Commit graph

57 commits

Author SHA1 Message Date
Fabio Alessandrelli
d76a26e086
Bump mbedTLS version to 2.28.0 (new LTS).
Keep applying the windows entropy patch (UWP support).
Remove no longer needed padlock patch.
Update thirdparty README to reflect changes, and new source inclusion
criteria.

(cherry picked from commit e375cbd094)
2022-01-19 14:03:03 +01:00
Rémi Verschelde
a627cdafc5
Update copyright statements to 2022
Happy new year to the wonderful Godot community!
2022-01-13 15:54:13 +01:00
Marcel Admiraal
4d3690eba5 Remove unimplemented methods 2021-11-18 12:47:36 +00:00
Fabio Alessandrelli
32e91b232c
[Crypto] Delete mbedtls ctx in deconstructor.
Would cause memory leak when the context was `start`ed but not
`finish`ed.

(cherry picked from commit a28d25c441)
2021-07-06 11:10:47 +02:00
Marcel Admiraal
5a58516231 Remove duplicate ERR_PRINTS macro 2021-06-16 11:56:25 +01:00
Will Whitty
3f606263d5 Backport HMac crypto to 3.x
Fix headers

Fix docs formatting

Changes for PR

Fix tests
2021-05-20 13:29:38 +03:00
Pedro J. Estébanez
817ffc01e1
Make all file access 64-bit (uint64_t)
This changes the types of a big number of variables.

General rules:
- Using `uint64_t` in general. We also considered `int64_t` but eventually
  settled on keeping it unsigned, which is also closer to what one would expect
  with `size_t`/`off_t`.
- We only keep `int64_t` for `seek_end` (takes a negative offset from the end)
  and for the `Variant` bindings, since `Variant::INT` is `int64_t`. This means
  we only need to guard against passing negative values in `core_bind.cpp`.
- Using `uint32_t` integers for concepts not needing such a huge range, like
  pages, blocks, etc.

In addition:
- Improve usage of integer types in some related places; namely, `DirAccess`,
  core binds.

Note:
- On Windows, `_ftelli64` reports invalid values when using 32-bit MinGW with
  version < 8.0. This was an upstream bug fixed in 8.0. It breaks support for
  big files on 32-bit Windows builds made with that toolchain. We might add a
  workaround.

Fixes #44363.
Fixes godotengine/godot-proposals#400.

Co-authored-by: Rémi Verschelde <rverschelde@gmail.com>
2021-05-16 17:52:31 +02:00
Rémi Verschelde
140350d767
Style: Enforce braces around if blocks and loops
Using clang-tidy's `readability-braces-around-statements`.
https://clang.llvm.org/extra/clang-tidy/checks/readability-braces-around-statements.html
2021-05-05 15:02:01 +02:00
Rémi Verschelde
a828398655
Style: Replaces uses of 0/NULL by nullptr (C++11)
Using clang-tidy's `modernize-use-nullptr`.
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-nullptr.html
2021-05-04 16:30:23 +02:00
Rémi Verschelde
b5e1e05ef2
Style: clang-format: Disable KeepEmptyLinesAtTheStartOfBlocks 2021-05-04 14:45:16 +02:00
Rémi Verschelde
3d15f04668
Style: clang-format: Disable AllowShortIfStatementsOnASingleLine 2021-05-04 14:45:15 +02:00
Rémi Verschelde
6e600cb3f0
Style: Set clang-format Standard to c++14 2021-05-04 14:45:15 +02:00
Rémi Verschelde
7e61be3cb0
Style: Remove executable bit from non-runnable files 2021-05-04 14:45:07 +02:00
Rémi Verschelde
e94161dada
SCons: Add explicit dependencies on thirdparty code in cloned env
Since we clone the environments to build thirdparty code, we don't get an
explicit dependency on the build objects produced by that environment.

So when we update thirdparty code, Godot code using it is not necessarily
rebuilt (I think it is for changed headers, but not for changed .c/.cpp files),
which can lead to an invalid compilation output (linking old Godot .o files
with a newer, potentially ABI breaking version of thirdparty code).

This was only seen as really problematic with bullet updates (leading to
crashes when rebuilding Godot after a bullet update without cleaning .o files),
but it's safer to fix it everywhere, even if it's a LOT of hacky boilerplate.

(cherry picked from commit c7b53c03ae)
2021-04-29 16:57:00 +02:00
Rémi Verschelde
70ae90e0e8
Core: Drop custom copymem/zeromem defines
We've been using standard C library functions `memcpy`/`memset` for these since
2016 with 67f65f6639.

There was still the possibility for third-party platform ports to override the
definitions with a custom header, but this doesn't seem useful anymore.

Backport of #48239.
2021-04-29 12:34:11 +02:00
Fabio Alessandrelli
dcd5433b3b Implement RSA encryption/decryption. 2021-04-24 00:04:56 +02:00
Fabio Alessandrelli
09b9e65688 Implement sign and verify in crypto. 2021-04-24 00:04:56 +02:00
Fabio Alessandrelli
09af27fa39 CryptoKey supports public keys. 2021-04-24 00:04:56 +02:00
Fabio Alessandrelli
a486783d3d Better zeroizing in CryptoKey. 2021-04-24 00:04:56 +02:00
Rémi Verschelde
9f2c24e8ce
Cleanup: Remove executable bit from files which don't need it
Drop unused xpmfix.sh script.

(cherry picked from commit 76c6007aa6)
2021-01-26 17:00:15 +01:00
Rémi Verschelde
49646383f1
Update copyright statements to 2021
Happy new year to the wonderful Godot community!

2020 has been a tough year for most of us personally, but a good year for
Godot development nonetheless with a huge amount of work done towards Godot
4.0 and great improvements backported to the long-lived 3.2 branch.

We've had close to 400 contributors to engine code this year, authoring near
7,000 commit! (And that's only for the `master` branch and for the engine code,
there's a lot more when counting docs, demos and other first-party repos.)

Here's to a great year 2021 for all Godot users 🎆

(cherry picked from commit b5334d14f7)
2021-01-13 16:17:06 +01:00
Fabio Alessandrelli
f1b2a7d1b4
Fix certificate generation with mbedtls 2.16.8 .
When generating certificates with
`Crypto.generate_self_signed_certificate` we generate the PEM in a
buffer via `mbedtls_x509write_crt_pem`.

Since version 2.16.8, mbedtls adds spurious data at the end of the
buffer due to internal optimizations, this breaks our logic when we try
to immediately parse it and return a proper `X509Certificate` object.

This commit updates the code to find the actual PEM length to parse
using `strlen`, takes extra caution always adding the terminator to the
buffer, and slightly improve error messages.

(cherry picked from commit 60687ce778)
2020-09-15 19:27:48 +02:00
Rémi Verschelde
7bf9787921 SCons: Format buildsystem files with psf/black
Configured for a max line length of 120 characters.

psf/black is very opinionated and purposely doesn't leave much room for
configuration. The output is mostly OK so that should be fine for us,
but some things worth noting:

- Manually wrapped strings will be reflowed, so by using a line length
  of 120 for the sake of preserving readability for our long command
  calls, it also means that some manually wrapped strings are back on
  the same line and should be manually merged again.

- Code generators using string concatenation extensively look awful,
  since black puts each operand on a single line. We need to refactor
  these generators to use more pythonic string formatting, for which
  many options are available (`%`, `format` or f-strings).

- CI checks and a pre-commit hook will be added to ensure that future
  buildsystem changes are well-formatted.

(cherry picked from commit cd4e46ee65)
2020-06-10 15:30:52 +02:00
simpuid
92964c5889 Changed default for p_validate_certs to true.
Fixes #37084

(cherry picked from commit 2584eb9c69)
2020-05-05 13:41:40 +02:00
Rémi Verschelde
ef715f37d5
Merge pull request #35091 from Faless/dtls/enet
[3.2] DTLS support + optional ENet encryption
2020-05-05 13:40:59 +02:00
Rajat Goswami
19e71f94d8 Adding missing include guards to header files identified by LGTM.
This addresses the issue godotengine/godot#37143

(cherry picked from commit 2ecf928ae3)
2020-03-25 11:38:54 +01:00
Fabio Alessandrelli
35a9f0fe64 New PacketPeerDTLS and DTLSServer classes.
Custom instance implementation via the mbedtls module.
2020-02-25 11:35:47 +01:00
Fabio Alessandrelli
dbbd836931 Move mbedlts print func to SSLMbedTLSContext. 2020-02-25 11:35:47 +01:00
Rémi Verschelde
a7f49ac9a1 Update copyright statements to 2020
Happy new year to the wonderful Godot community!

We're starting a new decade with a well-established, non-profit, free
and open source game engine, and tons of further improvements in the
pipeline from hundreds of contributors.

Godot will keep getting better, and we're looking forward to all the
games that the community will keep developing and releasing with it.
2020-01-01 11:16:22 +01:00
Rafał Mikrut
ed1c4bc77d Removed unused variables, add some constants numbers 2019-12-10 05:13:02 +01:00
Fabio Alessandrelli
e9abcbac3b Fix crash when passing invalid key to Crypto.
In generate_self_signed_certificate
2019-10-09 15:59:17 +02:00
qarmin
17732fe698 Added some obvious errors explanations 2019-09-25 10:28:50 +02:00
Rémi Verschelde
538328898b Style: Fix copyright headers in new files 2019-08-28 09:19:52 +02:00
Fabio Alessandrelli
17d5b471b9 Better error handling in SSLContext, Crypto 2019-08-22 16:49:11 +02:00
Fabio Alessandrelli
99f657d89f Fix StreamPeerSSL connect_to_stream w/ custom cert
Follow up on #29871.
Was checking the wrong parameter, causing the code to ignore provided
stream-specific SSL certificate.
2019-08-22 16:42:37 +02:00
Fabio Alessandrelli
b223b207c4 Fix regression in StreamPeerSSL
Validate that base stream is valid before accepting/connecting.
Also remove unnecessary includes.
2019-08-22 00:14:01 +02:00
Fabio Alessandrelli
ce5a3f56a6 Rewrite StreamPeerSSL with SSLContext helper class
connect_to_stream now accepts optional parameter to specify which
certificates to trust.
Implement accept_stream (SSL server) with key/cert parameters to specify
the RSA key and X509 certificate resources.
2019-08-21 16:59:38 +02:00
Fabio Alessandrelli
dd8107caa4 New CryptoMbedTLS Crypto implementation.
Allows random bytes, RSA keys, and X509 certificates generation.
2019-08-21 16:59:38 +02:00
Fabio Alessandrelli
564d93ff10 CryptoCore class to access to base crypto utils.
Godot core needs MD5/SHA256/AES/Base64 which used to be provided by
separate libraries.
Since we bundle mbedtls in most cases, and we can easily only include
the needed sources if we so desire, let's use it.

To simplify library changes in the future, and better isolate header
dependencies all functions have been wrapped around inside a class in
`core/math/crypto_base.h`.

If the mbedtls module is disabled, we only bundle the needed source
files independently of the `builtin_mbedtls` option.
If the module is enabled, the `builtin_mbedtls` option works as usual.

Also remove some unused headers from StreamPeerMbedTLS which were
causing build issues.
2019-07-02 12:36:27 +02:00
Fabio Alessandrelli
6baa3ff0de Add NULL check in SSL connect_to_stream 2019-06-24 07:43:31 +02:00
Fabio Alessandrelli
2b8b738391 Small hack to avoid runtime error when using ubsan
mbedtls_ssl_read cannot be called with a NULL buffer even if len is 0,
as those are passed to memcpy and compilers doesn't like that.
Always pass a single byte (still len 0 so nothing is actually copied)
2019-02-20 01:49:47 +01:00
Rémi Verschelde
5fc86026ca Fix typos with codespell
Using codespell 1.14.0.

Method:
```
$ cat > ../godot-word-whitelist.txt << EOF
ang
doubleclick
lod
nd
numer
que
te
unselect
EOF
$ codespell -w -q 3 -I ../godot-word-whitelist.txt --skip="./thirdparty,*.po"
$ git diff // undo unwanted changes
```
2019-02-13 09:23:29 +01:00
Rémi Verschelde
b16c309f82 Update copyright statements to 2019
Happy new year to the wonderful Godot community!
2019-01-01 12:58:10 +01:00
Rémi Verschelde
d1f3b622f0 Fix missing/malformed license headers 2019-01-01 12:46:36 +01:00
Rémi Verschelde
3a2ca68af3 SCons: Build thirdparty code in own env, disable warnings
Also remove unnecessary `Export('env')` in other SCsubs,
Export should only be used when exporting *new* objects.
2018-09-28 14:07:39 +02:00
Rémi Verschelde
bca2d3ad40 Fix invalid comparison warnings: [-Wbool-compare] and [-Wenum-compare]
Fixes the following GCC 5 warnings and actual bugs:
```
drivers/unix/net_socket_posix.cpp:562:28: warning: comparison between 'enum IP::Type' and 'enum NetSocket::Type' [-Wenum-compare]
modules/gdscript/gdscript_function.cpp:792:26: warning: comparison of constant '17' with boolean expression is always true [-Wbool-compare]
modules/gdscript/gdscript_function.cpp:792:26: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
modules/gdscript/gdscript_parser.cpp:5082:58: warning: comparison of constant '6' with boolean expression is always false [-Wbool-compare]
modules/gdscript/gdscript_parser.cpp:5082:58: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
modules/mbedtls/stream_peer_mbed_tls.cpp:286:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare]
modules/mbedtls/stream_peer_mbed_tls.cpp:313:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare]
```
2018-09-27 16:25:24 +02:00
Fabio Alessandrelli
92de6df113 Add checks for clean disconnect in HTTP/TCP/SSL.
Half-open TCP connection can, of course, only be detected by
writing the socket, or waiting for TCP timeout.
2018-09-21 14:34:57 +02:00
Fabio Alessandrelli
0e56377e96 Allow system certs file to be used by Editor.
Note, it will only used by the Editor, not when running the game.
This allows package maintainer to compile Godot to use system installed
certificates when accessing the AssetLib.
2018-09-15 14:45:54 +02:00
Rémi Verschelde
277b24dfb7 Make core/ includes absolute, remove subfolders from include path
This allows more consistency in the manner we include core headers,
where previously there would be a mix of absolute, relative and
include path-dependent includes.
2018-09-12 09:52:22 +02:00
Rémi Verschelde
d8e1cd7a10 mbedtls: Update to upstream version 2.12.0
_WIN32_WINNT redefinition fix is no longer needed as it was merged
upstream. PR 1453 is still not merged, diff updated to current state.
2018-07-28 11:16:58 +02:00