Commit graph

17 commits

Author SHA1 Message Date
Fabio Alessandrelli
8ffb7699af [mbedTLS] Enable TLS 1.3 support
Move library initialization to module registration functions.

Only set library debug threshold when verbose output is enabled.

TLSv1.3 functions seems to be a bit more verbose then expected, and
generate a lot of noise. Yet, some level of debugging without
recompiling the engine would be nice. We should discuss this upstream.
2024-09-26 17:37:38 +02:00
Thaddeus Crews
9f9ee0c813
SCons: Add unobtrusive type hints in SCons files 2024-09-25 09:34:35 -05:00
Lyuma
40fa684c18 mbedTLS: Update to new LTS v3.6.0
Keep module compatibility with mbedtls 2.x (old LTS branch).

A patch has been added to allow compiling after removing all the `psa_*`
files from the library folder (will look into upstreaming it).

Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires
some module changes, and to enable PSA crypto (new "standard" API
specification), so it might be best done in a separate commit/PR.
2024-04-10 21:19:22 +02:00
Thaddeus Crews
7918d50297
SCons: Fix Ninja compilation with MSVC 2024-04-04 10:16:33 -05:00
Edward Moulsdale
e461496ecb Add unit tests for CryptoKey 2024-03-01 07:17:59 +00:00
Fabio Alessandrelli
024a4b1f2a mbedTLS: disable weak crypto and TLS versions.
This commit adds a new mbedTLS configuration header to customize the
built-in library (and can be optionally replaced by a platform-specific
one).

Currently, it disables most weak cryptographic functions (with the
notable exceptions of MD5 and SHA-1), along with removing support for
TLS versions 1.0 and 1.1 (making TLSv1.2 the only supported one).
2023-05-10 11:13:19 +02:00
Fabio Alessandrelli
e375cbd094 Bump mbedTLS version to 2.28.0 (new LTS).
Keep applying the windows entropy patch (UWP support).
Remove no longer needed padlock patch.
Update thirdparty README to reflect changes, and new source inclusion
criteria.
2021-12-21 13:26:02 +01:00
Rémi Verschelde
76c6007aa6
Cleanup: Remove executable bit from files which don't need it
Drop unused xpmfix.sh script.
2021-01-19 23:36:42 +01:00
Rémi Verschelde
c7b53c03ae
SCons: Add explicit dependencies on thirdparty code in cloned env
Since we clone the environments to build thirdparty code, we don't get an
explicit dependency on the build objects produced by that environment.

So when we update thirdparty code, Godot code using it is not necessarily
rebuilt (I think it is for changed headers, but not for changed .c/.cpp files),
which can lead to an invalid compilation output (linking old Godot .o files
with a newer, potentially ABI breaking version of thirdparty code).

This was only seen as really problematic with bullet updates (leading to
crashes when rebuilding Godot after a bullet update without cleaning .o files),
but it's safer to fix it everywhere, even if it's a LOT of hacky boilerplate.
2020-12-18 10:29:34 +01:00
Jon Bonazza
d5925fd522 feat: HMAC support in Crypto APIs 2020-11-26 18:39:56 -08:00
Rémi Verschelde
cd4e46ee65 SCons: Format buildsystem files with psf/black
Configured for a max line length of 120 characters.

psf/black is very opinionated and purposely doesn't leave much room for
configuration. The output is mostly OK so that should be fine for us,
but some things worth noting:

- Manually wrapped strings will be reflowed, so by using a line length
  of 120 for the sake of preserving readability for our long command
  calls, it also means that some manually wrapped strings are back on
  the same line and should be manually merged again.

- Code generators using string concatenation extensively look awful,
  since black puts each operand on a single line. We need to refactor
  these generators to use more pythonic string formatting, for which
  many options are available (`%`, `format` or f-strings).

- CI checks and a pre-commit hook will be added to ensure that future
  buildsystem changes are well-formatted.
2020-03-30 09:05:53 +02:00
Rémi Verschelde
3a2ca68af3 SCons: Build thirdparty code in own env, disable warnings
Also remove unnecessary `Export('env')` in other SCsubs,
Export should only be used when exporting *new* objects.
2018-09-28 14:07:39 +02:00
Rémi Verschelde
d8e1cd7a10 mbedtls: Update to upstream version 2.12.0
_WIN32_WINNT redefinition fix is no longer needed as it was merged
upstream. PR 1453 is still not merged, diff updated to current state.
2018-07-28 11:16:58 +02:00
Fabio Alessandrelli
888379e513 Bump mbedTLS to version 2.10.0 2018-06-07 18:50:44 +02:00
Fabio Alessandrelli
659c62ee33 Use Prepend instead of Append for mbedTLS include
Fixes build on FreeBSD when system-wide mbedTLS and/or openSSL are installed
2018-02-28 20:02:16 +01:00
Fabio Alessandrelli
bd3c27ba78 Allow building with system wide mbedtls on X11
Using builtin_mbedtls=yes is still the default as many distributions
do not ship with mbedtls included.
2018-02-14 01:34:25 +01:00
Fabio Alessandrelli
67b600d957 Add mbedtls module 2018-02-14 01:26:23 +01:00