg *alg = nullptr;
@@ -513,7 +513,7 @@
if (alg == nullptr || alg->compress == nullptr) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
CBB compressed;
@@ -526,10 +526,10 @@
!alg->compress(ssl, &compressed, msg.data(), msg.size()) ||
!ssl_add_message_cbb(ssl, cbb.get())) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) {
@@ -582,7 +582,7 @@
return ssl_private_key_success;
}
-int tls13_add_finished(SSL_HANDSHAKE *hs) {
+bool tls13_add_finished(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
size_t verify_data_len;
uint8_t verify_data[EVP_MAX_MD_SIZE];
@@ -590,7 +590,7 @@
if (!tls13_finished_mac(hs, verify_data, &verify_data_len, ssl->server)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
- return 0;
+ return false;
}
ScopedCBB cbb;
@@ -598,13 +598,13 @@
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||
!CBB_add_bytes(&body, verify_data, verify_data_len) ||
!ssl_add_message_cbb(ssl, cbb.get())) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) {
+static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) {
CBS body = msg.body;
uint8_t key_update_request;
if (!CBS_get_u8(&body, &key_update_request) ||
@@ -613,11 +613,11 @@
key_update_request != SSL_KEY_UPDATE_REQUESTED)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- return 0;
+ return false;
}
if (!tls13_rotate_traffic_key(ssl, evp_aead_open)) {
- return 0;
+ return false;
}
// Acknowledge the KeyUpdate
@@ -630,7 +630,7 @@
!CBB_add_u8(&body_cbb, SSL_KEY_UPDATE_NOT_REQUESTED) ||
!ssl_add_message_cbb(ssl, cbb.get()) ||
!tls13_rotate_traffic_key(ssl, evp_aead_seal)) {
- return 0;
+ return false;
}
// Suppress KeyUpdate acknowledgments until this change is written to the
@@ -639,16 +639,16 @@
ssl->s3->key_update_pending = true;
}
- return 1;
+ return true;
}
-int tls13_post_handshake(SSL *ssl, const SSLMessage &msg) {
+bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg) {
if (msg.type == SSL3_MT_KEY_UPDATE) {
ssl->s3->key_update_count++;
if (ssl->s3->key_update_count > kMaxKeyUpdates) {
OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MANY_KEY_UPDATES);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
- return 0;
+ return false;
}
return tls13_receive_key_update(ssl, msg);
@@ -662,7 +662,7 @@
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
- return 0;
+ return false;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/tls13_client.cc b/src/ssl/tls13_client.cc
index cf20403..26f5fb9 100644
--- a/src/ssl/tls13_client.cc
+++ b/src/ssl/tls13_client.cc
@@ -24,13 +24,14 @@
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/mem.h>
+#include <openssl/sha.h>
#include <openssl/stack.h>
#include "../crypto/internal.h"
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
enum client_hs_state_t {
state_read_hello_retry_request = 0,
@@ -552,7 +553,7 @@
return ssl_hs_error;
}
- if (!tls13_process_certificate(hs, msg, 0 /* certificate required */) ||
+ if (!tls13_process_certificate(hs, msg, false /* certificate required */) ||
!ssl_hash_message(hs, msg)) {
return ssl_hs_error;
}
@@ -612,7 +613,7 @@
return ssl_hs_read_message;
}
if (!ssl_check_message_type(ssl, msg, SSL3_MT_FINISHED) ||
- !tls13_process_finished(hs, msg, 0 /* don't use saved value */) ||
+ !tls13_process_finished(hs, msg, false /* don't use saved value */) ||
!ssl_hash_message(hs, msg) ||
// Update the secret to the master secret and derive traffic keys.
!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len) ||
@@ -846,18 +847,18 @@
return "TLS 1.3 client unknown";
}
-int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
+bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
if (ssl->s3->write_shutdown != ssl_shutdown_none) {
// Ignore tickets on shutdown. Callers tend to indiscriminately call
// |SSL_shutdown| before destroying an |SSL|, at which point calling the new
// session callback may be confusing.
- return 1;
+ return true;
}
UniquePtr<SSL_SESSION> session = SSL_SESSION_dup(
ssl->s3->established_session.get(), SSL_SESSION_INCLUDE_NONAUTH);
if (!session) {
- return 0;
+ return false;
}
ssl_session_rebase_time(ssl, session.get());
@@ -873,7 +874,7 @@
CBS_len(&body) != 0) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return 0;
+ return false;
}
// Cap the renewable lifetime by the server advertised value. This avoids
@@ -883,7 +884,7 @@
}
if (!tls13_derive_session_psk(session.get(), ticket_nonce)) {
- return 0;
+ return false;
}
// Parse out the extensions.
@@ -898,7 +899,7 @@
OPENSSL_ARRAY_SIZE(ext_types),
1 /* ignore unknown */)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
- return 0;
+ return false;
}
if (have_early_data_info && ssl->enable_early_data) {
@@ -906,10 +907,15 @@
CBS_len(&early_data_info) != 0) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return 0;
+ return false;
}
}
+ // Generate a session ID for this session. Some callers expect all sessions to
+ // have a session ID.
+ SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id);
+ session->session_id_length = SHA256_DIGEST_LENGTH;
+
session->ticket_age_add_valid = true;
session->not_resumable = false;
@@ -920,7 +926,7 @@
session.release();
}
- return 1;
+ return true;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/tls13_enc.cc b/src/ssl/tls13_enc.cc
index 84bc5d2..5e1f19a 100644
--- a/src/ssl/tls13_enc.cc
+++ b/src/ssl/tls13_enc.cc
@@ -30,12 +30,12 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
-static int init_key_schedule(SSL_HANDSHAKE *hs, uint16_t version,
+static bool init_key_schedule(SSL_HANDSHAKE *hs, uint16_t version,
const SSL_CIPHER *cipher) {
if (!hs->transcript.InitHash(version, cipher)) {
- return 0;
+ return false;
}
hs->hash_len = hs->transcript.DigestLen();
@@ -43,13 +43,13 @@
// Initialize the secret to the zero key.
OPENSSL_memset(hs->secret, 0, hs->hash_len);
- return 1;
+ return true;
}
-int tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk,
- size_t psk_len) {
+bool tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk,
+ size_t psk_len) {
if (!init_key_schedule(hs, ssl_protocol_version(hs->ssl), hs->new_cipher)) {
- return 0;
+ return false;
}
hs->transcript.FreeBuffer();
@@ -57,8 +57,8 @@
psk_len, hs->secret, hs->hash_len);
}
-int tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk,
- size_t psk_len) {
+bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk,
+ size_t psk_len) {
SSL *const ssl = hs->ssl;
return init_key_schedule(hs, ssl_session_protocol_version(ssl->session.get()),
ssl->session->cipher) &&
@@ -66,10 +66,11 @@
psk_len, hs->secret, hs->hash_len);
}
-static int hkdf_expand_label(uint8_t *out, const EVP_MD *digest,
- const uint8_t *secret, size_t secret_len,
- const char *label, size_t label_len,
- const uint8_t *hash, size_t hash_len, size_t len) {
+static bool hkdf_expand_label(uint8_t *out, const EVP_MD *digest,
+ const uint8_t *secret, size_t secret_len,
+ const char *label, size_t label_len,
+ const uint8_t *hash, size_t hash_len,
+ size_t len) {
static const char kTLS13LabelVersion[] = "tls13 ";
ScopedCBB cbb;
@@ -85,7 +86,7 @@
!CBB_add_u8_length_prefixed(cbb.get(), &child) ||
!CBB_add_bytes(&child, hash, hash_len) ||
!CBBFinishArray(cbb.get(), &hkdf_label)) {
- return 0;
+ return false;
}
return HKDF_expand(out, len, digest, secret, secret_len, hkdf_label.data(),
@@ -94,20 +95,20 @@
static const char kTLS13LabelDerived[] = "derived";
-int tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in,
- size_t len) {
+bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in,
+ size_t len) {
uint8_t derive_context[EVP_MAX_MD_SIZE];
unsigned derive_context_len;
if (!EVP_Digest(nullptr, 0, derive_context, &derive_context_len,
hs->transcript.Digest(), nullptr)) {
- return 0;
+ return false;
}
if (!hkdf_expand_label(hs->secret, hs->transcript.Digest(), hs->secret,
hs->hash_len, kTLS13LabelDerived,
strlen(kTLS13LabelDerived), derive_context,
derive_context_len, hs->hash_len)) {
- return 0;
+ return false;
}
return HKDF_extract(hs->secret, &hs->hash_len, hs->transcript.Digest(), in,
@@ -116,13 +117,13 @@
// derive_secret derives a secret of length |len| and writes the result in |out|
// with the given label and the current base secret and most recently-saved
-// handshake context. It returns one on success and zero on error.
-static int derive_secret(SSL_HANDSHAKE *hs, uint8_t *out, size_t len,
- const char *label, size_t label_len) {
+// handshake context. It returns true on success and false on error.
+static bool derive_secret(SSL_HANDSHAKE *hs, uint8_t *out, size_t len,
+ const char *label, size_t label_len) {
uint8_t context_hash[EVP_MAX_MD_SIZE];
size_t context_hash_len;
if (!hs->transcript.GetHash(context_hash, &context_hash_len)) {
- return 0;
+ return false;
}
return hkdf_expand_label(out, hs->transcript.Digest(), hs->secret,
@@ -130,15 +131,15 @@
context_hash_len, len);
}
-int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction,
- const uint8_t *traffic_secret,
- size_t traffic_secret_len) {
+bool tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction,
+ const uint8_t *traffic_secret,
+ size_t traffic_secret_len) {
const SSL_SESSION *session = SSL_get_session(ssl);
uint16_t version = ssl_session_protocol_version(session);
if (traffic_secret_len > 0xff) {
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
- return 0;
+ return false;
}
// Look up cipher suite properties.
@@ -146,7 +147,7 @@
size_t discard;
if (!ssl_cipher_get_evp_aead(&aead, &discard, &discard, session->cipher,
version, SSL_is_dtls(ssl))) {
- return 0;
+ return false;
}
const EVP_MD *digest = ssl_session_get_digest(session);
@@ -156,7 +157,7 @@
uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
if (!hkdf_expand_label(key, digest, traffic_secret, traffic_secret_len, "key",
3, NULL, 0, key_len)) {
- return 0;
+ return false;
}
// Derive the IV.
@@ -164,7 +165,7 @@
uint8_t iv[EVP_AEAD_MAX_NONCE_LENGTH];
if (!hkdf_expand_label(iv, digest, traffic_secret, traffic_secret_len, "iv",
2, NULL, 0, iv_len)) {
- return 0;
+ return false;
}
UniquePtr<SSLAEADContext> traffic_aead =
@@ -172,16 +173,16 @@
session->cipher, MakeConstSpan(key, key_len),
Span<const uint8_t>(), MakeConstSpan(iv, iv_len));
if (!traffic_aead) {
- return 0;
+ return false;
}
if (direction == evp_aead_open) {
if (!ssl->method->set_read_state(ssl, std::move(traffic_aead))) {
- return 0;
+ return false;
}
} else {
if (!ssl->method->set_write_state(ssl, std::move(traffic_aead))) {
- return 0;
+ return false;
}
}
@@ -196,7 +197,7 @@
ssl->s3->write_traffic_secret_len = traffic_secret_len;
}
- return 1;
+ return true;
}
@@ -209,7 +210,7 @@
static const char kTLS13LabelClientApplicationTraffic[] = "c ap traffic";
static const char kTLS13LabelServerApplicationTraffic[] = "s ap traffic";
-int tls13_derive_early_secrets(SSL_HANDSHAKE *hs) {
+bool tls13_derive_early_secrets(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (!derive_secret(hs, hs->early_traffic_secret, hs->hash_len,
kTLS13LabelClientEarlyTraffic,
@@ -219,13 +220,13 @@
!derive_secret(hs, ssl->s3->early_exporter_secret, hs->hash_len,
kTLS13LabelEarlyExporter,
strlen(kTLS13LabelEarlyExporter))) {
- return 0;
+ return false;
}
ssl->s3->early_exporter_secret_len = hs->hash_len;
- return 1;
+ return true;
}
-int tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) {
+bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
return derive_secret(hs, hs->client_handshake_secret, hs->hash_len,
kTLS13LabelClientHandshakeTraffic,
@@ -239,7 +240,7 @@
hs->server_handshake_secret, hs->hash_len);
}
-int tls13_derive_application_secrets(SSL_HANDSHAKE *hs) {
+bool tls13_derive_application_secrets(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
ssl->s3->exporter_secret_len = hs->hash_len;
return derive_secret(hs, hs->client_traffic_secret_0, hs->hash_len,
@@ -260,7 +261,7 @@
static const char kTLS13LabelApplicationTraffic[] = "traffic upd";
-int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) {
+bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) {
uint8_t *secret;
size_t secret_len;
if (direction == evp_aead_open) {
@@ -275,7 +276,7 @@
if (!hkdf_expand_label(
secret, digest, secret, secret_len, kTLS13LabelApplicationTraffic,
strlen(kTLS13LabelApplicationTraffic), NULL, 0, secret_len)) {
- return 0;
+ return false;
}
return tls13_set_traffic_key(ssl, direction, secret, secret_len);
@@ -283,10 +284,10 @@
static const char kTLS13LabelResumption[] = "res master";
-int tls13_derive_resumption_secret(SSL_HANDSHAKE *hs) {
+bool tls13_derive_resumption_secret(SSL_HANDSHAKE *hs) {
if (hs->hash_len > SSL_MAX_MASTER_KEY_LENGTH) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
hs->new_session->master_key_length = hs->hash_len;
return derive_secret(hs, hs->new_session->master_key,
@@ -298,23 +299,23 @@
// tls13_verify_data sets |out| to be the HMAC of |context| using a derived
// Finished key for both Finished messages and the PSK binder.
-static int tls13_verify_data(const EVP_MD *digest, uint16_t version,
- uint8_t *out, size_t *out_len,
- const uint8_t *secret, size_t hash_len,
- uint8_t *context, size_t context_len) {
+static bool tls13_verify_data(const EVP_MD *digest, uint16_t version,
+ uint8_t *out, size_t *out_len,
+ const uint8_t *secret, size_t hash_len,
+ uint8_t *context, size_t context_len) {
uint8_t key[EVP_MAX_MD_SIZE];
unsigned len;
if (!hkdf_expand_label(key, digest, secret, hash_len, kTLS13LabelFinished,
strlen(kTLS13LabelFinished), NULL, 0, hash_len) ||
HMAC(digest, key, hash_len, context, context_len, out, &len) == NULL) {
- return 0;
+ return false;
}
*out_len = len;
- return 1;
+ return true;
}
-int tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len,
- int is_server) {
+bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len,
+ bool is_server) {
const uint8_t *traffic_secret;
if (is_server) {
traffic_secret = hs->server_handshake_secret;
@@ -345,14 +346,14 @@
static const char kTLS13LabelExportKeying[] = "exporter";
-int tls13_export_keying_material(SSL *ssl, Span<uint8_t> out,
- Span<const uint8_t> secret,
- Span<const char> label,
- Span<const uint8_t> context) {
+bool tls13_export_keying_material(SSL *ssl, Span<uint8_t> out,
+ Span<const uint8_t> secret,
+ Span<const char> label,
+ Span<const uint8_t> context) {
if (secret.empty()) {
assert(0);
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
const EVP_MD *digest = ssl_session_get_digest(SSL_get_session(ssl));
@@ -378,21 +379,21 @@
static const char kTLS13LabelPSKBinder[] = "res binder";
-static int tls13_psk_binder(uint8_t *out, uint16_t version,
- const EVP_MD *digest, uint8_t *psk, size_t psk_len,
- uint8_t *context, size_t context_len,
- size_t hash_len) {
+static bool tls13_psk_binder(uint8_t *out, uint16_t version,
+ const EVP_MD *digest, uint8_t *psk, size_t psk_len,
+ uint8_t *context, size_t context_len,
+ size_t hash_len) {
uint8_t binder_context[EVP_MAX_MD_SIZE];
unsigned binder_context_len;
if (!EVP_Digest(NULL, 0, binder_context, &binder_context_len, digest, NULL)) {
- return 0;
+ return false;
}
uint8_t early_secret[EVP_MAX_MD_SIZE] = {0};
size_t early_secret_len;
if (!HKDF_extract(early_secret, &early_secret_len, digest, psk, hash_len,
NULL, 0)) {
- return 0;
+ return false;
}
uint8_t binder_key[EVP_MAX_MD_SIZE] = {0};
@@ -402,20 +403,20 @@
binder_context, binder_context_len, hash_len) ||
!tls13_verify_data(digest, version, out, &len, binder_key, hash_len,
context, context_len)) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-int tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len) {
+bool tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len) {
SSL *const ssl = hs->ssl;
const EVP_MD *digest = ssl_session_get_digest(ssl->session.get());
size_t hash_len = EVP_MD_size(digest);
if (len < hash_len + 3) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
ScopedEVP_MD_CTX ctx;
@@ -427,7 +428,7 @@
hs->transcript.buffer().size()) ||
!EVP_DigestUpdate(ctx.get(), msg, len - hash_len - 3) ||
!EVP_DigestFinal_ex(ctx.get(), context, &context_len)) {
- return 0;
+ return false;
}
uint8_t verify_data[EVP_MAX_MD_SIZE] = {0};
@@ -435,21 +436,21 @@
ssl->session->master_key,
ssl->session->master_key_length, context, context_len,
hash_len)) {
- return 0;
+ return false;
}
OPENSSL_memcpy(msg + len - hash_len, verify_data, hash_len);
- return 1;
+ return true;
}
-int tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session,
- const SSLMessage &msg, CBS *binders) {
+bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session,
+ const SSLMessage &msg, CBS *binders) {
size_t hash_len = hs->transcript.DigestLen();
// The message must be large enough to exclude the binders.
if (CBS_len(&msg.raw) < CBS_len(binders) + 2) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
// Hash a ClientHello prefix up to the binders. This includes the header. For
@@ -459,7 +460,7 @@
unsigned context_len;
if (!EVP_Digest(CBS_data(&msg.raw), CBS_len(&msg.raw) - CBS_len(binders) - 2,
context, &context_len, hs->transcript.Digest(), NULL)) {
- return 0;
+ return false;
}
uint8_t verify_data[EVP_MAX_MD_SIZE] = {0};
@@ -470,21 +471,21 @@
// We only consider the first PSK, so compare against the first binder.
!CBS_get_u8_length_prefixed(binders, &binder)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return 0;
+ return false;
}
- int binder_ok =
+ bool binder_ok =
CBS_len(&binder) == hash_len &&
CRYPTO_memcmp(CBS_data(&binder), verify_data, hash_len) == 0;
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- binder_ok = 1;
+ binder_ok = true;
#endif
if (!binder_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/tls13_server.cc b/src/ssl/tls13_server.cc
index aba7fc0..0d82d68 100644
--- a/src/ssl/tls13_server.cc
+++ b/src/ssl/tls13_server.cc
@@ -36,7 +36,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
enum server_hs_state_t {
state_select_parameters = 0,
@@ -716,7 +716,7 @@
size_t finished_len;
if (!tls13_finished_mac(hs, hs->expected_client_finished, &finished_len,
- 0 /* client */)) {
+ false /* client */)) {
return ssl_hs_error;
}
@@ -807,7 +807,7 @@
return ssl_hs_ok;
}
- const int allow_anonymous =
+ const bool allow_anonymous =
(hs->config->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) == 0;
SSLMessage msg;
if (!ssl->method->get_message(ssl, &msg)) {
@@ -1028,4 +1028,4 @@
return "TLS 1.3 server unknown";
}
-} // namespace bssl
+BSSL_NAMESPACE_END
diff --git a/src/ssl/tls_method.cc b/src/ssl/tls_method.cc
index 2af5171..116f027 100644
--- a/src/ssl/tls_method.cc
+++ b/src/ssl/tls_method.cc
@@ -65,7 +65,7 @@
#include "internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
static void ssl3_on_handshake_complete(SSL *ssl) {
// The handshake should have released its final message.
@@ -182,7 +182,7 @@
ssl_noop_x509_ssl_ctx_flush_cached_client_CA,
};
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/src/ssl/tls_record.cc b/src/ssl/tls_record.cc
index a2e4a20..c1f9e7f 100644
--- a/src/ssl/tls_record.cc
+++ b/src/ssl/tls_record.cc
@@ -119,7 +119,7 @@
#include "../crypto/internal.h"
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
// kMaxEmptyRecords is the number of consecutive, empty records that will be
// processed. Without this limit an attacker could send empty records at a
@@ -140,26 +140,26 @@
// ssl_needs_record_splitting returns one if |ssl|'s current outgoing cipher
// state needs record-splitting and zero otherwise.
-static int ssl_needs_record_splitting(const SSL *ssl) {
+static bool ssl_needs_record_splitting(const SSL *ssl) {
#if !defined(BORINGSSL_UNSAFE_FUZZER_MODE)
return !ssl->s3->aead_write_ctx->is_null_cipher() &&
ssl->s3->aead_write_ctx->ProtocolVersion() < TLS1_1_VERSION &&
(ssl->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0 &&
SSL_CIPHER_is_block_cipher(ssl->s3->aead_write_ctx->cipher());
#else
- return 0;
+ return false;
#endif
}
-int ssl_record_sequence_update(uint8_t *seq, size_t seq_len) {
+bool ssl_record_sequence_update(uint8_t *seq, size_t seq_len) {
for (size_t i = seq_len - 1; i < seq_len; i--) {
++seq[i];
if (seq[i] != 0) {
- return 1;
+ return true;
}
}
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
- return 0;
+ return false;
}
size_t ssl_record_prefix_len(const SSL *ssl) {
@@ -373,9 +373,9 @@
return ssl_open_record_success;
}
-static int do_seal_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,
- uint8_t *out_suffix, uint8_t type, const uint8_t *in,
- const size_t in_len) {
+static bool do_seal_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,
+ uint8_t *out_suffix, uint8_t type, const uint8_t *in,
+ const size_t in_len) {
SSLAEADContext *aead = ssl->s3->aead_write_ctx.get();
uint8_t *extra_in = NULL;
size_t extra_in_len = 0;
@@ -390,7 +390,7 @@
if (!aead->SuffixLen(&suffix_len, in_len, extra_in_len) ||
!aead->CiphertextLen(&ciphertext_len, in_len, extra_in_len)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE);
- return 0;
+ return false;
}
assert(in == out || !buffers_alias(in, in_len, out, in_len));
@@ -415,11 +415,11 @@
out_prefix[0], record_version, ssl->s3->write_sequence,
header, in, in_len, extra_in, extra_in_len) ||
!ssl_record_sequence_update(ssl->s3->write_sequence, 8)) {
- return 0;
+ return false;
}
ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, header);
- return 1;
+ return true;
}
static size_t tls_seal_scatter_prefix_len(const SSL *ssl, uint8_t type,
@@ -464,7 +464,7 @@
// returns one on success and zero on error. If enabled,
// |tls_seal_scatter_record| implements TLS 1.0 CBC 1/n-1 record splitting and
// may write two records concatenated.
-static int tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,
+static bool tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,
uint8_t *out_suffix, uint8_t type,
const uint8_t *in, size_t in_len) {
if (type == SSL3_RT_APPLICATION_DATA && in_len > 1 &&
@@ -478,13 +478,13 @@
if (!do_seal_record(ssl, out_prefix, split_body, split_suffix, type, in,
1)) {
- return 0;
+ return false;
}
size_t split_record_suffix_len;
if (!ssl->s3->aead_write_ctx->SuffixLen(&split_record_suffix_len, 1, 0)) {
assert(false);
- return 0;
+ return false;
}
const size_t split_record_len = prefix_len + 1 + split_record_suffix_len;
assert(SSL3_RT_HEADER_LENGTH + ssl_cipher_get_record_split_len(
@@ -496,24 +496,25 @@
uint8_t tmp_prefix[SSL3_RT_HEADER_LENGTH];
if (!do_seal_record(ssl, tmp_prefix, out + 1, out_suffix, type, in + 1,
in_len - 1)) {
- return 0;
+ return false;
}
assert(tls_seal_scatter_prefix_len(ssl, type, in_len) ==
split_record_len + SSL3_RT_HEADER_LENGTH - 1);
OPENSSL_memcpy(out_prefix + split_record_len, tmp_prefix,
SSL3_RT_HEADER_LENGTH - 1);
OPENSSL_memcpy(out, tmp_prefix + SSL3_RT_HEADER_LENGTH - 1, 1);
- return 1;
+ return true;
}
return do_seal_record(ssl, out_prefix, out, out_suffix, type, in, in_len);
}
-int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
- uint8_t type, const uint8_t *in, size_t in_len) {
+bool tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len,
+ size_t max_out_len, uint8_t type, const uint8_t *in,
+ size_t in_len) {
if (buffers_alias(in, in_len, out, max_out_len)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
- return 0;
+ return false;
}
const size_t prefix_len = tls_seal_scatter_prefix_len(ssl, type, in_len);
@@ -524,22 +525,22 @@
if (in_len + prefix_len < in_len ||
prefix_len + in_len + suffix_len < prefix_len + in_len) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE);
- return 0;
+ return false;
}
if (max_out_len < in_len + prefix_len + suffix_len) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
- return 0;
+ return false;
}
uint8_t *prefix = out;
uint8_t *body = out + prefix_len;
uint8_t *suffix = body + in_len;
if (!tls_seal_scatter_record(ssl, prefix, body, suffix, type, in, in_len)) {
- return 0;
+ return false;
}
*out_len = prefix_len + in_len + suffix_len;
- return 1;
+ return true;
}
enum ssl_open_record_t ssl_process_alert(SSL *ssl, uint8_t *out_alert,
@@ -674,7 +675,7 @@
in.data(), in.size());
}
-} // namespace bssl
+BSSL_NAMESPACE_END
using namespace bssl;