Skip to content

Commit 5ff7dd2

Browse files
Merge pull request #33 from Easton97-Jens/codex/migrate-repository-to-mbed-tls-4.x
Migrate embedded Mbed TLS integration to TF-PSA-Crypto (Mbed TLS 4.x) paths
2 parents c0b60ea + caeb0e4 commit 5ff7dd2

File tree

7 files changed

+54
-29
lines changed

7 files changed

+54
-29
lines changed

Makefile.am

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ cppcheck:
6363
--enable=warning,style,performance,portability,unusedFunction,missingInclude \
6464
--inconclusive \
6565
--template="warning: {file},{line},{severity},{id},{message}" \
66-
-I headers -I . -I $(top_srcdir)/others -I $(top_srcdir)/src -I $(top_srcdir)/others/mbedtls/include \
66+
-I headers -I . -I $(top_srcdir)/others -I $(top_srcdir)/src -I $(top_srcdir)/others/mbedtls/include -I $(top_srcdir)/others/mbedtls/tf-psa-crypto/include -I $(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \
6767
--error-exitcode=1 \
6868
-i "src/parser/seclang-parser.cc" -i "src/parser/seclang-scanner.cc" \
6969
-i others \
@@ -99,4 +99,3 @@ pkgconfig_DATA = modsecurity.pc
9999
EXTRA_DIST = modsecurity.pc.in \
100100
modsecurity.conf-recommended \
101101
unicode.mapping
102-

build/win32/CMakeLists.txt

Lines changed: 26 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -51,10 +51,32 @@ target_compile_definitions(libinjection PRIVATE LIBINJECTION_VERSION="${LIBINJEC
5151
project(mbedcrypto C)
5252

5353
set(MBEDTLS_DIR ${BASE_DIR}/others/mbedtls)
54+
set(TF_PSA_CRYPTO_DIR ${MBEDTLS_DIR}/tf-psa-crypto)
55+
56+
add_library(mbedcrypto STATIC
57+
${TF_PSA_CRYPTO_DIR}/utilities/base64.c
58+
${TF_PSA_CRYPTO_DIR}/utilities/constant_time.c
59+
${TF_PSA_CRYPTO_DIR}/platform/platform_util.c
60+
${TF_PSA_CRYPTO_DIR}/extras/md.c
61+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src/md5.c
62+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src/sha1.c
63+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src/sha256.c
64+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src/sha512.c
65+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src/sha3.c
66+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src/ripemd160.c
67+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src/psa_util_internal.c
68+
)
5469

55-
add_library(mbedcrypto STATIC ${MBEDTLS_DIR}/library/base64.c ${MBEDTLS_DIR}/library/sha1.c ${MBEDTLS_DIR}/library/md5.c ${MBEDTLS_DIR}/library/platform_util.c ${MBEDTLS_DIR}/library/constant_time.c)
56-
57-
target_include_directories(mbedcrypto PRIVATE ${MBEDTLS_DIR}/include)
70+
target_include_directories(mbedcrypto PRIVATE
71+
${MBEDTLS_DIR}/include
72+
${TF_PSA_CRYPTO_DIR}/include
73+
${TF_PSA_CRYPTO_DIR}/core
74+
${TF_PSA_CRYPTO_DIR}/extras
75+
${TF_PSA_CRYPTO_DIR}/library
76+
${TF_PSA_CRYPTO_DIR}/utilities
77+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/include
78+
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src
79+
)
5880

5981
# get mbedtls version with git describe
6082
execute_process(
@@ -137,7 +159,7 @@ file(GLOB_RECURSE libModSecuritySources ${BASE_DIR}/src/*.cc)
137159
add_library(libModSecurity SHARED ${libModSecuritySources})
138160

139161
target_compile_definitions(libModSecurity PRIVATE WITH_PCRE2)
140-
target_include_directories(libModSecurity PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others ${MBEDTLS_DIR}/include)
162+
target_include_directories(libModSecurity PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others ${MBEDTLS_DIR}/include ${TF_PSA_CRYPTO_DIR}/include ${TF_PSA_CRYPTO_DIR}/drivers/builtin/include)
141163
target_link_libraries(libModSecurity PRIVATE pcre2::pcre2 libinjection mbedcrypto Poco::Poco Iphlpapi.lib)
142164

143165
macro(add_package_dependency project compile_definition link_library flag)

configure.ac

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ AC_DEFUN([LIBINJECTION_VERSION], m4_esyscmd_s(cd "others/libinjection" && git de
8484
AC_SUBST([LIBINJECTION_VERSION])
8585

8686
# Check for Mbed TLS
87-
if ! test -f "${srcdir}/others/mbedtls/library/base64.c"; then
87+
if ! test -f "${srcdir}/others/mbedtls/tf-psa-crypto/utilities/base64.c"; then
8888
AC_MSG_ERROR([\
8989
9090
@@ -532,4 +532,3 @@ if test "$aflFuzzer" = "true"; then
532532
echo " $ export CC=afl-clang-fast "
533533
echo " "
534534
fi
535-

others/Makefile.am

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -15,19 +15,24 @@ noinst_HEADERS = \
1515
libinjection/src/libinjection_sqli.h \
1616
libinjection/src/libinjection_sqli_data.h \
1717
libinjection/src/libinjection_xss.h \
18-
mbedtls/include/mbedtls/base64.h \
19-
mbedtls/include/mbedtls/check_config.h \
18+
mbedtls/tf-psa-crypto/include/mbedtls/base64.h \
2019
mbedtls/include/mbedtls/mbedtls_config.h \
21-
mbedtls/include/mbedtls/md5.h \
22-
mbedtls/include/mbedtls/platform.h \
23-
mbedtls/include/mbedtls/sha1.h
20+
mbedtls/tf-psa-crypto/include/mbedtls/md.h \
21+
mbedtls/tf-psa-crypto/include/mbedtls/platform.h
2422

2523
libmbedtls_la_SOURCES = \
26-
mbedtls/library/base64.c \
27-
mbedtls/library/md5.c \
28-
mbedtls/library/sha1.c \
29-
mbedtls/library/platform_util.c
24+
mbedtls/tf-psa-crypto/utilities/base64.c \
25+
mbedtls/tf-psa-crypto/utilities/constant_time.c \
26+
mbedtls/tf-psa-crypto/platform/platform_util.c \
27+
mbedtls/tf-psa-crypto/extras/md.c \
28+
mbedtls/tf-psa-crypto/drivers/builtin/src/md5.c \
29+
mbedtls/tf-psa-crypto/drivers/builtin/src/sha1.c \
30+
mbedtls/tf-psa-crypto/drivers/builtin/src/sha256.c \
31+
mbedtls/tf-psa-crypto/drivers/builtin/src/sha512.c \
32+
mbedtls/tf-psa-crypto/drivers/builtin/src/sha3.c \
33+
mbedtls/tf-psa-crypto/drivers/builtin/src/ripemd160.c \
34+
mbedtls/tf-psa-crypto/drivers/builtin/src/psa_util_internal.c
3035

31-
libmbedtls_la_CFLAGS = -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" -I$(top_srcdir)/others/mbedtls/include
36+
libmbedtls_la_CFLAGS = -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" -I$(top_srcdir)/others/mbedtls/include -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/extras -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/library -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/utilities -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/src
3237
libmbedtls_la_CPPFLAGS =
3338
libmbedtls_la_LIBADD =

src/Makefile.am

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,8 @@ libmodsecurity_la_CPPFLAGS = \
296296
-g \
297297
-I$(top_srcdir)/others \
298298
-I$(top_srcdir)/others/mbedtls/include \
299+
-I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include \
300+
-I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \
299301
-fPIC \
300302
-O3 \
301303
-I$(top_srcdir)/headers \
@@ -343,4 +345,3 @@ libmodsecurity_la_LIBADD = \
343345
$(MAXMIND_LDADD) \
344346
$(SSDEEP_LDADD) \
345347
$(YAJL_LDADD)
346-

src/utils/md5.h

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,16 +17,15 @@
1717
#define SRC_UTILS_MD5_H_
1818

1919
#include "src/utils/sha1.h"
20-
#include "mbedtls/md5.h"
2120
#include <string>
2221

2322
namespace modsecurity::Utils {
2423

2524

26-
class Md5 : public DigestImpl<&mbedtls_md5, 16> {
25+
class Md5 : public DigestImpl<MBEDTLS_MD_MD5, 16> {
2726
};
2827

2928

3029
} // namespace modsecurity::Utils
3130

32-
#endif // SRC_UTILS_MD5_H_
31+
#endif // SRC_UTILS_MD5_H_

src/utils/sha1.h

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,15 +20,12 @@
2020
#include <cassert>
2121

2222
#include "src/utils/string.h"
23-
#include "mbedtls/sha1.h"
23+
#include "mbedtls/md.h"
2424

2525
namespace modsecurity::Utils {
2626

2727

28-
using DigestOp = int (*)(const unsigned char *, size_t, unsigned char []);
29-
30-
31-
template<DigestOp digestOp, int DigestSize>
28+
template<mbedtls_md_type_t DigestType, int DigestSize>
3229
class DigestImpl {
3330
public:
3431

@@ -56,8 +53,11 @@ class DigestImpl {
5653
static auto digestHelper(const std::string &input,
5754
ConvertOp convertOp) -> auto {
5855
char digest[DigestSize];
56+
const auto *mdInfo = mbedtls_md_info_from_type(DigestType);
57+
assert(mdInfo != nullptr);
5958

60-
const auto ret = (*digestOp)(reinterpret_cast<const unsigned char *>(input.c_str()),
59+
const auto ret = mbedtls_md(mdInfo,
60+
reinterpret_cast<const unsigned char *>(input.c_str()),
6161
input.size(), reinterpret_cast<unsigned char *>(digest));
6262
assert(ret == 0);
6363

@@ -66,7 +66,7 @@ class DigestImpl {
6666
};
6767

6868

69-
class Sha1 : public DigestImpl<&mbedtls_sha1, 20> {
69+
class Sha1 : public DigestImpl<MBEDTLS_MD_SHA1, 20> {
7070
};
7171

7272

0 commit comments

Comments
 (0)