Commit Graph

35 Commits

Author SHA1 Message Date
Fabio Alessandrelli
060097bbf8 mbedTLS: Fix build without the module on MinGW
The `include/mbedtls/check_config.h` header file has a generic check
which requires `MBEDTLS_PLATFORM_C` to be defined on Windows when
building with MinGW and ancient MSVC versions.

The few mbedTLS files we include in builds without the module don't
really require anything from the mbedTLS platform file beside the
`mbedtls_platform_zeroize` function which we already override with a
custom one by defining `MBEDTLS_PLATFORM_ZEROIZE_ALT`.

So we simply add the same check and force the define in such case.
2024-04-15 16:05:54 +02:00
Fabio Alessandrelli
c985b74d89 mbedTLS: Add patch to fix build errors with some MSVC versions 2024-04-11 16:11:54 +02:00
Lyuma
40fa684c18 mbedTLS: Update to new LTS v3.6.0
Keep module compatibility with mbedtls 2.x (old LTS branch).

A patch has been added to allow compiling after removing all the `psa_*`
files from the library folder (will look into upstreaming it).

Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires
some module changes, and to enable PSA crypto (new "standard" API
specification), so it might be best done in a separate commit/PR.
2024-04-10 21:19:22 +02:00
Rémi Verschelde
915ca4dd45
mbedtls: Update to upstream version 2.28.8 2024-04-04 18:05:30 +02:00
Rémi Verschelde
dec635119e
mbedtls: Update to upstream version 2.28.7 2024-01-30 14:09:13 +01:00
Fabio Alessandrelli
5333365593 mbedTLS: Update to version 2.18.5 2023-10-21 14:34:58 +02:00
Rémi Verschelde
d63c1a3953
mbedtls: Fix MSVC ARM build after 2.28.3 enabled AES-NI intrinsics 2023-09-07 10:59:26 +02:00
Rémi Verschelde
1f6340bc46
mbedtls: Update to upstream version 2.28.4 2023-08-07 14:39:49 +02:00
Fabio Alessandrelli
024a4b1f2a mbedTLS: disable weak crypto and TLS versions.
This commit adds a new mbedTLS configuration header to customize the
built-in library (and can be optionally replaced by a platform-specific
one).

Currently, it disables most weak cryptographic functions (with the
notable exceptions of MD5 and SHA-1), along with removing support for
TLS versions 1.0 and 1.1 (making TLSv1.2 the only supported one).
2023-05-10 11:13:19 +02:00
Rémi Verschelde
1fde2092d0
mbedtls: Update to upstream version 2.28.3
Rediff patch from PR 1453, lstrlenW is no longer used upstream so
that part of the patch was dropped.
2023-04-18 10:38:24 +02:00
Rémi Verschelde
6e65244b6b
mbedtls: Update to upstream version 2.28.2 2022-12-21 12:05:54 +01:00
Fabio Alessandrelli
baa261cdc8 Bump mbedtls to 2.18.1 (headers). 2022-07-18 18:25:29 +02:00
Fabio Alessandrelli
ee7b67e135 [Crypto] Implement CryptoCore::RandomGenerator.
As a cryptographically secure random generator.

Internally it uses mbedTLS CTR-DRBG implementation which gets re-seeded
with entropy from OS::get_entropy when needed.

CryptoCore now additionally depends on `ctr_drbg.c` and `entropy.c`
thirdparty mbedtls files.
2022-02-14 10:45:50 +01:00
Fabio Alessandrelli
e375cbd094 Bump mbedTLS version to 2.28.0 (new LTS).
Keep applying the windows entropy patch (UWP support).
Remove no longer needed padlock patch.
Update thirdparty README to reflect changes, and new source inclusion
criteria.
2021-12-21 13:26:02 +01:00
Fabio Alessandrelli
36d316876b Bump mbedtls to 2.16.12
Remove upstreamed patches.
Re-apply padlock and uwp patches.

NOTE: We could replace our padloack patch with mbedtls 3452.
2021-12-20 13:58:54 +01:00
Rémi Verschelde
4cf3056ca6
mbedtls: Backport "Fix x86_64 assembly for bignum multiplication"
Backports PR https://github.com/ARMmbed/mbedtls/pull/4948 to fix a regression
with our macOS builds using Clang 12.

Fixes #53297.
2021-10-14 11:03:03 +02:00
Rémi Verschelde
cd7b25588b
mbedtls: Update to upstream version 2.16.11 2021-07-20 12:32:46 +02:00
Fabio Alessandrelli
18bc1f2a8f Bump mbedtls to version 2.16.10. 2021-03-12 18:37:34 +01:00
Rémi Verschelde
2872006039
mbedtls: Update to upstream version 2.16.9 2020-12-18 21:43:21 +01:00
Fabio Alessandrelli
a905764e3d Update mbedTLS to version 2.16.8 (+ patch). 2020-09-07 15:47:38 +02:00
Fabio Alessandrelli
8ddf9fe4b0 Update to mbedtls 2.16.7 2020-07-02 15:53:50 +02:00
Rémi Verschelde
6b00357d53 mbedtls: Update to upstream version 2.16.6
Fixes https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
2020-04-21 10:37:14 +02:00
Rémi Verschelde
8189abd64a mbedtls: Re-add patch to disable VIA padlock
The comment mentioned a conflict with libwebsockets, but we actually
still get this conflict even now that we don't use libwebsockets.
Not sure what component is clashing but we should basically just keep
this patch.

Follow-up to #36823.
2020-03-10 09:15:00 +01:00
Rémi Verschelde
e435bed847 mbedtls: Update to upstream version 2.16.5
Fixes https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02

Drop patch to disable VIA padlock since we no longer use libwebsockets,
so there's no conflict anymore.
2020-03-05 16:12:50 +01:00
Rémi Verschelde
724487b3c1 mbedtls: Update to upstream version 2.16.4
Fixes CVE-2019-18222.

`include/mbedtls/version.h` was modified to include the forgotten
version bump to 2.16.4, fixed upstream by ARMmbed/mbedtls#2992.
2020-01-26 18:19:29 +01:00
Rémi Verschelde
a3d77be53b mbedtls: Update to upstream version 2.16.3 2019-11-12 08:56:18 +01:00
Rémi Verschelde
6321cc8da3 mbedtls: Update to upstream version 2.16.2 2019-07-11 08:32:07 +02:00
Fabio Alessandrelli
564d93ff10 CryptoCore class to access to base crypto utils.
Godot core needs MD5/SHA256/AES/Base64 which used to be provided by
separate libraries.
Since we bundle mbedtls in most cases, and we can easily only include
the needed sources if we so desire, let's use it.

To simplify library changes in the future, and better isolate header
dependencies all functions have been wrapped around inside a class in
`core/math/crypto_base.h`.

If the mbedtls module is disabled, we only bundle the needed source
files independently of the `builtin_mbedtls` option.
If the module is enabled, the `builtin_mbedtls` option works as usual.

Also remove some unused headers from StreamPeerMbedTLS which were
causing build issues.
2019-07-02 12:36:27 +02:00
Hein-Pieter van Braam
e33e0a5ea7 Disable support for VIA Padlock
This code defines a symbol 'unsupported' which is also in a newer
version of libwebsockets. To fix 32bit linux builds just disable
padlock support. Processors that support this are rare and old.
2019-02-24 00:11:35 +00:00
Fabio Alessandrelli
2e495c73d6 Bump mbedTLS to version 2.16 (LTS version) 2019-02-20 01:30:32 +01:00
Hein-Pieter van Braam
e9ee1273de Disable support for VIA Padlock
This code defines a symbol 'unsupported' which is also in a newer
version of libwebsockets. To fix 32bit linux builds just disable
padlock support. Processors that support this are rare and old.
2019-01-01 19:24:21 +01:00
Rémi Verschelde
d8e1cd7a10 mbedtls: Update to upstream version 2.12.0
_WIN32_WINNT redefinition fix is no longer needed as it was merged
upstream. PR 1453 is still not merged, diff updated to current state.
2018-07-28 11:16:58 +02:00
Fabio Alessandrelli
888379e513 Bump mbedTLS to version 2.10.0 2018-06-07 18:50:44 +02:00
Fabio Alessandrelli
febec68763 Update mbedTLS to version 2.8.0 2018-04-03 19:25:24 +02:00
Fabio Alessandrelli
b33d10ccdf Add mbedTLS lib. Version 2.7.0, license Apache 2.0 2018-02-14 01:26:23 +01:00