[mbedTLS] Enable TLS 1.3 support
Move library initialization to module registration functions. Only set library debug threshold when verbose output is enabled. TLSv1.3 functions seems to be a bit more verbose then expected, and generate a lot of noise. Yet, some level of debugging without recompiling the engine would be nice. We should discuss this upstream.
This commit is contained in:
Fabio Alessandrelli
@@ -66,6 +66,22 @@ if env["builtin_mbedtls"]:
|
||||
"platform.c",
|
||||
"platform_util.c",
|
||||
"poly1305.c",
|
||||
"psa_crypto.c",
|
||||
"psa_crypto_aead.c",
|
||||
"psa_crypto_cipher.c",
|
||||
"psa_crypto_client.c",
|
||||
"psa_crypto_driver_wrappers_no_static.c",
|
||||
"psa_crypto_ecp.c",
|
||||
"psa_crypto_ffdh.c",
|
||||
"psa_crypto_hash.c",
|
||||
"psa_crypto_mac.c",
|
||||
"psa_crypto_pake.c",
|
||||
"psa_crypto_rsa.c",
|
||||
"psa_crypto_se.c",
|
||||
"psa_crypto_slot_management.c",
|
||||
"psa_crypto_storage.c",
|
||||
"psa_its_file.c",
|
||||
"psa_util.c",
|
||||
"ripemd160.c",
|
||||
"rsa.c",
|
||||
"rsa_alt_helpers.c",
|
||||
|
||||
@@ -314,10 +314,6 @@ Crypto *CryptoMbedTLS::create(bool p_notify_postinitialize) {
|
||||
}
|
||||
|
||||
void CryptoMbedTLS::initialize_crypto() {
|
||||
#ifdef DEBUG_ENABLED
|
||||
mbedtls_debug_set_threshold(1);
|
||||
#endif
|
||||
|
||||
Crypto::_create = create;
|
||||
Crypto::_load_default_certificates = load_default_certificates;
|
||||
X509CertificateMbedTLS::make_default();
|
||||
|
||||
@@ -35,15 +35,34 @@
|
||||
#include "packet_peer_mbed_dtls.h"
|
||||
#include "stream_peer_mbedtls.h"
|
||||
|
||||
#if MBEDTLS_VERSION_MAJOR >= 3
|
||||
#include <psa/crypto.h>
|
||||
#endif
|
||||
|
||||
#ifdef TESTS_ENABLED
|
||||
#include "tests/test_crypto_mbedtls.h"
|
||||
#endif
|
||||
|
||||
static bool godot_mbedtls_initialized = false;
|
||||
|
||||
void initialize_mbedtls_module(ModuleInitializationLevel p_level) {
|
||||
if (p_level != MODULE_INITIALIZATION_LEVEL_SCENE) {
|
||||
return;
|
||||
}
|
||||
|
||||
#if MBEDTLS_VERSION_MAJOR >= 3
|
||||
int status = psa_crypto_init();
|
||||
ERR_FAIL_COND_MSG(status != PSA_SUCCESS, "Failed to initialize psa crypto. The mbedTLS modules will not work.");
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_ENABLED
|
||||
if (OS::get_singleton()->is_stdout_verbose()) {
|
||||
mbedtls_debug_set_threshold(1);
|
||||
}
|
||||
#endif
|
||||
|
||||
godot_mbedtls_initialized = true;
|
||||
|
||||
CryptoMbedTLS::initialize_crypto();
|
||||
StreamPeerMbedTLS::initialize_tls();
|
||||
PacketPeerMbedDTLS::initialize_dtls();
|
||||
@@ -55,6 +74,14 @@ void uninitialize_mbedtls_module(ModuleInitializationLevel p_level) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!godot_mbedtls_initialized) {
|
||||
return;
|
||||
}
|
||||
|
||||
#if MBEDTLS_VERSION_MAJOR >= 3
|
||||
mbedtls_psa_crypto_free();
|
||||
#endif
|
||||
|
||||
DTLSServerMbedTLS::finalize();
|
||||
PacketPeerMbedDTLS::finalize_dtls();
|
||||
StreamPeerMbedTLS::finalize_tls();
|
||||
|
||||
Reference in New Issue
Block a user