From 783798ca424fe44b36bdec386da91da75e856cdd Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Wed, 28 Jun 2017 16:33:55 +0200 Subject: BearSSL: Initial support and hash tests BearSSL is an implementation of the SSL/TLS protocol in C aiming to be correct and secure, small and highly portable. Thus making it nicer to be included in a rather sparse bootloader. This commit adds support for BearSSL's hash routines only, with more stuff coming up in following commits. The goal is to be able to test BearSSL using Botan's extensive testsuite. --- src/lib/prov/bearssl/bearssl.h | 35 ++++++++++ src/lib/prov/bearssl/bearssl_hash.cpp | 116 ++++++++++++++++++++++++++++++++++ src/lib/prov/bearssl/info.txt | 13 ++++ 3 files changed, 164 insertions(+) create mode 100644 src/lib/prov/bearssl/bearssl.h create mode 100644 src/lib/prov/bearssl/bearssl_hash.cpp create mode 100644 src/lib/prov/bearssl/info.txt (limited to 'src/lib/prov/bearssl') diff --git a/src/lib/prov/bearssl/bearssl.h b/src/lib/prov/bearssl/bearssl.h new file mode 100644 index 000000000..d438c47c7 --- /dev/null +++ b/src/lib/prov/bearssl/bearssl.h @@ -0,0 +1,35 @@ +/* +* Utils for calling BearSSL +* (C) 2015,2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_INTERNAL_BEARSSL_H__ +#define BOTAN_INTERNAL_BEARSSL_H__ + +#include +#include +#include +#include +#include + +namespace Botan { + +class HashFunction; + +class BearSSL_Error : public Exception + { + public: + BearSSL_Error(const std::string& what) : + Exception(what + " failed") {} + }; + +/* Hash */ + +std::unique_ptr +make_bearssl_hash(const std::string& name); + +} + +#endif diff --git a/src/lib/prov/bearssl/bearssl_hash.cpp b/src/lib/prov/bearssl/bearssl_hash.cpp new file mode 100644 index 000000000..74b6a9ae7 --- /dev/null +++ b/src/lib/prov/bearssl/bearssl_hash.cpp @@ -0,0 +1,116 @@ +/* +* BearSSL Hash Functions +* (C) 1999-2007,2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include + +namespace Botan { + +namespace { + +class BearSSL_HashFunction : public HashFunction + { + public: + void clear() override + { + m_ctx.vtable->init(&m_ctx.vtable); + } + + std::string provider() const override { return "bearssl"; } + std::string name() const override { return m_name; } + + HashFunction* clone() const override + { + return new BearSSL_HashFunction(m_ctx.vtable, m_name); + } + + std::unique_ptr copy_state() const override + { + std::unique_ptr copy(new BearSSL_HashFunction(m_ctx.vtable, m_name)); + memcpy(©->m_ctx, &m_ctx, sizeof(m_ctx)); + return std::move(copy); + } + + size_t output_length() const override + { + return (m_ctx.vtable->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK; + } + + size_t hash_block_size() const override + { + return 1 << ((m_ctx.vtable->desc >> BR_HASHDESC_LBLEN_OFF) & BR_HASHDESC_LBLEN_MASK); + } + + BearSSL_HashFunction(const br_hash_class *hash, const std::string name) + { + m_name = name; + hash->init(&m_ctx.vtable); + } + + ~BearSSL_HashFunction() + { + } + + private: + void add_data(const uint8_t input[], size_t length) override + { + m_ctx.vtable->update(&m_ctx.vtable, input, length); + } + + void final_result(uint8_t output[]) override + { + m_ctx.vtable->out(&m_ctx.vtable, output); + m_ctx.vtable->init(&m_ctx.vtable); + } + + std::string m_name; + br_hash_compat_context m_ctx; + }; + +} + +std::unique_ptr +make_bearssl_hash(const std::string& name) + { +#define MAKE_BEARSSL_HASH(vtable) \ + std::unique_ptr(new BearSSL_HashFunction(vtable, name)) + +#if defined(BOTAN_HAS_SHA2_32) + if(name == "SHA-224") + return MAKE_BEARSSL_HASH(&br_sha224_vtable); + if(name == "SHA-256") + return MAKE_BEARSSL_HASH(&br_sha256_vtable); +#endif + +#if defined(BOTAN_HAS_SHA2_64) + if(name == "SHA-384") + return MAKE_BEARSSL_HASH(&br_sha384_vtable); + if(name == "SHA-512") + return MAKE_BEARSSL_HASH(&br_sha512_vtable); +#endif + +#if defined(BOTAN_HAS_SHA1) + if(name == "SHA-160" || name == "SHA-1") + return MAKE_BEARSSL_HASH(&br_sha1_vtable); +#endif + +#if defined(BOTAN_HAS_MD5) + if(name == "MD5") + return MAKE_BEARSSL_HASH(&br_md5_vtable); +#endif + +#if defined(BOTAN_HAS_PARALLEL_HASH) + if(name == "Parallel(MD5,SHA-160)") + return MAKE_BEARSSL_HASH(&br_md5sha1_vtable); +#endif + + return nullptr; + } + +} diff --git a/src/lib/prov/bearssl/info.txt b/src/lib/prov/bearssl/info.txt new file mode 100644 index 000000000..cf38a1fe7 --- /dev/null +++ b/src/lib/prov/bearssl/info.txt @@ -0,0 +1,13 @@ + +BEARSSL -> 20170628 + + +load_on vendor + + +bearssl.h + + + +all!windows -> bearssl + -- cgit v1.2.3 From 92b0ff1faaba7c3fd886e79550bf5fe0fc567e25 Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Wed, 28 Jun 2017 16:39:29 +0200 Subject: BearSSL: Support for ECDSA This commit adds support for ECDSA using BearSSL as a backend. This means we can test BearSSL's ECDSA algorithms using the extensive Botan testsuite. --- src/lib/prov/bearssl/bearssl.h | 14 +++ src/lib/prov/bearssl/bearssl_ec.cpp | 192 ++++++++++++++++++++++++++++++++++++ src/lib/pubkey/ecdsa/ecdsa.cpp | 34 +++++++ src/tests/test_pubkey.cpp | 4 +- 4 files changed, 242 insertions(+), 2 deletions(-) create mode 100644 src/lib/prov/bearssl/bearssl_ec.cpp (limited to 'src/lib/prov/bearssl') diff --git a/src/lib/prov/bearssl/bearssl.h b/src/lib/prov/bearssl/bearssl.h index d438c47c7..9188770c3 100644 --- a/src/lib/prov/bearssl/bearssl.h +++ b/src/lib/prov/bearssl/bearssl.h @@ -30,6 +30,20 @@ class BearSSL_Error : public Exception std::unique_ptr make_bearssl_hash(const std::string& name); +/* ECDSA */ + +#if defined(BOTAN_HAS_ECDSA) + +class ECDSA_PublicKey; +class ECDSA_PrivateKey; + +std::unique_ptr +make_bearssl_ecdsa_ver_op(const ECDSA_PublicKey& key, const std::string& params); +std::unique_ptr +make_bearssl_ecdsa_sig_op(const ECDSA_PrivateKey& key, const std::string& params); + +#endif + } #endif diff --git a/src/lib/prov/bearssl/bearssl_ec.cpp b/src/lib/prov/bearssl/bearssl_ec.cpp new file mode 100644 index 000000000..507345f24 --- /dev/null +++ b/src/lib/prov/bearssl/bearssl_ec.cpp @@ -0,0 +1,192 @@ +/* +* ECDSA via BearSSL +* (C) 2015,2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include + +#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) + #include + #include + #include + #include +#endif + +#if defined(BOTAN_HAS_ECDSA) + #include +#endif + +#include +#include + +namespace Botan { + +#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) + +namespace { + +int BearSSL_EC_curve_for(const EC_Group& group) + { + if(group == EC_Group("secp256r1")) + return BR_EC_secp256r1; + if(group == EC_Group("secp384r1")) + return BR_EC_secp384r1; + if(group == EC_Group("secp521r1")) + return BR_EC_secp521r1; + + return -1; + } + +const br_hash_class *BearSSL_hash_class_for(const std::string& emsa) + { + if (emsa == "EMSA1(SHA-1)") + return &br_sha1_vtable; + if (emsa == "EMSA1(SHA-224)") + return &br_sha224_vtable; + if (emsa == "EMSA1(SHA-256)") + return &br_sha256_vtable; + if (emsa == "EMSA1(SHA-384)") + return &br_sha384_vtable; + if (emsa == "EMSA1(SHA-512)") + return &br_sha512_vtable; + + return NULL; + } +} + +#endif + +#if defined(BOTAN_HAS_ECDSA) && !defined(OPENSSL_NO_ECDSA) + +namespace { + +class BearSSL_ECDSA_Verification_Operation : public PK_Ops::Verification + { + public: + BearSSL_ECDSA_Verification_Operation(const ECDSA_PublicKey& ecdsa, const std::string& emsa) : + m_order_bits(ecdsa.domain().get_order().bits()) + { + const int curve = BearSSL_EC_curve_for(ecdsa.domain()); + if (curve < 0) + throw Lookup_Error("BearSSL ECDSA does not support this curve"); + + m_hash = BearSSL_hash_class_for(emsa); + if (m_hash == NULL) + throw Lookup_Error("BearSSL ECDSA does not support EMSA " + emsa); + + const SCAN_Name req(emsa); + m_hf = make_bearssl_hash(req.arg(0)); + if (m_hf == NULL) + throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); + + const secure_vector enc = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED); + m_key.qlen = enc.size(); + m_key.q = new uint8_t[m_key.qlen]; + memcpy(m_key.q, (unsigned char *)enc.data(), m_key.qlen); + m_key.curve = curve; + } + + void update(const uint8_t msg[], size_t msg_len) override + { + m_hf->update(msg, msg_len); + } + + bool is_valid_signature(const uint8_t sig[], size_t sig_len) override + { + const size_t order_bytes = (m_order_bits + 7) / 8; + if (sig_len != 2 * order_bytes) + return false; + secure_vector msg = m_hf->final(); + + br_ecdsa_vrfy engine = br_ecdsa_vrfy_raw_get_default(); + if (!engine(&br_ec_prime_i31, msg.data(), msg.size(), &m_key, sig, sig_len)) + return false; + + return true; + } + + size_t max_input_bits() const { return m_order_bits; } + + private: + br_ec_public_key m_key; + std::unique_ptr m_hf; + const br_hash_class *m_hash; + size_t m_order_bits; + }; + +class BearSSL_ECDSA_Signing_Operation : public PK_Ops::Signature + { + public: + BearSSL_ECDSA_Signing_Operation(const ECDSA_PrivateKey& ecdsa, const std::string& emsa) : + m_order_bits(ecdsa.domain().get_order().bits()) + { + const int curve = BearSSL_EC_curve_for(ecdsa.domain()); + if(curve < 0) + throw Lookup_Error("BearSSL ECDSA does not support this curve"); + + m_hash = BearSSL_hash_class_for(emsa); + if (m_hash == NULL) + throw Lookup_Error("BearSSL ECDSA does not support EMSA " + emsa); + + const SCAN_Name req(emsa); + m_hf = make_bearssl_hash(req.arg(0)); + if (m_hf == NULL) + throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); + + m_key.xlen = ecdsa.private_value().bytes(); + m_key.x = new uint8_t[m_key.xlen]; + ecdsa.private_value().binary_encode(m_key.x); + m_key.curve = curve; + } + + + void update(const uint8_t msg[], size_t msg_len) override + { + m_hf->update(msg, msg_len); + } + + secure_vector sign(RandomNumberGenerator&) override + { + const size_t order_bytes = (m_order_bits + 7) / 8; + secure_vector sigval(2*order_bytes); + size_t sign_len; + + br_ecdsa_sign engine = br_ecdsa_sign_raw_get_default(); + sign_len = engine(&br_ec_prime_i31, m_hash, m_hf->final().data(), &m_key, sigval.data()); + if (sign_len == 0) + throw BearSSL_Error("br_ecdsa_sign"); + + sigval.resize(sign_len); + return sigval; + } + + size_t max_input_bits() const { return m_order_bits; } + + private: + br_ec_private_key m_key; + std::unique_ptr m_hf; + const br_hash_class *m_hash; + size_t m_order_bits; + }; + +} + +std::unique_ptr +make_bearssl_ecdsa_ver_op(const ECDSA_PublicKey& key, const std::string& params) + { + return std::unique_ptr(new BearSSL_ECDSA_Verification_Operation(key, params)); + } + +std::unique_ptr +make_bearssl_ecdsa_sig_op(const ECDSA_PrivateKey& key, const std::string& params) + { + return std::unique_ptr(new BearSSL_ECDSA_Signing_Operation(key, params)); + } + +#endif + +} diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index bb65fb138..72551c8c7 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -18,6 +18,10 @@ #include #endif +#if defined(BOTAN_HAS_BEARSSL) + #include +#endif + #if defined(BOTAN_HAS_OPENSSL) #include #endif @@ -156,6 +160,21 @@ std::unique_ptr ECDSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { +#if defined(BOTAN_HAS_BEARSSL) + if(provider == "bearssl" || provider.empty()) + { + try + { + return make_bearssl_ecdsa_ver_op(*this, params); + } + catch(Lookup_Error& e) + { + if(provider == "bearssl") + throw; + } + } +#endif + #if defined(BOTAN_HAS_OPENSSL) if(provider == "openssl" || provider.empty()) { @@ -182,6 +201,21 @@ ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { +#if defined(BOTAN_HAS_BEARSSL) + if(provider == "bearssl" || provider.empty()) + { + try + { + return make_bearssl_ecdsa_sig_op(*this, params); + } + catch(Lookup_Error& e) + { + if(provider == "bearssl") + throw; + } + } +#endif + #if defined(BOTAN_HAS_OPENSSL) if(provider == "openssl" || provider.empty()) { diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp index a38b7d3f3..d25bf8d68 100644 --- a/src/tests/test_pubkey.cpp +++ b/src/tests/test_pubkey.cpp @@ -82,9 +82,9 @@ void check_invalid_ciphertexts(Test::Result& result, " invalid ciphertexts, rejected " + std::to_string(ciphertext_rejected)); } -std::vector PK_Test::possible_providers(const std::string&) +std::vector PK_Test::possible_providers(const std::string& params) { - return Test::provider_filter({ "base", "openssl", "tpm" }); + return Test::provider_filter({ "base", "bearssl", "openssl", "tpm" }); } Test::Result -- cgit v1.2.3 From b93dd6e2f4eb715640d61be44451c35e9feba23b Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Wed, 28 Jun 2017 22:15:16 +0200 Subject: BearSSL: move includes into extern "C" Without the specific extern "C" declaration for the includes the C functions might get C++'d so the linking stage fails. --- src/lib/prov/bearssl/bearssl_ec.cpp | 6 ++++-- src/lib/prov/bearssl/bearssl_hash.cpp | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'src/lib/prov/bearssl') diff --git a/src/lib/prov/bearssl/bearssl_ec.cpp b/src/lib/prov/bearssl/bearssl_ec.cpp index 507345f24..c62d78437 100644 --- a/src/lib/prov/bearssl/bearssl_ec.cpp +++ b/src/lib/prov/bearssl/bearssl_ec.cpp @@ -20,8 +20,10 @@ #include #endif -#include -#include +extern "C" { + #include + #include +} namespace Botan { diff --git a/src/lib/prov/bearssl/bearssl_hash.cpp b/src/lib/prov/bearssl/bearssl_hash.cpp index 74b6a9ae7..af63e05c3 100644 --- a/src/lib/prov/bearssl/bearssl_hash.cpp +++ b/src/lib/prov/bearssl/bearssl_hash.cpp @@ -7,9 +7,12 @@ #include #include -#include #include +extern "C" { + #include +} + namespace Botan { namespace { -- cgit v1.2.3 From 8352476972cbf2b942d1afdbce157b7a659717ef Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Wed, 5 Jul 2017 11:26:04 +0200 Subject: BearSSL: implement PR feedback and compare ECGroup OID name This commit implements the feedback from @securitykernel on the PR and also changes the EC Group comparison to use the OID, akin to OpenSSL. The EC Group comparison was needed before GH #1093 was merged, but now we can go use the OpenSSL variant. --- src/lib/hash/hash.cpp | 12 +++++------ src/lib/prov/bearssl/bearssl.h | 1 + src/lib/prov/bearssl/bearssl_ec.cpp | 39 ++++++++++++++++++++++++----------- src/lib/prov/bearssl/bearssl_hash.cpp | 1 + 4 files changed, 35 insertions(+), 18 deletions(-) (limited to 'src/lib/prov/bearssl') diff --git a/src/lib/hash/hash.cpp b/src/lib/hash/hash.cpp index cd2b5ad7a..bd162ff2c 100644 --- a/src/lib/hash/hash.cpp +++ b/src/lib/hash/hash.cpp @@ -101,10 +101,10 @@ namespace Botan { std::unique_ptr HashFunction::create(const std::string& algo_spec, const std::string& provider) { -#if defined(BOTAN_HAS_BEARSSL) - if(provider.empty() || provider == "bearssl") +#if defined(BOTAN_HAS_OPENSSL) + if(provider.empty() || provider == "openssl") { - if(auto hash = make_bearssl_hash(algo_spec)) + if(auto hash = make_openssl_hash(algo_spec)) return hash; if(!provider.empty()) @@ -112,10 +112,10 @@ std::unique_ptr HashFunction::create(const std::string& algo_spec, } #endif -#if defined(BOTAN_HAS_OPENSSL) - if(provider.empty() || provider == "openssl") +#if defined(BOTAN_HAS_BEARSSL) + if(provider.empty() || provider == "bearssl") { - if(auto hash = make_openssl_hash(algo_spec)) + if(auto hash = make_bearssl_hash(algo_spec)) return hash; if(!provider.empty()) diff --git a/src/lib/prov/bearssl/bearssl.h b/src/lib/prov/bearssl/bearssl.h index 9188770c3..1ba7d2dc6 100644 --- a/src/lib/prov/bearssl/bearssl.h +++ b/src/lib/prov/bearssl/bearssl.h @@ -1,6 +1,7 @@ /* * Utils for calling BearSSL * (C) 2015,2016 Jack Lloyd +* (C) 2017 Patrick Wildt * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/prov/bearssl/bearssl_ec.cpp b/src/lib/prov/bearssl/bearssl_ec.cpp index c62d78437..e689f34a7 100644 --- a/src/lib/prov/bearssl/bearssl_ec.cpp +++ b/src/lib/prov/bearssl/bearssl_ec.cpp @@ -1,10 +1,12 @@ /* * ECDSA via BearSSL * (C) 2015,2016 Jack Lloyd +* (C) 2017 Patrick Wildt * * Botan is released under the Simplified BSD License (see license.txt) */ +#include #include #include #include @@ -31,13 +33,18 @@ namespace Botan { namespace { -int BearSSL_EC_curve_for(const EC_Group& group) +int BearSSL_EC_curve_for(const OID& oid) { - if(group == EC_Group("secp256r1")) + if(oid.empty()) + return -1; + + const std::string name = OIDS::lookup(oid); + + if(name == "secp256r1") return BR_EC_secp256r1; - if(group == EC_Group("secp384r1")) + if(name == "secp384r1") return BR_EC_secp384r1; - if(group == EC_Group("secp521r1")) + if(name == "secp521r1") return BR_EC_secp521r1; return -1; @@ -56,13 +63,13 @@ const br_hash_class *BearSSL_hash_class_for(const std::string& emsa) if (emsa == "EMSA1(SHA-512)") return &br_sha512_vtable; - return NULL; + return nullptr; } } #endif -#if defined(BOTAN_HAS_ECDSA) && !defined(OPENSSL_NO_ECDSA) +#if defined(BOTAN_HAS_ECDSA) namespace { @@ -72,7 +79,7 @@ class BearSSL_ECDSA_Verification_Operation : public PK_Ops::Verification BearSSL_ECDSA_Verification_Operation(const ECDSA_PublicKey& ecdsa, const std::string& emsa) : m_order_bits(ecdsa.domain().get_order().bits()) { - const int curve = BearSSL_EC_curve_for(ecdsa.domain()); + const int curve = BearSSL_EC_curve_for(ecdsa.domain().get_oid()); if (curve < 0) throw Lookup_Error("BearSSL ECDSA does not support this curve"); @@ -88,7 +95,7 @@ class BearSSL_ECDSA_Verification_Operation : public PK_Ops::Verification const secure_vector enc = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED); m_key.qlen = enc.size(); m_key.q = new uint8_t[m_key.qlen]; - memcpy(m_key.q, (unsigned char *)enc.data(), m_key.qlen); + memcpy(m_key.q, enc.data(), m_key.qlen); m_key.curve = curve; } @@ -113,6 +120,11 @@ class BearSSL_ECDSA_Verification_Operation : public PK_Ops::Verification size_t max_input_bits() const { return m_order_bits; } + ~BearSSL_ECDSA_Verification_Operation() + { + delete m_key.q; + } + private: br_ec_public_key m_key; std::unique_ptr m_hf; @@ -126,7 +138,7 @@ class BearSSL_ECDSA_Signing_Operation : public PK_Ops::Signature BearSSL_ECDSA_Signing_Operation(const ECDSA_PrivateKey& ecdsa, const std::string& emsa) : m_order_bits(ecdsa.domain().get_order().bits()) { - const int curve = BearSSL_EC_curve_for(ecdsa.domain()); + const int curve = BearSSL_EC_curve_for(ecdsa.domain().get_oid()); if(curve < 0) throw Lookup_Error("BearSSL ECDSA does not support this curve"); @@ -145,7 +157,6 @@ class BearSSL_ECDSA_Signing_Operation : public PK_Ops::Signature m_key.curve = curve; } - void update(const uint8_t msg[], size_t msg_len) override { m_hf->update(msg, msg_len); @@ -155,10 +166,9 @@ class BearSSL_ECDSA_Signing_Operation : public PK_Ops::Signature { const size_t order_bytes = (m_order_bits + 7) / 8; secure_vector sigval(2*order_bytes); - size_t sign_len; br_ecdsa_sign engine = br_ecdsa_sign_raw_get_default(); - sign_len = engine(&br_ec_prime_i31, m_hash, m_hf->final().data(), &m_key, sigval.data()); + size_t sign_len = engine(&br_ec_prime_i31, m_hash, m_hf->final().data(), &m_key, sigval.data()); if (sign_len == 0) throw BearSSL_Error("br_ecdsa_sign"); @@ -168,6 +178,11 @@ class BearSSL_ECDSA_Signing_Operation : public PK_Ops::Signature size_t max_input_bits() const { return m_order_bits; } + ~BearSSL_ECDSA_Signing_Operation() + { + delete m_key.x; + } + private: br_ec_private_key m_key; std::unique_ptr m_hf; diff --git a/src/lib/prov/bearssl/bearssl_hash.cpp b/src/lib/prov/bearssl/bearssl_hash.cpp index af63e05c3..9620d6d70 100644 --- a/src/lib/prov/bearssl/bearssl_hash.cpp +++ b/src/lib/prov/bearssl/bearssl_hash.cpp @@ -1,6 +1,7 @@ /* * BearSSL Hash Functions * (C) 1999-2007,2015 Jack Lloyd +* (C) 2017 Patrick Wildt * * Botan is released under the Simplified BSD License (see license.txt) */ -- cgit v1.2.3 From 825c23811f480d3c3646ded125c9e7b7dc9feb8f Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Mon, 10 Jul 2017 09:54:34 +0200 Subject: BearSSL: replace more NULLs with nullptr Based on feedback from @securitykernel on the PR. --- src/lib/prov/bearssl/bearssl_ec.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/lib/prov/bearssl') diff --git a/src/lib/prov/bearssl/bearssl_ec.cpp b/src/lib/prov/bearssl/bearssl_ec.cpp index e689f34a7..fe661f357 100644 --- a/src/lib/prov/bearssl/bearssl_ec.cpp +++ b/src/lib/prov/bearssl/bearssl_ec.cpp @@ -84,12 +84,12 @@ class BearSSL_ECDSA_Verification_Operation : public PK_Ops::Verification throw Lookup_Error("BearSSL ECDSA does not support this curve"); m_hash = BearSSL_hash_class_for(emsa); - if (m_hash == NULL) + if (m_hash == nullptr) throw Lookup_Error("BearSSL ECDSA does not support EMSA " + emsa); const SCAN_Name req(emsa); m_hf = make_bearssl_hash(req.arg(0)); - if (m_hf == NULL) + if (m_hf == nullptr) throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); const secure_vector enc = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED); @@ -143,12 +143,12 @@ class BearSSL_ECDSA_Signing_Operation : public PK_Ops::Signature throw Lookup_Error("BearSSL ECDSA does not support this curve"); m_hash = BearSSL_hash_class_for(emsa); - if (m_hash == NULL) + if (m_hash == nullptr) throw Lookup_Error("BearSSL ECDSA does not support EMSA " + emsa); const SCAN_Name req(emsa); m_hf = make_bearssl_hash(req.arg(0)); - if (m_hf == NULL) + if (m_hf == nullptr) throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); m_key.xlen = ecdsa.private_value().bytes(); -- cgit v1.2.3