Keep module compatibility with mbedtls 2.x (old LTS branch).
A patch has been added to allow compiling after removing all the `psa_*`
files from the library folder (will look into upstreaming it).
Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires
some module changes, and to enable PSA crypto (new "standard" API
specification), so it might be best done in a separate commit/PR.
This commit adds a new mbedTLS configuration header to customize the
built-in library (and can be optionally replaced by a platform-specific
one).
Currently, it disables most weak cryptographic functions (with the
notable exceptions of MD5 and SHA-1), along with removing support for
TLS versions 1.0 and 1.1 (making TLSv1.2 the only supported one).
As a cryptographically secure random generator.
Internally it uses mbedTLS CTR-DRBG implementation which gets re-seeded
with entropy from OS::get_entropy when needed.
CryptoCore now additionally depends on `ctr_drbg.c` and `entropy.c`
thirdparty mbedtls files.
Keep applying the windows entropy patch (UWP support).
Remove no longer needed padlock patch.
Update thirdparty README to reflect changes, and new source inclusion
criteria.
Since we clone the environments to build thirdparty code, we don't get an
explicit dependency on the build objects produced by that environment.
So when we update thirdparty code, Godot code using it is not necessarily
rebuilt (I think it is for changed headers, but not for changed .c/.cpp files),
which can lead to an invalid compilation output (linking old Godot .o files
with a newer, potentially ABI breaking version of thirdparty code).
This was only seen as really problematic with bullet updates (leading to
crashes when rebuilding Godot after a bullet update without cleaning .o files),
but it's safer to fix it everywhere, even if it's a LOT of hacky boilerplate.
Configured for a max line length of 120 characters.
psf/black is very opinionated and purposely doesn't leave much room for
configuration. The output is mostly OK so that should be fine for us,
but some things worth noting:
- Manually wrapped strings will be reflowed, so by using a line length
of 120 for the sake of preserving readability for our long command
calls, it also means that some manually wrapped strings are back on
the same line and should be manually merged again.
- Code generators using string concatenation extensively look awful,
since black puts each operand on a single line. We need to refactor
these generators to use more pythonic string formatting, for which
many options are available (`%`, `format` or f-strings).
- CI checks and a pre-commit hook will be added to ensure that future
buildsystem changes are well-formatted.