Add initial mbedTLS v4 support#3477
Add initial mbedTLS v4 support#3477Easton97-Jens wants to merge 15 commits intoowasp-modsecurity:v3/masterfrom
Conversation
This reverts commit ba24754.
build.sh
Outdated
| ############################################################################## | ||
| # NEU: psa_crypto_driver_wrappers.h automatisch generieren, Pfad wird gesucht | ||
| ############################################################################## | ||
| echo "[+] Suche nach psa_crypto_driver_wrappers.h …" |
There was a problem hiding this comment.
Please use English text in all of the source code.
| mbedtls/tf-psa-crypto/core/psa_its_file.c \ | ||
| mbedtls/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c | ||
|
|
||
| MBED_BUILTIN_SOURCES = \ |
There was a problem hiding this comment.
Let me check the new version on mbedtls, and make sure that all of these sources are necessary.
src/parser/seclang-scanner.cc
Outdated
| @@ -1,5 +1,5 @@ | |||
|
|
|||
| #line 2 "seclang-scanner.cc" | |||
| #line 3 "seclang-scanner.cc" | |||
There was a problem hiding this comment.
Why is this file has changed? seclang-scanner.cc (and seclan-parser.cc too) is a generated file by Bison, and it's necessary to change if there is any change in parser's source. But I don't see any changes there.
| data = macAddress + name; | ||
|
|
||
| this->uniqueId_str = Utils::Sha1::hexdigest(data); | ||
| this->uniqueId_str = Utils::Sha256::hexdigest(data); |
There was a problem hiding this comment.
Could you explain why did you changed the sha1 by sha256? This will gives a longer ID (sha1 length is 40 char hex, sha256's 64 char hex) - are we sure users want to use that?
And I'm not sure here sha256 gives any benefit (strong of cryptography is no matter here).
src/utils/md5.h
Outdated
| * If any of the files related to licensing are missing or if you have any | ||
| * other questions related to licensing please contact Trustwave Holdings, Inc. | ||
| * directly using the email address security@modsecurity.org. | ||
| * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. |
There was a problem hiding this comment.
As I know the Apache license recommends to use the version that you removed - see:
https://www.apache.org/licenses/LICENSE-2.0#apply
I don't insists this version, but I would insist to use the same syntax in all files.
Or we can use the SPDX identifier.
|
2 participants
what
Updated the project to support mbedTLS v4
Adapted to the new mbedTLS v4 structure, which is split into two separate parts
Integrated mbedTLS v4 as a submodule so it can be used by the main module
why
This pull request is based on the request and discussion in
#3450
mbedTLS v4 introduces structural changes that require updates to the build and integration process
The goal is to provide an initial, working approach for mbedTLS v4 support
known issues / notes
Since mbedTLS v4 is split into two separate components, it is included as a submodule
→ To ensure the submodule is properly loaded by the main module, the following step is currently required:
git submodule update --init --recursive
The include setup is now working, and I can build the project locally.
Note: I am not a professional programmer, and this pull request represents my best effort
→ I am explicitly relying on feedback and guidance from the maintainers, especially regarding the Makefile and build system structure
references
Discussion / Request: #3450
Repository: https://github.com/Easton97-Jens/ModSecurity