mbedtls: Backport Windows fix to use bcrypt for entropy

We had a slightly older version of it for UWP, as the wincrypt API isn't allowed there.
We removed this with UWP in #81416, but since this was enabled inconditionally before,
this actually changed behavior for Windows compared to Godot 4.1 and earlier.

This change is also needed to properly supported Windows Store.

(cherry picked from commit b9d008de3d171fa7da763616161b462ed8815a58)

thirdparty/README.md

@@ -370,18 +370,18 @@ Patch `godot-node-debug-fix.patch` workarounds shadowing of godot's Node class i
 ## mbedtls
 
 - Upstream: https://github.com/Mbed-TLS/mbedtls
-- Version: 2.28.4 (aeb97a18913a86f051afab11b2c92c6be0c2eb83, 2023)
+- Version: 2.28.5 (47e8cc9db2e469d902b0e3093ae9e482c3d87188, 2023)
 - License: Apache 2.0
 
 File extracted from upstream release tarball:
 
-- All `*.h` from `include/mbedtls/` to `thirdparty/mbedtls/include/mbedtls/` except `config_psa.h` and `psa_util.h`.
-- All `*.c` and `*.h` from `library/` to `thirdparty/mbedtls/library/` except those starting with `psa_*`.
-- The `LICENSE` file.
-- Applied the patch in `patches/1453.diff` to fix UWP build (upstream PR:
-  https://github.com/ARMmbed/mbedtls/pull/1453).
-  Applied the patch in `patches/windows-arm64-hardclock.diff`.
-  Applied the patch in `aesni-no-arm-intrinsics.patch` to fix MSVC ARM build.
+- All `.h` from `include/mbedtls/` to `thirdparty/mbedtls/include/mbedtls/`
+  except `config_psa.h` and `psa_util.h`
+- All `.c` and `.h` from `library/` to `thirdparty/mbedtls/library/` except
+  those starting with `psa_*`
+- The `LICENSE` file
+- Applied the patch `windows-arm64-hardclock.diff` to fix Windows ARM64 build
+  Applied the patch `windows-entropy-bcrypt.diff` to fix Windows Store support
 - Added 2 files `godot_core_mbedtls_platform.c` and `godot_core_mbedtls_config.h`
   providing configuration for light bundling with core.
 - Added the file `godot_module_mbedtls_config.h` to customize the build configuration when bundling the full library.

thirdparty/mbedtls/library/entropy_poll.c

@@ -51,46 +51,33 @@
 
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
 
-#if !defined(_WIN32_WINNT)
-#define _WIN32_WINNT 0x0400
-#endif
 #include <windows.h>
 #include <bcrypt.h>
-#if defined(_MSC_VER) && _MSC_VER <= 1600
-/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and
- * <intsafe.h> are included, as they redefine a number of <TYPE>_MAX constants.
- * These constants are guaranteed to be the same, though, so we suppress the
- * warning when including intsafe.h.
- */
-#pragma warning( push )
-#pragma warning( disable : 4005 )
-#endif
 #include <intsafe.h>
-#if defined(_MSC_VER) && _MSC_VER <= 1600
-#pragma warning( pop )
-#endif
 
 int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
                                   size_t *olen)
 {
-    ULONG len_as_ulong = 0;
     ((void) data);
     *olen = 0;
 
     /*
      * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
-     * 64-bit Windows platforms. Ensure len's value can be safely converted into
-     * a ULONG.
+     * 64-bit Windows platforms. Extract entropy in chunks of len (dependent
+     * on ULONG_MAX) size.
      */
-    if (FAILED(SizeTToULong(len, &len_as_ulong))) {
-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-    }
+    while (len != 0) {
+        unsigned long ulong_bytes =
+            (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
 
-    if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-    }
+        if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
+                                            BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
+            return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+        }
 
-    *olen = len;
+        *olen += ulong_bytes;
+        len -= ulong_bytes;
+    }
 
     return 0;
 }

thirdparty/mbedtls/patches/1453.diff

@@ -1,53 +0,0 @@
-diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c
-index 3420616a06..57fddd4d62 100644
---- a/thirdparty/mbedtls/library/entropy_poll.c
-+++ b/thirdparty/mbedtls/library/entropy_poll.c
-@@ -55,26 +55,41 @@
- #define _WIN32_WINNT 0x0400
- #endif
- #include <windows.h>
--#include <wincrypt.h>
-+#include <bcrypt.h>
-+#if defined(_MSC_VER) && _MSC_VER <= 1600
-+/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and
-+ * <intsafe.h> are included, as they redefine a number of <TYPE>_MAX constants.
-+ * These constants are guaranteed to be the same, though, so we suppress the
-+ * warning when including intsafe.h.
-+ */
-+#pragma warning( push )
-+#pragma warning( disable : 4005 )
-+#endif
-+#include <intsafe.h>
-+#if defined(_MSC_VER) && _MSC_VER <= 1600
-+#pragma warning( pop )
-+#endif
- 
- int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
-                                   size_t *olen)
- {
--    HCRYPTPROV provider;
-+    ULONG len_as_ulong = 0;
-     ((void) data);
-     *olen = 0;
- 
--    if (CryptAcquireContext(&provider, NULL, NULL,
--                            PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
-+    /*
-+     * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
-+     * 64-bit Windows platforms. Ensure len's value can be safely converted into
-+     * a ULONG.
-+     */
-+    if (FAILED(SizeTToULong(len, &len_as_ulong))) {
-         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-     }
- 
--    if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
--        CryptReleaseContext(provider, 0);
-+    if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
-         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-     }
- 
--    CryptReleaseContext(provider, 0);
-     *olen = len;
- 
-     return 0;

thirdparty/mbedtls/patches/windows-entropy-bcrypt.diff

@@ -0,0 +1,56 @@
+Backported from: https://github.com/Mbed-TLS/mbedtls/pull/8047
+
+diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c
+index 3420616a06..fec2abc2e4 100644
+--- a/thirdparty/mbedtls/library/entropy_poll.c
++++ b/thirdparty/mbedtls/library/entropy_poll.c
+@@ -51,32 +51,34 @@
+ 
+ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+ 
+-#if !defined(_WIN32_WINNT)
+-#define _WIN32_WINNT 0x0400
+-#endif
+ #include <windows.h>
+-#include <wincrypt.h>
++#include <bcrypt.h>
++#include <intsafe.h>
+ 
+ int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
+                                   size_t *olen)
+ {
+-    HCRYPTPROV provider;
+     ((void) data);
+     *olen = 0;
+ 
+-    if (CryptAcquireContext(&provider, NULL, NULL,
+-                            PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
+-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+-    }
++    /*
++     * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
++     * 64-bit Windows platforms. Extract entropy in chunks of len (dependent
++     * on ULONG_MAX) size.
++     */
++    while (len != 0) {
++        unsigned long ulong_bytes =
++            (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
++
++        if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
++                                            BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
++            return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
++        }
+ 
+-    if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
+-        CryptReleaseContext(provider, 0);
+-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
++        *olen += ulong_bytes;
++        len -= ulong_bytes;
+     }
+ 
+-    CryptReleaseContext(provider, 0);
+-    *olen = len;
+-
+     return 0;
+ }
+ #else /* _WIN32 && !EFIX64 && !EFI32 */