Add initial mbedTLS v4 support#3477
Add initial mbedTLS v4 support#3477Easton97-Jens wants to merge 16 commits intoowasp-modsecurity:v3/masterfrom
Conversation
This reverts commit ba24754.
build.sh
Outdated
There was a problem hiding this comment.
Please use English text in all of the source code.
| mbedtls/tf-psa-crypto/core/psa_its_file.c \ | ||
| mbedtls/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c | ||
|
|
||
| MBED_BUILTIN_SOURCES = \ |
There was a problem hiding this comment.
Let me check the new version on mbedtls, and make sure that all of these sources are necessary.
src/parser/seclang-scanner.cc
Outdated
There was a problem hiding this comment.
Why is this file has changed? seclang-scanner.cc (and seclan-parser.cc too) is a generated file by Bison, and it's necessary to change if there is any change in parser's source. But I don't see any changes there.
| data = macAddress + name; | ||
|
|
||
| this->uniqueId_str = Utils::Sha1::hexdigest(data); | ||
| this->uniqueId_str = Utils::Sha256::hexdigest(data); |
There was a problem hiding this comment.
Could you explain why did you changed the sha1 by sha256? This will gives a longer ID (sha1 length is 40 char hex, sha256's 64 char hex) - are we sure users want to use that?
And I'm not sure here sha256 gives any benefit (strong of cryptography is no matter here).
src/utils/md5.h
Outdated
There was a problem hiding this comment.
As I know the Apache license recommends to use the version that you removed - see:
https://www.apache.org/licenses/LICENSE-2.0#apply
I don't insists this version, but I would insist to use the same syntax in all files.
Or we can use the SPDX identifier.
|
2 participants
what
Updated the project to support mbedTLS v4
Adapted to the new mbedTLS v4 structure, which is split into two separate parts
Integrated mbedTLS v4 as a submodule so it can be used by the main module
why
This pull request is based on the request and discussion in
#3450
mbedTLS v4 introduces structural changes that require updates to the build and integration process
The goal is to provide an initial, working approach for mbedTLS v4 support
known issues / notes
Since mbedTLS v4 is split into two separate components, it is included as a submodule
→ To ensure the submodule is properly loaded by the main module, the following step is currently required:
git submodule update --init --recursive
The include setup is now working, and I can build the project locally.
Note: I am not a professional programmer, and this pull request represents my best effort
→ I am explicitly relying on feedback and guidance from the maintainers, especially regarding the Makefile and build system structure
references
Discussion / Request: #3450
Repository: https://github.com/Easton97-Jens/ModSecurity