Treat boolean functions as booleans

Use "!x" instead of "x <= 0", as these functions never return a negative
value.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

apps/s_client.c

@@ -1669,7 +1669,7 @@ int s_client_main(int argc, char **argv)
         goto end;
     }
 
-    if (ctx_set_ctlog_list_file(ctx, ctlog_file) <= 0) {
+    if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
         ERR_print_errors(bio_err);
         goto end;
     }

crypto/ct/ct_log.c

@@ -243,26 +243,24 @@ int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
     if (load_ctx->conf == NULL)
         goto end;
 
-    ret = NCONF_load(load_ctx->conf, file, NULL);
-    if (ret <= 0) {
+    if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
         CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
         goto end;
     }
 
     enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
     if (enabled_logs == NULL) {
-        ret = 0;
         CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
         goto end;
     }
 
-    ret = CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx);
-    if (ret == 1 && load_ctx->invalid_log_entries > 0) {
-        ret = 0;
+    if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
+        load_ctx->invalid_log_entries > 0) {
         CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
         goto end;
     }
 
+    ret = 1;
 end:
     NCONF_free(load_ctx->conf);
     ctlog_store_load_ctx_free(load_ctx);

crypto/ct/ct_prn.c

@@ -69,7 +69,7 @@ static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
 {
     int nid = SCT_get_signature_nid(sct);
 
-    if (nid <= 0)
+    if (nid == NID_undef)
         BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg);
     else
         BIO_printf(out, "%s", OBJ_nid2ln(nid));

crypto/ct/ct_vfy.c

@@ -204,13 +204,13 @@ static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
 int SCT_verify(const SCT_CTX *sctx, const SCT *sct)
 {
     EVP_MD_CTX *ctx = NULL;
-    int ret = -1;
+    int ret = 0;
 
     if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
         sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
         (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
         CTerr(CT_F_SCT_VERIFY, CT_R_SCT_NOT_SET);
-        return -1;
+        return 0;
     }
     if (sct->version != SCT_VERSION_V1) {
         CTerr(CT_F_SCT_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
@@ -251,7 +251,7 @@ int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer,
 
     if (!SCT_is_complete(sct)) {
         CTerr(CT_F_SCT_VERIFY_V1, CT_R_SCT_NOT_SET);
-        return -1;
+        return 0;
     }
 
     if (sct->version != 0) {
@@ -263,22 +263,17 @@ int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer,
     if (sctx == NULL)
         goto done;
 
-    ret = SCT_CTX_set1_pubkey(sctx, log_pubkey);
-    if (ret <= 0)
+    if (!SCT_CTX_set1_pubkey(sctx, log_pubkey))
         goto done;
 
-    ret = SCT_CTX_set1_cert(sctx, cert, preissuer);
-    if (ret <= 0)
+    if (!SCT_CTX_set1_cert(sctx, cert, preissuer))
         goto done;
 
-    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
-        ret = SCT_CTX_set1_issuer(sctx, issuer_cert);
-        if (ret <= 0)
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT &&
+        !SCT_CTX_set1_issuer(sctx, issuer_cert))
         goto done;
-    }
 
     ret = SCT_verify(sctx, sct);
-
 done:
     SCT_CTX_free(sctx);
     return ret;

include/openssl/ct.h

@@ -347,15 +347,13 @@ void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
 
 /*
  * Verifies an SCT with the given context.
- * Returns 1 if the SCT verifies successfully, 0 if it cannot be verified and a
- * negative integer if an error occurs.
+ * Returns 1 if the SCT verifies successfully, 0 otherwise.
  */
 __owur int SCT_verify(const SCT_CTX *sctx, const SCT *sct);
 
 /*
  * Verifies an SCT against the provided data.
- * Returns 1 if the SCT verifies successfully, 0 if it cannot be verified and a
- * negative integer if an error occurs.
+ * Returns 1 if the SCT verifies successfully, 0 otherwise.
  */
 __owur int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer,
                   X509_PUBKEY *log_pubkey, X509 *issuer_cert);