Introduce TLSEXT_STATUSTYPE_nothing constant

The existing code used the magic number -1 to represent the absence of
a status_type in the extension. This commit replaces it with a macro.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

7 files changed, 14 insertions, 6 deletions

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 4d41b17fa0..65e3ba1824 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2556,7 +2556,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
      */
     ret->options |= SSL_OP_NO_COMPRESSION;
 
-    ret->tlsext_status_type = -1;
+    ret->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
 
     return ret;
  err:
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c18fec33a6..6b603dd5fb 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1671,6 +1671,12 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_padding
 } TLSEXT_INDEX;
 
+/*
+ * Dummy status type for the status_type extension. Indicates no status type
+ * set
+ */
+#define TLSEXT_STATUSTYPE_nothing  -1
+
 #define MAX_COMPRESSIONS_SIZE   255
 
 typedef struct {
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 5c0dda411d..15a47e0b84 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -764,7 +764,7 @@ static int init_session_ticket(SSL *s, unsigned int context)
 static int init_status_request(SSL *s, unsigned int context)
 {
     if (s->server)
-        s->tlsext_status_type = -1;
+        s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
 
     return 1;
 }
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 950f1990cc..71187f6656 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -754,7 +754,8 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, int *al)
      * MUST be empty and only sent if we've requested a status
      * request message.
      */
-    if (s->tlsext_status_type == -1 || PACKET_remaining(pkt) > 0) {
+    if (s->tlsext_status_type == TLSEXT_STATUSTYPE_nothing
+            || PACKET_remaining(pkt) > 0) {
         *al = SSL_AD_UNSUPPORTED_EXTENSION;
         return 0;
     }
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 1eeae096d6..bf569d280a 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -228,7 +228,7 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, int *al)
         /*
          * We don't know what to do with any other type so ignore it.
          */
-        s->tlsext_status_type = -1;
+        s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
         return 1;
     }
 
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 7017615af3..18430ea315 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2227,7 +2227,8 @@ int tls_process_initial_server_flight(SSL *s, int *al)
      * |tlsext_ocsp_resplen| values will be set if we actually received a status
      * message, or NULL and -1 otherwise
      */
-    if (s->tlsext_status_type != -1 && s->ctx->tlsext_status_cb != NULL) {
+    if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing
+            && s->ctx->tlsext_status_cb != NULL) {
         int ret;
         ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
         if (ret == 0) {
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 12d1670278..56f3998703 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1704,7 +1704,7 @@ static int tls_handle_status_request(SSL *s, int *al)
      * and must be called after the cipher has been chosen because this may
      * influence which certificate is sent
      */
-    if (s->tlsext_status_type != -1 && s->ctx != NULL
+    if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL
             && s->ctx->tlsext_status_cb != NULL) {
         int ret;
         CERT_PKEY *certpkey = ssl_get_server_send_pkey(s);