x509: replace the bool type with the unsigned type

This allows to rely on gcc warnings for improper checks and
conversions. Unfortunately gcc does warn on invalid checks for
the bool type (e.g., b<0).

diff --git a/lib/x509/common.c b/lib/x509/common.c
index 2d32428100eeffc293036c4c2ef9362e9861f512..84d6688e4bf7e93913c72ada1b2df63da20c1e6f 100644 (file)
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1622,13 +1622,13 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert,
        return ret;
 }
 
-bool
+unsigned
 _gnutls_check_valid_key_id(gnutls_datum_t *key_id,
                            gnutls_x509_crt_t cert, time_t now)
 {
        uint8_t id[MAX_KEY_ID_SIZE];
        size_t id_size;
-       bool result = 0;
+       unsigned result = 0;
 
        if (now > gnutls_x509_crt_get_expiration_time(cert) ||
            now < gnutls_x509_crt_get_activation_time(cert)) {

diff --git a/lib/x509/common.h b/lib/x509/common.h
index 17a19569bc296df998904fd4e76c1224c547735f..b2413c4511e387f8f11f9cd323c8c41603465cb2 100644 (file)
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -26,7 +26,6 @@
 #include <algorithms.h>
 #include <abstract_int.h>
 #include <x509/x509_int.h>
-#include <stdbool.h>
 #include <fips.h>
 
 #define MAX_STRING_LEN 512
@@ -204,20 +203,20 @@ int
 _gnutls_x509_get_raw_field2(ASN1_TYPE c2, gnutls_datum_t * raw,
                         const char *whom, gnutls_datum_t * dn);
 
-bool
+unsigned
 _gnutls_check_if_same_key(gnutls_x509_crt_t cert1,
                          gnutls_x509_crt_t cert2,
                          unsigned is_ca);
 
-bool
+unsigned
 _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1,
                           gnutls_datum_t *cert2bin);
 
-bool
+unsigned
 _gnutls_check_valid_key_id(gnutls_datum_t *key_id,
                           gnutls_x509_crt_t cert, time_t now);
 
-bool _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any);
+unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any);
 
 time_t _gnutls_x509_generalTime2gtime(const char *ttime);
 
@@ -232,7 +231,7 @@ int _gnutls_set_extension(ASN1_TYPE asn, const char *root,
 int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf,
                            size_t * sizeof_buf);
 
-bool _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
+unsigned _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
 
 int _gnutls_copy_string(gnutls_datum_t* str, uint8_t *out, size_t *out_size);
 int _gnutls_copy_data(gnutls_datum_t* str, uint8_t *out, size_t *out_size);

diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 7ccf370f990388a0a1c45d7de43844b097fcc116..6ec63784cc1e5cbfc5daf51e19e774b6e20a4efa 100644 (file)
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -37,18 +37,17 @@
 #include <x509_int.h>
 #include <common.h>
 #include <pk.h>
-#include <stdbool.h>
 
 /* Checks if two certs have the same name and the same key.  Return 1 on match. 
  * If @is_ca is zero then this function is identical to gnutls_x509_crt_equals()
  */
-bool
+unsigned
 _gnutls_check_if_same_key(gnutls_x509_crt_t cert1,
                          gnutls_x509_crt_t cert2,
                          unsigned is_ca)
 {
        int ret;
-       bool result;
+       unsigned result;
 
        if (is_ca == 0)
                return gnutls_x509_crt_equals(cert1, cert2);
@@ -66,7 +65,7 @@ _gnutls_check_if_same_key(gnutls_x509_crt_t cert1,
        return result;
 }
 
-bool
+unsigned
 _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1,
                           gnutls_datum_t * cert2bin)
 {
@@ -97,7 +96,7 @@ _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1,
  * Returns true or false, if the issuer is a CA,
  * or not.
  */
-static bool
+static unsigned
 check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
            unsigned int *max_path, unsigned int flags)
 {
@@ -106,7 +105,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
        gnutls_datum_t cert_signature = { NULL, 0 };
        gnutls_datum_t issuer_signature = { NULL, 0 };
        int pathlen = -1, ret;
-       bool result;
+       unsigned result;
        unsigned int ca_status = 0;
 
        /* Check if the issuer is the same with the
@@ -214,14 +213,14 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
  *
  * Returns 1 if they match and (0) if they don't match. 
  */
-static bool is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
+static unsigned is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
 {
        uint8_t id1[MAX_KEY_ID_SIZE];
        uint8_t id2[MAX_KEY_ID_SIZE];
        size_t id1_size;
        size_t id2_size;
        int ret;
-       bool result;
+       unsigned result;
 
        if (_gnutls_x509_compare_raw_dn
            (&cert->raw_issuer_dn, &issuer->raw_dn) != 0)
@@ -270,7 +269,7 @@ static bool is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
 /* Check if the given certificate is the issuer of the CRL.
  * Returns 1 on success and 0 otherwise.
  */
-static bool is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer)
+static unsigned is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer)
 {
        if (_gnutls_x509_compare_raw_dn
            (&crl->raw_issuer_dn, &issuer->raw_dn) != 0)
@@ -283,7 +282,7 @@ static bool is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer)
  * Returns 1 if they match and (0) if they don't match. Otherwise
  * a negative error code is returned to indicate error.
  */
-bool _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
+unsigned _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
 {
        if (_gnutls_x509_compare_raw_dn(&cert1->raw_dn, &cert2->raw_dn) !=
            0)
@@ -393,7 +392,7 @@ int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags)
  * @sigalg: the signature algorithm used
  * @flags: the specified verification flags
  */
-static bool is_level_acceptable(
+static unsigned is_level_acceptable(
        gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
        gnutls_sign_algorithm_t sigalg, unsigned flags)
 {
@@ -524,7 +523,7 @@ int hash;
  * Output will hold some extra information about the verification
  * procedure. Issuer will hold the actual issuer from the trusted list.
  */
-static bool
+static unsigned
 verify_crt(gnutls_x509_crt_t cert,
                            const gnutls_x509_crt_t * trusted_cas,
                            int tcas_size, unsigned int flags,
@@ -532,7 +531,7 @@ verify_crt(gnutls_x509_crt_t cert,
                            gnutls_x509_crt_t * _issuer,
                            time_t now,
                            unsigned int *max_path,
-                           bool end_cert,
+                           unsigned end_cert,
                            gnutls_x509_name_constraints_t nc,
                            gnutls_verify_output_function func)
 {
@@ -540,7 +539,7 @@ verify_crt(gnutls_x509_crt_t cert,
        gnutls_datum_t cert_signature = { NULL, 0 };
        gnutls_x509_crt_t issuer = NULL;
        int issuer_version, hash_algo;
-       bool result = 1;
+       unsigned result = 1;
        const mac_entry_st * me;
        unsigned int out = 0, usage;
        int sigalg, ret;
@@ -964,7 +963,7 @@ cleanup:
 
 /* Returns true if the provided purpose is in accordance with the certificate.
  */
-bool _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any)
+unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any)
 {
        char oid[MAX_OID_SIZE];
        size_t oid_size;