build: Add preliminary build support for mbedTLS 4

2026-03-27 23:37:05 -05:00 · 2025-12-05 20:20:11 +01:00
parent ab3853eb9d
commit 6652750044
5 changed files with 45 additions and 35 deletions
--- a/cmake/modules/FindmbedTLS.cmake
+++ b/cmake/modules/FindmbedTLS.cmake
@@ -26,8 +26,9 @@ SET(MBEDTLS_FIND_QUIETLY TRUE)
 FIND_LIBRARY(MBEDTLS_LIBRARY NAMES mbedtls libmbedtls libmbedx509)
 FIND_LIBRARY(MBEDX509_LIBRARY NAMES mbedx509 libmbedx509)
 FIND_LIBRARY(MBEDCRYPTO_LIBRARY NAMES mbedcrypto libmbedcrypto)
+FIND_LIBRARY(TFPSACRYPTO_LIBRARY NAMES libtfpsacrypto tfpsacrypto)

-IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND MBEDCRYPTO_LIBRARY)
+IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND (MBEDCRYPTO_LIBRARY OR TFPSACRYPTO_LIBRARY))
    SET(MBEDTLS_FOUND TRUE)
 ENDIF()

@@ -37,14 +38,24 @@ IF(MBEDTLS_FOUND)
    GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY} NAME_WE)
    GET_FILENAME_COMPONENT(MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY} NAME_WE)
    GET_FILENAME_COMPONENT(MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY} NAME_WE)
+    GET_FILENAME_COMPONENT(TFPSACRYPTO_LIBRARY_FILE ${TFPSACRYPTO_LIBRARY} NAME_WE)
    STRING(REGEX REPLACE "^lib" "" MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY_FILE})
    STRING(REGEX REPLACE "^lib" "" MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY_FILE})
    STRING(REGEX REPLACE "^lib" "" MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE})
+    STRING(REGEX REPLACE "^lib" "" TFPSACRYPTO_LIBRARY_FILE ${TFPSACRYPTO_LIBRARY_FILE})
+
+    if (NOT TFPSACRYPTO_LIBRARY_FILE STREQUAL "")
+        SET(MBEDTLS_CRYPTO_LIBRARY_FILE ${TFPSACRYPTO_LIBRARY_FILE})
+    elseif (NOT MBEDCRYPTO_LIBRARY_FILE STREQUAL "")
+        SET(MBEDTLS_CRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE})
+    else ()
+        MESSAGE(FATAL_ERROR "Could not find mbedTLS Crypto library")
+    endif()

    if (MSVC)
-        SET(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY_FILE}.lib ${MBEDX509_LIBRARY_FILE}.lib ${MBEDCRYPTO_LIBRARY_FILE}.lib)
+        SET(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY_FILE}.lib ${MBEDX509_LIBRARY_FILE}.lib ${MBEDTLS_CRYPTO_LIBRARY_FILE}.lib)
    else()
-        SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDCRYPTO_LIBRARY_FILE}")
+        SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDTLS_CRYPTO_LIBRARY_FILE}")
    endif()

    IF(NOT MBEDTLS_FIND_QUIETLY)
--- a/dist/macOS/Brewfile
+++ b/dist/macOS/Brewfile
@@ -1,4 +1,4 @@
-brew "mbedtls@3", link: true
+brew "mbedtls"
 brew "nlohmann-json"
 brew "cmake"
 brew "ccache"
--- a/lib/libimhex/source/helpers/crypto.cpp
+++ b/lib/libimhex/source/helpers/crypto.cpp
@@ -8,12 +8,24 @@

 #include <mbedtls/version.h>
 #include <mbedtls/base64.h>
+
+#if MBEDTLS_VERSION_MAJOR >= 4
+    // TODO: We'll need to migrate to the new <psa/crypto.h> eventually. For now, just include the old stuff again
+    #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
+    #include <mbedtls/private/bignum.h>
+    #include <mbedtls/private/md5.h>
+    #include <mbedtls/private/sha1.h>
+    #include <mbedtls/private/sha256.h>
+    #include <mbedtls/private/sha512.h>
+    #include <mbedtls/private/cipher.h>
+#else
    #include <mbedtls/bignum.h>
    #include <mbedtls/md5.h>
    #include <mbedtls/sha1.h>
    #include <mbedtls/sha256.h>
    #include <mbedtls/sha512.h>
    #include <mbedtls/cipher.h>
+#endif

 #include <array>
 #include <functional>
@@ -22,26 +34,6 @@
 #include <bit>
 #include <span>

-#if MBEDTLS_VERSION_MAJOR <= 2
-
-    #define mbedtls_md5_starts mbedtls_md5_starts_ret
-    #define mbedtls_md5_update mbedtls_md5_update_ret
-    #define mbedtls_md5_finish mbedtls_md5_finish_ret
-
-    #define mbedtls_sha1_starts mbedtls_sha1_starts_ret
-    #define mbedtls_sha1_update mbedtls_sha1_update_ret
-    #define mbedtls_sha1_finish mbedtls_sha1_finish_ret
-
-    #define mbedtls_sha256_starts mbedtls_sha256_starts_ret
-    #define mbedtls_sha256_update mbedtls_sha256_update_ret
-    #define mbedtls_sha256_finish mbedtls_sha256_finish_ret
-
-    #define mbedtls_sha512_starts mbedtls_sha512_starts_ret
-    #define mbedtls_sha512_update mbedtls_sha512_update_ret
-    #define mbedtls_sha512_finish mbedtls_sha512_finish_ret
-
-#endif
-
 namespace hex::crypt {
    using namespace std::placeholders;

--- a/lib/third_party/yara/crypto.h
+++ b/lib/third_party/yara/crypto.h
@@ -117,9 +117,18 @@ typedef CC_SHA256_CTX yr_sha256_ctx;
 #define yr_sha256_final(digest, ctx)     CC_SHA256_Final(digest, ctx)

 #elif defined(HAVE_MBEDTLS)
+
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_MAJOR >= 4
+  #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
+  #include <mbedtls/private/md5.h>
+  #include <mbedtls/private/sha1.h>
+  #include <mbedtls/private/sha256.h>
+#else
  #include <mbedtls/md5.h>
  #include <mbedtls/sha1.h>
  #include <mbedtls/sha256.h>
+#endif

 typedef mbedtls_md5_context yr_md5_ctx;
 typedef mbedtls_sha1_context yr_sha1_ctx;
--- a/plugins/builtin/source/content/data_processor_nodes/decode_nodes.cpp
+++ b/plugins/builtin/source/content/data_processor_nodes/decode_nodes.cpp
@@ -4,8 +4,6 @@
 #include <hex/helpers/scaling.hpp>
 #include <hex/helpers/crypto.hpp>
 #include <hex/data_processor/node.hpp>
-
-#include <mbedtls/cipher.h>
 #include <mbedtls/error.h>

 #include <nlohmann/json.hpp>