Add initial mbedTLS v4 support #3477
Conversation
This reverts commit ba24754.
build.sh
Outdated
| ############################################################################## | ||
| # NEU: psa_crypto_driver_wrappers.h automatisch generieren, Pfad wird gesucht | ||
| ############################################################################## | ||
| echo "[+] Suche nach psa_crypto_driver_wrappers.h …" |
There was a problem hiding this comment.
Please use English text in all of the source code.
| mbedtls/tf-psa-crypto/core/psa_its_file.c \ | ||
| mbedtls/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c | ||
|
|
||
| MBED_BUILTIN_SOURCES = \ |
There was a problem hiding this comment.
Let me check the new version on mbedtls, and make sure that all of these sources are necessary.
src/parser/seclang-scanner.cc
Outdated
| @@ -1,5 +1,5 @@ | |||
|
|
|||
| #line 2 "seclang-scanner.cc" | |||
| #line 3 "seclang-scanner.cc" | |||
There was a problem hiding this comment.
Why is this file has changed? seclang-scanner.cc (and seclan-parser.cc too) is a generated file by Bison, and it's necessary to change if there is any change in parser's source. But I don't see any changes there.
| data = macAddress + name; | ||
|
|
||
| this->uniqueId_str = Utils::Sha1::hexdigest(data); | ||
| this->uniqueId_str = Utils::Sha256::hexdigest(data); |
There was a problem hiding this comment.
Could you explain why did you changed the sha1 by sha256? This will gives a longer ID (sha1 length is 40 char hex, sha256's 64 char hex) - are we sure users want to use that?
And I'm not sure here sha256 gives any benefit (strong of cryptography is no matter here).
|
2 participants
what
Updated the project to support mbedTLS v4
Adapted to the new mbedTLS v4 structure, which is split into two separate parts
Integrated mbedTLS v4 as a submodule so it can be used by the main module
why
This pull request is based on the request and discussion in
#3450
mbedTLS v4 introduces structural changes that require updates to the build and integration process
The goal is to provide an initial, working approach for mbedTLS v4 support
known issues / notes
Since mbedTLS v4 is split into two separate components, it is included as a submodule
→ To ensure the submodule is properly loaded by the main module, the following step is currently required:
git submodule update --init --recursive
The include setup is now working, and I can build the project locally.
Note: I am not a professional programmer, and this pull request represents my best effort
→ I am explicitly relying on feedback and guidance from the maintainers, especially regarding the Makefile and build system structure
references
Discussion / Request: #3450
Repository: https://github.com/Easton97-Jens/ModSecurity