From f132bb39e89a84b2e2c477db186025b7fc31b365 Mon Sep 17 00:00:00 2001 From: jens Date: Wed, 17 Dec 2025 10:32:32 +0100 Subject: [PATCH 1/6] Pin mbedtls submodule to v4.0.0 --- others/mbedtls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/others/mbedtls b/others/mbedtls index 2ca6c285a..ec4044008 160000 --- a/others/mbedtls +++ b/others/mbedtls @@ -1 +1 @@ -Subproject commit 2ca6c285a0dd3f33982dd57299012dacab1ff206 +Subproject commit ec4044008d2d069da38288bc76b0fee34ec78646 From ba247543ad48aee172b9352c9cc0c51ba43fbb80 Mon Sep 17 00:00:00 2001 From: jens Date: Wed, 17 Dec 2025 11:22:00 +0100 Subject: [PATCH 2/6] Update all submodules --- others/libinjection | 2 +- test/test-cases/secrules-language-tests | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/others/libinjection b/others/libinjection index b9fcaaf9e..b2d46ec12 160000 --- a/others/libinjection +++ b/others/libinjection @@ -1 +1 @@ -Subproject commit b9fcaaf9e50e9492807b23ffcc6af46ee1f203b9 +Subproject commit b2d46ec124d947d2f82560074e4a348cb15148fc diff --git a/test/test-cases/secrules-language-tests b/test/test-cases/secrules-language-tests index a3d4405e5..c6e880236 160000 --- a/test/test-cases/secrules-language-tests +++ b/test/test-cases/secrules-language-tests @@ -1 +1 @@ -Subproject commit a3d4405e5a2c90488c387e589c5534974575e35b +Subproject commit c6e8802366ec3182b8c2612e23d14e19e3545b47 From 812174d17bd24165f4e5bcbf5cc3286a417186b8 Mon Sep 17 00:00:00 2001 From: jens Date: Wed, 17 Dec 2025 11:33:02 +0100 Subject: [PATCH 3/6] Update mbedtl-v4 --- configure.ac | 2 +- others/Makefile.am | 22 ++++++----- src/unique_id.cc | 5 ++- src/utils/md5.h | 46 ++++++++++++++--------- src/utils/sha1.h | 94 ++++++++++++++++++++++++++++++++-------------- 5 files changed, 110 insertions(+), 59 deletions(-) diff --git a/configure.ac b/configure.ac index 7a78bb6c7..1b3879aaf 100644 --- a/configure.ac +++ b/configure.ac @@ -78,7 +78,7 @@ AC_DEFUN([LIBINJECTION_VERSION], m4_esyscmd_s(cd "others/libinjection" && git de AC_SUBST([LIBINJECTION_VERSION]) # Check for Mbed TLS -if ! test -f "${srcdir}/others/mbedtls/library/base64.c"; then +if ! test -f "${srcdir}/others/mbedtls/tf-psa-crypto/drivers/builtin/src/base64.c"; then AC_MSG_ERROR([\ diff --git a/others/Makefile.am b/others/Makefile.am index b102a0330..b8be3af6e 100644 --- a/others/Makefile.am +++ b/others/Makefile.am @@ -15,19 +15,21 @@ noinst_HEADERS = \ libinjection/src/libinjection_sqli.h \ libinjection/src/libinjection_sqli_data.h \ libinjection/src/libinjection_xss.h \ - mbedtls/include/mbedtls/base64.h \ - mbedtls/include/mbedtls/check_config.h \ + mbedtls/tf-psa-crypto/include/mbedtls/base64.h \ + mbedtls/tf-psa-crypto/drivers/builtin/src/check_crypto_config.h \ mbedtls/include/mbedtls/mbedtls_config.h \ - mbedtls/include/mbedtls/md5.h \ - mbedtls/include/mbedtls/platform.h \ - mbedtls/include/mbedtls/sha1.h + mbedtls/tf-psa-crypto/drivers/builtin/include/mbedtls/private/md5.h \ + mbedtls/tf-psa-crypto/include/mbedtls/platform.h \ + mbedtls/tf-psa-crypto/drivers/builtin/include/mbedtls/private/sha1.h libmbedtls_la_SOURCES = \ - mbedtls/library/base64.c \ - mbedtls/library/md5.c \ - mbedtls/library/sha1.c \ - mbedtls/library/platform_util.c + mbedtls/tf-psa-crypto/drivers/builtin/src/base64.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/md5.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/sha1.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/platform_util.c -libmbedtls_la_CFLAGS = -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" -I$(top_srcdir)/others/mbedtls/include +libmbedtls_la_CFLAGS = -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" -I$(top_srcdir)/others/mbedtls/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core libmbedtls_la_CPPFLAGS = libmbedtls_la_LIBADD = diff --git a/src/unique_id.cc b/src/unique_id.cc index 01075cc54..bf8e4afb8 100644 --- a/src/unique_id.cc +++ b/src/unique_id.cc @@ -56,7 +56,8 @@ #endif #include -#include "src/utils/sha1.h" +/*#include "src/utils/sha1.h"*/ +#include "src/utils/sha256.h" namespace modsecurity { @@ -72,7 +73,7 @@ void UniqueId::fillUniqueId() { data = macAddress + name; - this->uniqueId_str = Utils::Sha1::hexdigest(data); + this->uniqueId_str = Utils::Sha256::hexdigest(data); } // Based on: diff --git a/src/utils/md5.h b/src/utils/md5.h index 68f5d748e..55998ea65 100644 --- a/src/utils/md5.h +++ b/src/utils/md5.h @@ -1,32 +1,44 @@ /* * ModSecurity, http://www.modsecurity.org/ - * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/) - * - * You may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Trustwave Holdings, Inc. - * directly using the email address security@modsecurity.org. + * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. * + * Licensed under the Apache License, Version 2.0 */ #ifndef SRC_UTILS_MD5_H_ #define SRC_UTILS_MD5_H_ -#include "src/utils/sha1.h" -#include "mbedtls/md5.h" +#include "src/utils/sha1.h" // nutzt DigestImpl + detail::ensure_psa_init() #include -namespace modsecurity::Utils { - +#include // optional (weil sha1.h es schon inkludiert), aber ok -class Md5 : public DigestImpl<&mbedtls_md5, 16> { -}; +namespace modsecurity::Utils { +// PSA-Wrapper mit alter Signatur +inline int modsec_psa_md5(const unsigned char *input, + size_t ilen, + unsigned char output[16]) +{ + if (!detail::ensure_psa_init()) { + return -1; + } + + size_t out_len = 0; + psa_status_t status = psa_hash_compute( + PSA_ALG_MD5, + input, + ilen, + output, + 16, + &out_len + ); + + return (status == PSA_SUCCESS && out_len == 16) ? 0 : -1; +} + +class Md5 : public DigestImpl<&modsec_psa_md5, 16> {}; } // namespace modsecurity::Utils -#endif // SRC_UTILS_MD5_H_ \ No newline at end of file +#endif // SRC_UTILS_MD5_H_ diff --git a/src/utils/sha1.h b/src/utils/sha1.h index a40d7fa1c..623161256 100644 --- a/src/utils/sha1.h +++ b/src/utils/sha1.h @@ -1,74 +1,110 @@ /* * ModSecurity, http://www.modsecurity.org/ - * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/) - * - * You may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Trustwave Holdings, Inc. - * directly using the email address security@modsecurity.org. + * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. * + * Licensed under the Apache License, Version 2.0 */ #ifndef SRC_UTILS_SHA1_H_ #define SRC_UTILS_SHA1_H_ #include -#include +#include +#include // NEW: std::once_flag, std::call_once #include "src/utils/string.h" -#include "mbedtls/sha1.h" -namespace modsecurity::Utils { +// PSA statt mbedtls/sha1.h +#include +namespace modsecurity::Utils { using DigestOp = int (*)(const unsigned char *, size_t, unsigned char []); +// Gemeinsamer, thread-sicherer PSA-Init für alle Digests +namespace detail { +inline bool ensure_psa_init() { + static std::once_flag once; + static psa_status_t init_status = PSA_ERROR_GENERIC_ERROR; + + std::call_once(once, []() { + init_status = psa_crypto_init(); + }); + + return init_status == PSA_SUCCESS; +} +} // namespace detail + template class DigestImpl { public: - static std::string digest(const std::string& input) { - return digestHelper(input, [](const auto digest) { + return digestHelper(input, [](std::string_view digest) { return std::string(digest); }); } static void digestReplace(std::string& value) { - digestHelper(value, [&value](const auto digest) mutable { - value = digest; + digestHelper(value, [&value](std::string_view digest) mutable { + value.assign(digest.data(), digest.size()); }); } static std::string hexdigest(const std::string &input) { - return digestHelper(input, [](const auto digest) { + return digestHelper(input, [](std::string_view digest) { return utils::string::string_to_hex(digest); }); } -private: - + private: template - static auto digestHelper(const std::string &input, - ConvertOp convertOp) -> auto { - char digest[DigestSize]; + static auto digestHelper(const std::string &input, ConvertOp convertOp) + -> decltype(convertOp(std::string_view{})) { + + unsigned char digest[DigestSize]; + + const int ret = (*digestOp)( + reinterpret_cast(input.data()), + input.size(), + digest + ); - const auto ret = (*digestOp)(reinterpret_cast(input.c_str()), - input.size(), reinterpret_cast(digest)); - assert(ret == 0); + // NEW: kein assert-only; in Release sonst potentiell UB. + if (ret != 0) { + return convertOp(std::string_view{}); // leerer Digest signalisiert Fehler + } - return convertOp(std::string_view(digest, DigestSize)); + return convertOp(std::string_view( + reinterpret_cast(digest), DigestSize + )); } }; -class Sha1 : public DigestImpl<&mbedtls_sha1, 20> { -}; +// PSA-Wrapper mit alter Signatur +inline int modsec_psa_sha1(const unsigned char *input, + size_t ilen, + unsigned char output[20]) +{ + if (!detail::ensure_psa_init()) { + return -1; + } + + size_t out_len = 0; + psa_status_t status = psa_hash_compute( + PSA_ALG_SHA_1, + input, + ilen, + output, + 20, + &out_len + ); + + return (status == PSA_SUCCESS && out_len == 20) ? 0 : -1; +} +class Sha1 : public DigestImpl<&modsec_psa_sha1, 20> {}; } // namespace modsecurity::Utils From 01c3a2f5142546b2dae2d809d87512bc3ff5a123 Mon Sep 17 00:00:00 2001 From: jens Date: Sun, 21 Dec 2025 10:34:06 +0100 Subject: [PATCH 4/6] Revert "Update all submodules" This reverts commit ba247543ad48aee172b9352c9cc0c51ba43fbb80. --- others/libinjection | 2 +- test/test-cases/secrules-language-tests | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/others/libinjection b/others/libinjection index b2d46ec12..b9fcaaf9e 160000 --- a/others/libinjection +++ b/others/libinjection @@ -1 +1 @@ -Subproject commit b2d46ec124d947d2f82560074e4a348cb15148fc +Subproject commit b9fcaaf9e50e9492807b23ffcc6af46ee1f203b9 diff --git a/test/test-cases/secrules-language-tests b/test/test-cases/secrules-language-tests index c6e880236..a3d4405e5 160000 --- a/test/test-cases/secrules-language-tests +++ b/test/test-cases/secrules-language-tests @@ -1 +1 @@ -Subproject commit c6e8802366ec3182b8c2612e23d14e19e3545b47 +Subproject commit a3d4405e5a2c90488c387e589c5534974575e35b From 23e513cf5319a1c764cec6889ecc2a44b02e8442 Mon Sep 17 00:00:00 2001 From: jens Date: Sun, 21 Dec 2025 14:54:05 +0100 Subject: [PATCH 5/6] WIP: intermediate state (mbedtls v4.0.0 and updates) --- configure.ac | 11 +++- others/Makefile.am | 68 +++++++++++++++++++++++-- src/Makefile.am | 1 + src/parser/seclang-scanner.cc | 10 ++-- src/parser/test.cc | 0 src/utils/sha256.h | 34 +++++++++++++ test/test-cases/secrules-language-tests | 2 +- 7 files changed, 115 insertions(+), 11 deletions(-) create mode 100644 src/parser/test.cc create mode 100644 src/utils/sha256.h diff --git a/configure.ac b/configure.ac index 1b3879aaf..7e862120a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# ModSecurity configure.ac +/# ModSecurity configure.ac # Get the hash of the last commit, to be used if it is not an @@ -374,6 +374,15 @@ case $assertions in esac GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $ASSERTIONS_CPPCFLAGS" +MBEDTLS_CPPFLAGS='-DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" \ +-I$(top_srcdir)/others/mbedtls/include \ +-I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include \ +-I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \ +-I$(top_srcdir)/others/mbedtls/include \ +-I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core \ +-I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/src' +GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $MBEDTLS_CPPFLAGS" + AC_SUBST(GLOBAL_LDADD) AC_SUBST(GLOBAL_CPPFLAGS) diff --git a/others/Makefile.am b/others/Makefile.am index b8be3af6e..493b06ba1 100644 --- a/others/Makefile.am +++ b/others/Makefile.am @@ -1,5 +1,5 @@ -noinst_LTLIBRARIES = libinjection.la libmbedtls.la +noinst_LTLIBRARIES = libinjection.la libmbedtls.la libmbedcrypto.la libinjection_la_SOURCES = \ libinjection/src/libinjection_html5.c \ @@ -26,10 +26,70 @@ libmbedtls_la_SOURCES = \ mbedtls/tf-psa-crypto/drivers/builtin/src/base64.c \ mbedtls/tf-psa-crypto/drivers/builtin/src/md5.c \ mbedtls/tf-psa-crypto/drivers/builtin/src/sha1.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/platform_util.c + mbedtls/tf-psa-crypto/drivers/builtin/src/platform_util.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/bignum.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ccm.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/cipher.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ecp.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/entropy.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/gcm.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/rsa.c \ + mbedtls/tf-psa-crypto/core/psa_crypto.c \ + mbedtls/tf-psa-crypto/core/psa_crypto_client.c \ + mbedtls/tf-psa-crypto/core/psa_crypto_slot_management.c \ + mbedtls/tf-psa-crypto/core/psa_crypto_storage.c \ + mbedtls/tf-psa-crypto/core/psa_its_file.c \ + mbedtls/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c + +libmbedcrypto_la_SOURCES = \ + mbedtls/library/mps_reader.c \ + mbedtls/library/mps_trace.c \ + mbedtls/library/net_sockets.c \ + mbedtls/library/pkcs7.c \ + mbedtls/library/ssl_cache.c \ + mbedtls/library/ssl_ciphersuites.c \ + mbedtls/library/ssl_client.c \ + mbedtls/library/ssl_cookie.c \ + mbedtls/library/ssl_msg.c \ + mbedtls/library/ssl_ticket.c \ + mbedtls/library/ssl_tls.c \ + mbedtls/library/ssl_tls12_client.c \ + mbedtls/library/ssl_tls12_server.c \ + mbedtls/library/ssl_tls13_client.c \ + mbedtls/library/ssl_tls13_generic.c \ + mbedtls/library/ssl_tls13_keys.c \ + mbedtls/library/ssl_tls13_server.c \ + mbedtls/library/timing.c \ + mbedtls/library/version.c \ + mbedtls/library/x509.c \ + mbedtls/library/x509_create.c \ + mbedtls/library/x509_crl.c \ + mbedtls/library/x509_crt.c \ + mbedtls/library/x509_csr.c \ + mbedtls/library/x509_oid.c \ + mbedtls/library/x509write.c \ + mbedtls/library/x509write_crt.c \ + mbedtls/library/x509write_csr.c + + libmbedtls_la_CFLAGS = -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" -I$(top_srcdir)/others/mbedtls/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core \ + -I$(top_srcdir)/others/mbedtls/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/src +libmbedcrypto_la_CPPFLAGS = \ + -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" \ + -I$(top_srcdir)/others/mbedtls/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/src \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core + libmbedtls_la_CPPFLAGS = libmbedtls_la_LIBADD = + +#libmbedcrypto_la_CPPFLAGS = +#libmbedcrypto_la_LIBADD = diff --git a/src/Makefile.am b/src/Makefile.am index 14c26697b..2ec0e5be3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -338,6 +338,7 @@ libmodsecurity_la_LIBADD = \ $(LUA_LDADD) \ ../others/libinjection.la \ ../others/libmbedtls.la \ + ../others/libmbedcrypto.la \ $(PCRE_LDADD) \ $(PCRE2_LDADD) \ $(MAXMIND_LDADD) \ diff --git a/src/parser/seclang-scanner.cc b/src/parser/seclang-scanner.cc index ddedb290d..0bd06ae66 100644 --- a/src/parser/seclang-scanner.cc +++ b/src/parser/seclang-scanner.cc @@ -1,5 +1,5 @@ -#line 2 "seclang-scanner.cc" +#line 3 "seclang-scanner.cc" #define YY_INT_ALIGNED short int @@ -5017,7 +5017,7 @@ static std::stack YY_PREVIOUS_STATE; #define BEGIN_PREVIOUS() { BEGIN(YY_PREVIOUS_STATE.top()); YY_PREVIOUS_STATE.pop(); } // The location of the current token. -#line 5020 "seclang-scanner.cc" +#line 5021 "seclang-scanner.cc" #define YY_NO_INPUT 1 #define YY_NO_UNISTD_H 1 @@ -5025,8 +5025,8 @@ static std::stack YY_PREVIOUS_STATE; // Code run each time a pattern is matched. # define YY_USER_ACTION driver.loc.back()->columns (yyleng); -#line 5028 "seclang-scanner.cc" #line 5029 "seclang-scanner.cc" +#line 5030 "seclang-scanner.cc" #define INITIAL 0 #define EXPECTING_ACTION_PREDICATE_VARIABLE 1 @@ -5348,7 +5348,7 @@ YY_DECL // Code run each time yylex is called. driver.loc.back()->step(); -#line 5351 "seclang-scanner.cc" +#line 5352 "seclang-scanner.cc" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -8484,7 +8484,7 @@ YY_RULE_SETUP #line 1350 "seclang-scanner.ll" ECHO; YY_BREAK -#line 8487 "seclang-scanner.cc" +#line 8488 "seclang-scanner.cc" case YY_END_OF_BUFFER: { diff --git a/src/parser/test.cc b/src/parser/test.cc new file mode 100644 index 000000000..e69de29bb diff --git a/src/utils/sha256.h b/src/utils/sha256.h new file mode 100644 index 000000000..c2353ccb1 --- /dev/null +++ b/src/utils/sha256.h @@ -0,0 +1,34 @@ +#ifndef SRC_UTILS_SHA256_H_ +#define SRC_UTILS_SHA256_H_ + +#include "src/utils/sha1.h" // bringt DigestImpl + detail::ensure_psa_init() +#include + +namespace modsecurity::Utils { + +inline int modsec_psa_sha256(const unsigned char *input, + size_t ilen, + unsigned char output[32]) +{ + if (!detail::ensure_psa_init()) { + return -1; + } + + size_t out_len = 0; + psa_status_t status = psa_hash_compute( + PSA_ALG_SHA_256, + input, + ilen, + output, + 32, + &out_len + ); + + return (status == PSA_SUCCESS && out_len == 32) ? 0 : -1; +} + +class Sha256 : public DigestImpl<&modsec_psa_sha256, 32> {}; + +} // namespace modsecurity::Utils + +#endif // SRC_UTILS_SHA256_H_ diff --git a/test/test-cases/secrules-language-tests b/test/test-cases/secrules-language-tests index a3d4405e5..c6e880236 160000 --- a/test/test-cases/secrules-language-tests +++ b/test/test-cases/secrules-language-tests @@ -1 +1 @@ -Subproject commit a3d4405e5a2c90488c387e589c5534974575e35b +Subproject commit c6e8802366ec3182b8c2612e23d14e19e3545b47 From fba1de54963770c26d5d9b7e86cafb305ff2322b Mon Sep 17 00:00:00 2001 From: jens Date: Sun, 21 Dec 2025 15:31:24 +0100 Subject: [PATCH 6/6] Build working: update submodules and autotools files --- configure.ac | 2 +- others/Makefile.am | 150 +++++++++++++++++++++++++-------------------- src/Makefile.am | 1 - 3 files changed, 85 insertions(+), 68 deletions(-) diff --git a/configure.ac b/configure.ac index 7e862120a..266a12f94 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -/# ModSecurity configure.ac +# ModSecurity configure.ac # Get the hash of the last commit, to be used if it is not an diff --git a/others/Makefile.am b/others/Makefile.am index 493b06ba1..91f6e389c 100644 --- a/others/Makefile.am +++ b/others/Makefile.am @@ -1,5 +1,5 @@ -noinst_LTLIBRARIES = libinjection.la libmbedtls.la libmbedcrypto.la +noinst_LTLIBRARIES = libinjection.la libmbedtls.la libinjection_la_SOURCES = \ libinjection/src/libinjection_html5.c \ @@ -22,74 +22,92 @@ noinst_HEADERS = \ mbedtls/tf-psa-crypto/include/mbedtls/platform.h \ mbedtls/tf-psa-crypto/drivers/builtin/include/mbedtls/private/sha1.h -libmbedtls_la_SOURCES = \ - mbedtls/tf-psa-crypto/drivers/builtin/src/base64.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/md5.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/sha1.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/platform_util.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/bignum.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/ccm.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/cipher.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/ecp.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/entropy.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/gcm.c \ - mbedtls/tf-psa-crypto/drivers/builtin/src/rsa.c \ - mbedtls/tf-psa-crypto/core/psa_crypto.c \ - mbedtls/tf-psa-crypto/core/psa_crypto_client.c \ - mbedtls/tf-psa-crypto/core/psa_crypto_slot_management.c \ - mbedtls/tf-psa-crypto/core/psa_crypto_storage.c \ - mbedtls/tf-psa-crypto/core/psa_its_file.c \ - mbedtls/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c - -libmbedcrypto_la_SOURCES = \ - mbedtls/library/mps_reader.c \ - mbedtls/library/mps_trace.c \ - mbedtls/library/net_sockets.c \ - mbedtls/library/pkcs7.c \ - mbedtls/library/ssl_cache.c \ - mbedtls/library/ssl_ciphersuites.c \ - mbedtls/library/ssl_client.c \ - mbedtls/library/ssl_cookie.c \ - mbedtls/library/ssl_msg.c \ - mbedtls/library/ssl_ticket.c \ - mbedtls/library/ssl_tls.c \ - mbedtls/library/ssl_tls12_client.c \ - mbedtls/library/ssl_tls12_server.c \ - mbedtls/library/ssl_tls13_client.c \ - mbedtls/library/ssl_tls13_generic.c \ - mbedtls/library/ssl_tls13_keys.c \ - mbedtls/library/ssl_tls13_server.c \ - mbedtls/library/timing.c \ - mbedtls/library/version.c \ - mbedtls/library/x509.c \ - mbedtls/library/x509_create.c \ - mbedtls/library/x509_crl.c \ - mbedtls/library/x509_crt.c \ - mbedtls/library/x509_csr.c \ - mbedtls/library/x509_oid.c \ - mbedtls/library/x509write.c \ - mbedtls/library/x509write_crt.c \ - mbedtls/library/x509write_csr.c +MBED_PSA_CORE_SOURCES = \ + mbedtls/tf-psa-crypto/core/psa_crypto.c \ + mbedtls/tf-psa-crypto/core/psa_crypto_client.c \ + mbedtls/tf-psa-crypto/core/psa_crypto_slot_management.c \ + mbedtls/tf-psa-crypto/core/psa_crypto_storage.c \ + mbedtls/tf-psa-crypto/core/psa_its_file.c \ + mbedtls/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c +MBED_BUILTIN_SOURCES = \ + mbedtls/tf-psa-crypto/drivers/builtin/src/aes.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/aesce.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/aesni.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/aria.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/asn1parse.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/asn1write.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/base64.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/bignum.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/bignum_core.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/bignum_mod.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/bignum_mod_raw.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/block_cipher.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/camellia.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ccm.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/chacha20.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/chachapoly.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/cipher.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/cipher_wrap.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/cmac.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/constant_time.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ecdh.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ecdsa.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ecjpake.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ecp.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ecp_curves.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ecp_curves_new.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/entropy.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/entropy_poll.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/gcm.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/hmac_drbg.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/md.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/md5.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/memory_buffer_alloc.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/nist_kw.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/oid.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/pem.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/pk.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/pk_ecc.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/pk_rsa.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/pk_wrap.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/pkcs5.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/pkparse.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/pkwrite.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/platform.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/platform_util.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/poly1305.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/psa_util.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/ripemd160.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/rsa.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/sha1.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/sha256.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/sha3.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/sha512.c \ + mbedtls/tf-psa-crypto/drivers/builtin/src/threading.c +libmbedtls_la_SOURCES = \ + $(MBED_PSA_CORE_SOURCES) \ + $(MBED_BUILTIN_SOURCES) -libmbedtls_la_CFLAGS = -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" -I$(top_srcdir)/others/mbedtls/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core \ - -I$(top_srcdir)/others/mbedtls/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/src -libmbedcrypto_la_CPPFLAGS = \ - -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" \ - -I$(top_srcdir)/others/mbedtls/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/src \ - -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core +libmbedtls_la_CPPFLAGS = \ + -DMBEDTLS_CONFIG_FILE=\"mbedtls/mbedtls_config.h\" \ + -I$(top_srcdir)/others/mbedtls/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/core \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/include \ + -I$(top_srcdir)/others/mbedtls/tf-psa-crypto/drivers/builtin/src -libmbedtls_la_CPPFLAGS = +#libmbedtls_la_CPPFLAGS = libmbedtls_la_LIBADD = -#libmbedcrypto_la_CPPFLAGS = -#libmbedcrypto_la_LIBADD = diff --git a/src/Makefile.am b/src/Makefile.am index 2ec0e5be3..14c26697b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -338,7 +338,6 @@ libmodsecurity_la_LIBADD = \ $(LUA_LDADD) \ ../others/libinjection.la \ ../others/libmbedtls.la \ - ../others/libmbedcrypto.la \ $(PCRE_LDADD) \ $(PCRE2_LDADD) \ $(MAXMIND_LDADD) \