Commit graph

4 commits

Author SHA1 Message Date
Fabio Alessandrelli
8ffb7699af [mbedTLS] Enable TLS 1.3 support
Move library initialization to module registration functions.

Only set library debug threshold when verbose output is enabled.

TLSv1.3 functions seems to be a bit more verbose then expected, and
generate a lot of noise. Yet, some level of debugging without
recompiling the engine would be nice. We should discuss this upstream.
2024-09-26 17:37:38 +02:00
Rémi Verschelde
13b42d9755
mbedtls: Disable AESCE on Linux ARM32, doesn't compile on our target arch
Our current Linux SDK for ARM32 from https://github.com/godotengine/buildroot
targets a relatively conservative baseline of neon-fp-armv8, and (at least based
on build issues I got) this doesn't seem to include hardware AES support.

Fixes #91352.
2024-04-30 10:40:32 +02:00
Lyuma
40fa684c18 mbedTLS: Update to new LTS v3.6.0
Keep module compatibility with mbedtls 2.x (old LTS branch).

A patch has been added to allow compiling after removing all the `psa_*`
files from the library folder (will look into upstreaming it).

Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires
some module changes, and to enable PSA crypto (new "standard" API
specification), so it might be best done in a separate commit/PR.
2024-04-10 21:19:22 +02:00
Fabio Alessandrelli
024a4b1f2a mbedTLS: disable weak crypto and TLS versions.
This commit adds a new mbedTLS configuration header to customize the
built-in library (and can be optionally replaced by a platform-specific
one).

Currently, it disables most weak cryptographic functions (with the
notable exceptions of MD5 and SHA-1), along with removing support for
TLS versions 1.0 and 1.1 (making TLSv1.2 the only supported one).
2023-05-10 11:13:19 +02:00