Commit graph

6 commits

Author SHA1 Message Date
Fabio Alessandrelli
024a4b1f2a mbedTLS: disable weak crypto and TLS versions.
This commit adds a new mbedTLS configuration header to customize the
built-in library (and can be optionally replaced by a platform-specific
one).

Currently, it disables most weak cryptographic functions (with the
notable exceptions of MD5 and SHA-1), along with removing support for
TLS versions 1.0 and 1.1 (making TLSv1.2 the only supported one).
2023-05-10 11:13:19 +02:00
Fabio Alessandrelli
ee7b67e135 [Crypto] Implement CryptoCore::RandomGenerator.
As a cryptographically secure random generator.

Internally it uses mbedTLS CTR-DRBG implementation which gets re-seeded
with entropy from OS::get_entropy when needed.

CryptoCore now additionally depends on `ctr_drbg.c` and `entropy.c`
thirdparty mbedtls files.
2022-02-14 10:45:50 +01:00
Fabio Alessandrelli
e375cbd094 Bump mbedTLS version to 2.28.0 (new LTS).
Keep applying the windows entropy patch (UWP support).
Remove no longer needed padlock patch.
Update thirdparty README to reflect changes, and new source inclusion
criteria.
2021-12-21 13:26:02 +01:00
Rémi Verschelde
c7b53c03ae
SCons: Add explicit dependencies on thirdparty code in cloned env
Since we clone the environments to build thirdparty code, we don't get an
explicit dependency on the build objects produced by that environment.

So when we update thirdparty code, Godot code using it is not necessarily
rebuilt (I think it is for changed headers, but not for changed .c/.cpp files),
which can lead to an invalid compilation output (linking old Godot .o files
with a newer, potentially ABI breaking version of thirdparty code).

This was only seen as really problematic with bullet updates (leading to
crashes when rebuilding Godot after a bullet update without cleaning .o files),
but it's safer to fix it everywhere, even if it's a LOT of hacky boilerplate.
2020-12-18 10:29:34 +01:00
Rémi Verschelde
cd4e46ee65 SCons: Format buildsystem files with psf/black
Configured for a max line length of 120 characters.

psf/black is very opinionated and purposely doesn't leave much room for
configuration. The output is mostly OK so that should be fine for us,
but some things worth noting:

- Manually wrapped strings will be reflowed, so by using a line length
  of 120 for the sake of preserving readability for our long command
  calls, it also means that some manually wrapped strings are back on
  the same line and should be manually merged again.

- Code generators using string concatenation extensively look awful,
  since black puts each operand on a single line. We need to refactor
  these generators to use more pythonic string formatting, for which
  many options are available (`%`, `format` or f-strings).

- CI checks and a pre-commit hook will be added to ensure that future
  buildsystem changes are well-formatted.
2020-03-30 09:05:53 +02:00
Fabio Alessandrelli
1b36aa662c Add Crypto custom class 2019-08-21 16:59:35 +02:00