diff --git a/thirdparty/README.md b/thirdparty/README.md index c3038b453ac..14fd960362b 100644 --- a/thirdparty/README.md +++ b/thirdparty/README.md @@ -370,18 +370,18 @@ Patch `godot-node-debug-fix.patch` workarounds shadowing of godot's Node class i ## mbedtls - Upstream: https://github.com/Mbed-TLS/mbedtls -- Version: 2.28.4 (aeb97a18913a86f051afab11b2c92c6be0c2eb83, 2023) +- Version: 2.28.5 (47e8cc9db2e469d902b0e3093ae9e482c3d87188, 2023) - License: Apache 2.0 File extracted from upstream release tarball: -- All `*.h` from `include/mbedtls/` to `thirdparty/mbedtls/include/mbedtls/` except `config_psa.h` and `psa_util.h`. -- All `*.c` and `*.h` from `library/` to `thirdparty/mbedtls/library/` except those starting with `psa_*`. -- The `LICENSE` file. -- Applied the patch in `patches/1453.diff` to fix UWP build (upstream PR: - https://github.com/ARMmbed/mbedtls/pull/1453). - Applied the patch in `patches/windows-arm64-hardclock.diff`. - Applied the patch in `aesni-no-arm-intrinsics.patch` to fix MSVC ARM build. +- All `.h` from `include/mbedtls/` to `thirdparty/mbedtls/include/mbedtls/` + except `config_psa.h` and `psa_util.h` +- All `.c` and `.h` from `library/` to `thirdparty/mbedtls/library/` except + those starting with `psa_*` +- The `LICENSE` file +- Applied the patch `windows-arm64-hardclock.diff` to fix Windows ARM64 build + Applied the patch `windows-entropy-bcrypt.diff` to fix Windows Store support - Added 2 files `godot_core_mbedtls_platform.c` and `godot_core_mbedtls_config.h` providing configuration for light bundling with core. - Added the file `godot_module_mbedtls_config.h` to customize the build configuration when bundling the full library. diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c index 57fddd4d62b..fec2abc2e43 100644 --- a/thirdparty/mbedtls/library/entropy_poll.c +++ b/thirdparty/mbedtls/library/entropy_poll.c @@ -51,46 +51,33 @@ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -#if !defined(_WIN32_WINNT) -#define _WIN32_WINNT 0x0400 -#endif #include #include -#if defined(_MSC_VER) && _MSC_VER <= 1600 -/* Visual Studio 2010 and earlier issue a warning when both and - * are included, as they redefine a number of _MAX constants. - * These constants are guaranteed to be the same, though, so we suppress the - * warning when including intsafe.h. - */ -#pragma warning( push ) -#pragma warning( disable : 4005 ) -#endif #include -#if defined(_MSC_VER) && _MSC_VER <= 1600 -#pragma warning( pop ) -#endif int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, size_t *olen) { - ULONG len_as_ulong = 0; ((void) data); *olen = 0; /* * BCryptGenRandom takes ULONG for size, which is smaller than size_t on - * 64-bit Windows platforms. Ensure len's value can be safely converted into - * a ULONG. + * 64-bit Windows platforms. Extract entropy in chunks of len (dependent + * on ULONG_MAX) size. */ - if (FAILED(SizeTToULong(len, &len_as_ulong))) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } + while (len != 0) { + unsigned long ulong_bytes = + (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len; - if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } + if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes, + BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } - *olen = len; + *olen += ulong_bytes; + len -= ulong_bytes; + } return 0; } diff --git a/thirdparty/mbedtls/patches/1453.diff b/thirdparty/mbedtls/patches/1453.diff deleted file mode 100644 index a29a928dd3f..00000000000 --- a/thirdparty/mbedtls/patches/1453.diff +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c -index 3420616a06..57fddd4d62 100644 ---- a/thirdparty/mbedtls/library/entropy_poll.c -+++ b/thirdparty/mbedtls/library/entropy_poll.c -@@ -55,26 +55,41 @@ - #define _WIN32_WINNT 0x0400 - #endif - #include --#include -+#include -+#if defined(_MSC_VER) && _MSC_VER <= 1600 -+/* Visual Studio 2010 and earlier issue a warning when both and -+ * are included, as they redefine a number of _MAX constants. -+ * These constants are guaranteed to be the same, though, so we suppress the -+ * warning when including intsafe.h. -+ */ -+#pragma warning( push ) -+#pragma warning( disable : 4005 ) -+#endif -+#include -+#if defined(_MSC_VER) && _MSC_VER <= 1600 -+#pragma warning( pop ) -+#endif - - int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, - size_t *olen) - { -- HCRYPTPROV provider; -+ ULONG len_as_ulong = 0; - ((void) data); - *olen = 0; - -- if (CryptAcquireContext(&provider, NULL, NULL, -- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) { -+ /* -+ * BCryptGenRandom takes ULONG for size, which is smaller than size_t on -+ * 64-bit Windows platforms. Ensure len's value can be safely converted into -+ * a ULONG. -+ */ -+ if (FAILED(SizeTToULong(len, &len_as_ulong))) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - -- if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) { -- CryptReleaseContext(provider, 0); -+ if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - -- CryptReleaseContext(provider, 0); - *olen = len; - - return 0; diff --git a/thirdparty/mbedtls/patches/windows-entropy-bcrypt.diff b/thirdparty/mbedtls/patches/windows-entropy-bcrypt.diff new file mode 100644 index 00000000000..2517687be63 --- /dev/null +++ b/thirdparty/mbedtls/patches/windows-entropy-bcrypt.diff @@ -0,0 +1,56 @@ +Backported from: https://github.com/Mbed-TLS/mbedtls/pull/8047 + +diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c +index 3420616a06..fec2abc2e4 100644 +--- a/thirdparty/mbedtls/library/entropy_poll.c ++++ b/thirdparty/mbedtls/library/entropy_poll.c +@@ -51,32 +51,34 @@ + + #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) + +-#if !defined(_WIN32_WINNT) +-#define _WIN32_WINNT 0x0400 +-#endif + #include +-#include ++#include ++#include + + int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, + size_t *olen) + { +- HCRYPTPROV provider; + ((void) data); + *olen = 0; + +- if (CryptAcquireContext(&provider, NULL, NULL, +- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) { +- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; +- } ++ /* ++ * BCryptGenRandom takes ULONG for size, which is smaller than size_t on ++ * 64-bit Windows platforms. Extract entropy in chunks of len (dependent ++ * on ULONG_MAX) size. ++ */ ++ while (len != 0) { ++ unsigned long ulong_bytes = ++ (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len; ++ ++ if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes, ++ BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { ++ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ++ } + +- if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) { +- CryptReleaseContext(provider, 0); +- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; ++ *olen += ulong_bytes; ++ len -= ulong_bytes; + } + +- CryptReleaseContext(provider, 0); +- *olen = len; +- + return 0; + } + #else /* _WIN32 && !EFIX64 && !EFI32 */