diff options
| author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2024-08-31 16:37:44 +0200 |
|---|---|---|
| committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2024-09-26 17:37:38 +0200 |
| commit | 8ffb7699af98790b6a39c0d425945145e199e67a (patch) | |
| tree | e1218dc03fb621851112a8132e20676e3c559175 /modules/mbedtls | |
| parent | a0d1ba4a3d1760f48ef3297a6299ee3dbc1260e1 (diff) | |
| download | redot-engine-8ffb7699af98790b6a39c0d425945145e199e67a.tar.gz | |
[mbedTLS] Enable TLS 1.3 support
Move library initialization to module registration functions.
Only set library debug threshold when verbose output is enabled.
TLSv1.3 functions seems to be a bit more verbose then expected, and
generate a lot of noise. Yet, some level of debugging without
recompiling the engine would be nice. We should discuss this upstream.
Diffstat (limited to 'modules/mbedtls')
| -rw-r--r-- | modules/mbedtls/SCsub | 16 | ||||
| -rw-r--r-- | modules/mbedtls/crypto_mbedtls.cpp | 4 | ||||
| -rw-r--r-- | modules/mbedtls/register_types.cpp | 27 |
3 files changed, 43 insertions, 4 deletions
diff --git a/modules/mbedtls/SCsub b/modules/mbedtls/SCsub index e217ca5ca4..6183fa5944 100644 --- a/modules/mbedtls/SCsub +++ b/modules/mbedtls/SCsub @@ -66,6 +66,22 @@ if env["builtin_mbedtls"]: "platform.c", "platform_util.c", "poly1305.c", + "psa_crypto.c", + "psa_crypto_aead.c", + "psa_crypto_cipher.c", + "psa_crypto_client.c", + "psa_crypto_driver_wrappers_no_static.c", + "psa_crypto_ecp.c", + "psa_crypto_ffdh.c", + "psa_crypto_hash.c", + "psa_crypto_mac.c", + "psa_crypto_pake.c", + "psa_crypto_rsa.c", + "psa_crypto_se.c", + "psa_crypto_slot_management.c", + "psa_crypto_storage.c", + "psa_its_file.c", + "psa_util.c", "ripemd160.c", "rsa.c", "rsa_alt_helpers.c", diff --git a/modules/mbedtls/crypto_mbedtls.cpp b/modules/mbedtls/crypto_mbedtls.cpp index 0d97b5fc1a..be7aaef9d4 100644 --- a/modules/mbedtls/crypto_mbedtls.cpp +++ b/modules/mbedtls/crypto_mbedtls.cpp @@ -314,10 +314,6 @@ Crypto *CryptoMbedTLS::create(bool p_notify_postinitialize) { } void CryptoMbedTLS::initialize_crypto() { -#ifdef DEBUG_ENABLED - mbedtls_debug_set_threshold(1); -#endif - Crypto::_create = create; Crypto::_load_default_certificates = load_default_certificates; X509CertificateMbedTLS::make_default(); diff --git a/modules/mbedtls/register_types.cpp b/modules/mbedtls/register_types.cpp index df5bce05e4..bf65dfb0b7 100644 --- a/modules/mbedtls/register_types.cpp +++ b/modules/mbedtls/register_types.cpp @@ -35,15 +35,34 @@ #include "packet_peer_mbed_dtls.h" #include "stream_peer_mbedtls.h" +#if MBEDTLS_VERSION_MAJOR >= 3 +#include <psa/crypto.h> +#endif + #ifdef TESTS_ENABLED #include "tests/test_crypto_mbedtls.h" #endif +static bool godot_mbedtls_initialized = false; + void initialize_mbedtls_module(ModuleInitializationLevel p_level) { if (p_level != MODULE_INITIALIZATION_LEVEL_SCENE) { return; } +#if MBEDTLS_VERSION_MAJOR >= 3 + int status = psa_crypto_init(); + ERR_FAIL_COND_MSG(status != PSA_SUCCESS, "Failed to initialize psa crypto. The mbedTLS modules will not work."); +#endif + +#ifdef DEBUG_ENABLED + if (OS::get_singleton()->is_stdout_verbose()) { + mbedtls_debug_set_threshold(1); + } +#endif + + godot_mbedtls_initialized = true; + CryptoMbedTLS::initialize_crypto(); StreamPeerMbedTLS::initialize_tls(); PacketPeerMbedDTLS::initialize_dtls(); @@ -55,6 +74,14 @@ void uninitialize_mbedtls_module(ModuleInitializationLevel p_level) { return; } + if (!godot_mbedtls_initialized) { + return; + } + +#if MBEDTLS_VERSION_MAJOR >= 3 + mbedtls_psa_crypto_free(); +#endif + DTLSServerMbedTLS::finalize(); PacketPeerMbedDTLS::finalize_dtls(); StreamPeerMbedTLS::finalize_tls(); |