Commit graph

92 commits

Author SHA1 Message Date
Fabio Alessandrelli
e0140601a5 [Crypto] Fix generate_random_bytes for large chunks
Properly handle mbedtls errors, ensure we don't ask more bytes than
allowed for each iteration.
2023-09-25 22:16:36 +02:00
Rémi Verschelde
8321e0355e
mbedtls: Improve X509 certificate load error handling
Positive numbers shouldn't be treated as a hard failure:

> For CRTs in PEM encoding, the function parses permissively:
> if at least one certificate can be parsed, the function
> returns the number of certificates for which parsing failed
> (hence \c 0 if all certificates were parsed successfully).
> If no certificate could be parsed, the function returns
> the first (negative) error encountered during parsing.

Fixes #77994.
2023-06-26 19:17:17 +02:00
Rémi Verschelde
25b2f1780a
Style: Harmonize header includes in modules
This applies our existing style guide, and adds a new rule to that style
guide for modular components such as platform ports and modules:

Includes from the platform port or module ("local" includes) should be listed
first in their own block using relative paths, before Godot's "core" includes
which use "absolute" (project folder relative) paths, and finally thirdparty
includes.

Includes in `#ifdef`s come after their relevant section, i.e. the overall
structure is:

- Local includes
  * Conditional local includes
- Core includes
  * Conditional core includes
- Thirdparty includes
  * Conditional thirdparty includes
2023-06-15 14:35:45 +02:00
Fabio Alessandrelli
6fd9982358 [TLS] Add support for platform-specific CA bundles.
Adds a new OS::get_system_ca_certs method which can be implemented by
platforms to retrieve the list of trusted CA certificates using OS
specific APIs.

The function should return the certificates in PEM format, and is
currently implemented for Windows/macOS/LinuxBSD(*)/Android.

mbedTLS will fall back to bundled certificates when the OS returns no
certificates.

(*) LinuxBSD does not have a standardized certificates store location.
    The current implementation will test for common locations and may
    return an empty string on some distributions (falling back to the
    bundled certificates).
2023-05-12 09:58:23 +02:00
Fabio Alessandrelli
024a4b1f2a mbedTLS: disable weak crypto and TLS versions.
This commit adds a new mbedTLS configuration header to customize the
built-in library (and can be optionally replaced by a platform-specific
one).

Currently, it disables most weak cryptographic functions (with the
notable exceptions of MD5 and SHA-1), along with removing support for
TLS versions 1.0 and 1.1 (making TLSv1.2 the only supported one).
2023-05-10 11:13:19 +02:00
ScorpionInc
a5b867391e Exposes String functions for X509Certificates
Exposes String functions for X509Certificates via two function calls: save_to_string() and load_from_string(str).
2023-05-09 19:02:33 -04:00
Fabio Alessandrelli
7cd80e6a6d [Net] Remove StreamPeerTLS.blocking_handshake option.
Which was unused internally, and can be replaced by:

```
while tls.get_status() == tls.STATUS_HANDSHAKING:
  tls.poll()
```
2023-01-28 11:08:02 +01:00
Fabio Alessandrelli
adba870534 [NET] Refactor TLS configuration.
Use a TLSOptions configuration object which is created via static
functions.

- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)

This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.
2023-01-28 11:08:02 +01:00
Rémi Verschelde
d95794ec8a
One Copyright Update to rule them all
As many open source projects have started doing it, we're removing the
current year from the copyright notice, so that we don't need to bump
it every year.

It seems like only the first year of publication is technically
relevant for copyright notices, and even that seems to be something
that many companies stopped listing altogether (in a version controlled
codebase, the commits are a much better source of date of publication
than a hardcoded copyright statement).

We also now list Godot Engine contributors first as we're collectively
the current maintainers of the project, and we clarify that the
"exclusive" copyright of the co-founders covers the timespan before
opensourcing (their further contributions are included as part of Godot
Engine contributors).

Also fixed "cf." Frenchism - it's meant as "refer to / see".
2023-01-05 13:25:55 +01:00
Markus Sauermann
28af870750 Code simplifications found by cppcheck
They are based on:
- Boolean arithmetic simplifications
- setting variables that are not accessed
- constant variables
2022-11-21 08:43:36 +01:00
Rémi Verschelde
f7c611ab71
Style: Misc docs and comment style and language fixes
- Removed empty paragraphs in XML.
- Consistently use bold style for "Example:", on a new line.
- Fix usage of `[code]` when hyperlinks could be used (`[member]`, `[constant]`).
- Fix invalid usage of backticks for inline code in BBCode.
- Fix some American/British English spelling inconsistencies.
- Other minor fixes spotted along the way, including typo fixes with codespell.
- Don't specify `@GlobalScope` for `enum` and `constant`.
2022-11-02 19:01:18 +01:00
Fabio Alessandrelli
a95d792420 [Net] Rename "ssl" references to "tls" in methods and members. 2022-09-08 03:24:23 +02:00
Fabio Alessandrelli
528e791a5f [Net] Rename StreamPeerSSL to StreamPeerTLS.
SSL has been deprectated almost 10 years ago.
2022-09-07 07:38:50 +02:00
Rémi Verschelde
90019676b0 Code quality: Fix header guards consistency
Adds `header_guards.sh` bash script, used in CI to validate future
changes. Can be run locally to fix invalid header guards.
2022-07-25 11:17:40 +02:00
Lyuma
7e28385948 Add StreamPeerSSL.get_stream() accessor. 2022-05-25 12:43:19 -07:00
reduz
de0ca3b999 Refactor module initialization
* Changed to use the same stages as extensions.
* Makes the initialization more coherent, helping solve problems due to lack of stages.
* Makes it easier to port between module and extension.
* removed the DRIVER initialization level (no longer needed).
2022-05-04 17:34:51 +02:00
Rémi Verschelde
6e6fe2b025
Merge pull request #59582 from Faless/net/4.x_tcp_explicit_poll 2022-04-27 13:56:58 +02:00
bruvzg
9381acb6a4
Make FileAccess and DirAccess classes reference counted. 2022-04-11 13:28:51 +03:00
bruvzg
f851c4aa33
Fix some issues found by cppcheck. 2022-04-06 14:34:37 +03:00
Fabio Alessandrelli
331f1662df [Net] Drop is_connected_to_host for TCP and UDP.
The UDP method is now called `is_socket_connected` to limit confusion
with the actual host connection status which doesn't make sense in UDP.

The TCP method is completly dropped, use get_status instead.

The only one left is the WebSocketPeer one, which should be fine as is
for now.
2022-03-27 16:36:44 +02:00
Rémi Verschelde
a074ceefcd
Merge pull request #56130 from Faless/mbedtls/2.28.0 2022-01-11 15:03:28 +01:00
Rémi Verschelde
fe52458154
Update copyright statements to 2022
Happy new year to the wonderful Godot community!
2022-01-03 21:27:34 +01:00
Fabio Alessandrelli
e375cbd094 Bump mbedTLS version to 2.28.0 (new LTS).
Keep applying the windows entropy patch (UWP support).
Remove no longer needed padlock patch.
Update thirdparty README to reflect changes, and new source inclusion
criteria.
2021-12-21 13:26:02 +01:00
Nathan Franke
49403cbfa0
Replace String comparisons with "", String() to is_empty()
Also:
- Adds two stress tests to test_string.h
- Changes to .empty() on std::strings
2021-12-09 04:48:38 -06:00
Marcel Admiraal
87a4ba492e Remove unimplemented methods 2021-10-21 18:44:25 +01:00
Rémi Verschelde
06568bbfdf
Misc cleanup of header includes
Was looking for misuse of module headers without checking that the module is
actually enabled and got carried away...
2021-07-15 00:46:43 +02:00
Fabio Alessandrelli
a28d25c441 [Crypto] Delete mbedtls ctx in deconstructor.
Would cause memory leak when the context was `start`ed but not
`finish`ed.
2021-07-03 16:12:55 +02:00
Lightning_A
e28fd07b2b Rename instance()->instantiate() when it's a verb 2021-06-19 20:49:18 -06:00
Pedro J. Estébanez
04688b92ff Rename Reference to RefCounted 2021-06-11 18:48:42 +02:00
Rémi Verschelde
9e328bb5b7
Core: Move DirAccess and FileAccess to core/io
File handling APIs are typically considered part of I/O, and we did have most
`FileAccess` implementations in `core/io` already.
2021-06-11 14:52:39 +02:00
Marcel Admiraal
da5d7db610 Rename File::get_len() get_length() 2021-05-25 11:54:28 +01:00
Pedro J. Estébanez
469fa47e06
Make all file access 64-bit (uint64_t)
This changes the types of a big number of variables.

General rules:
- Using `uint64_t` in general. We also considered `int64_t` but eventually
  settled on keeping it unsigned, which is also closer to what one would expect
  with `size_t`/`off_t`.
- We only keep `int64_t` for `seek_end` (takes a negative offset from the end)
  and for the `Variant` bindings, since `Variant::INT` is `int64_t`. This means
  we only need to guard against passing negative values in `core_bind.cpp`.
- Using `uint32_t` integers for concepts not needing such a huge range, like
  pages, blocks, etc.

In addition:
- Improve usage of integer types in some related places; namely, `DirAccess`,
  core binds.

Note:
- On Windows, `_ftelli64` reports invalid values when using 32-bit MinGW with
  version < 8.0. This was an upstream bug fixed in 8.0. It breaks support for
  big files on 32-bit Windows builds made with that toolchain. We might add a
  workaround.

Fixes #44363.
Fixes godotengine/godot-proposals#400.

Co-authored-by: Rémi Verschelde <rverschelde@gmail.com>
2021-05-17 15:06:19 +02:00
Hugo Locurcio
3f078c99f6
Rename IP_Unix, IP_Address and TCP_Server to remove underscores 2021-05-06 02:52:01 +02:00
Rémi Verschelde
5b16020846
Replace remaining uses of NULL with nullptr
Follow-up to #38736 (these uses were likely added after this PR was merged).
2021-04-29 11:53:27 +02:00
Rémi Verschelde
8247667a3e
Core: Drop custom copymem/zeromem defines
We've been using standard C library functions `memcpy`/`memset` for these since
2016 with 67f65f6639.

There was still the possibility for third-party platform ports to override the
definitions with a custom header, but this doesn't seem useful anymore.
2021-04-27 16:26:27 +02:00
Anshul7sp1
91181c2086 Fixes small typos and grammar correction 2021-03-12 19:05:16 +05:30
Rafał Mikrut
f7209b459b Initialize class/struct variables with default values in modules/ 2021-02-08 10:57:18 +01:00
Rémi Verschelde
76c6007aa6
Cleanup: Remove executable bit from files which don't need it
Drop unused xpmfix.sh script.
2021-01-19 23:36:42 +01:00
Rémi Verschelde
b5334d14f7
Update copyright statements to 2021
Happy new year to the wonderful Godot community!

2020 has been a tough year for most of us personally, but a good year for
Godot development nonetheless with a huge amount of work done towards Godot
4.0 and great improvements backported to the long-lived 3.2 branch.

We've had close to 400 contributors to engine code this year, authoring near
7,000 commit! (And that's only for the `master` branch and for the engine code,
there's a lot more when counting docs, demos and other first-party repos.)

Here's to a great year 2021 for all Godot users 🎆
2021-01-01 20:19:21 +01:00
Marcel Admiraal
5b937d493f Rename empty() to is_empty() 2020-12-28 10:39:56 +00:00
Rémi Verschelde
c7b53c03ae
SCons: Add explicit dependencies on thirdparty code in cloned env
Since we clone the environments to build thirdparty code, we don't get an
explicit dependency on the build objects produced by that environment.

So when we update thirdparty code, Godot code using it is not necessarily
rebuilt (I think it is for changed headers, but not for changed .c/.cpp files),
which can lead to an invalid compilation output (linking old Godot .o files
with a newer, potentially ABI breaking version of thirdparty code).

This was only seen as really problematic with bullet updates (leading to
crashes when rebuilding Godot after a bullet update without cleaning .o files),
but it's safer to fix it everywhere, even if it's a LOT of hacky boilerplate.
2020-12-18 10:29:34 +01:00
Jon Bonazza
d5925fd522 feat: HMAC support in Crypto APIs 2020-11-26 18:39:56 -08:00
reduz
127458ed17 Reorganized core/ directory, it was too fatty already
-Removed FuncRef, since Callable makes it obsolete
-Removed int_types.h as its obsolete in c++11+
-Changed color names code
2020-11-07 20:17:12 -03:00
Fabio Alessandrelli
60687ce778 Fix certificate generation with mbedtls 2.16.8 .
When generating certificates with
`Crypto.generate_self_signed_certificate` we generate the PEM in a
buffer via `mbedtls_x509write_crt_pem`.

Since version 2.16.8, mbedtls adds spurious data at the end of the
buffer due to internal optimizations, this breaks our logic when we try
to immediately parse it and return a proper `X509Certificate` object.

This commit updates the code to find the actual PEM length to parse
using `strlen`, takes extra caution always adding the terminator to the
buffer, and slightly improve error messages.
2020-09-15 18:47:51 +02:00
Fabio Alessandrelli
8e3f9aa681 Implement RSA encryption/decryption. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli
dfcc11fa52 Implement sign and verify in crypto. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli
788f18086e CryptoKey supports public keys. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli
f03b7f3d7a Better zeroizing in CryptoKey.
Small code clenup (after PoolByteArray change).
2020-06-18 15:26:01 +02:00
Rémi Verschelde
0ee0fa42e6 Style: Enforce braces around if blocks and loops
Using clang-tidy's `readability-braces-around-statements`.
https://clang.llvm.org/extra/clang-tidy/checks/readability-braces-around-statements.html
2020-05-14 21:57:34 +02:00
Rémi Verschelde
07bc4e2f96 Style: Enforce separation line between function definitions
I couldn't find a tool that enforces it, so I went the manual route:
```
find -name "thirdparty" -prune \
  -o -name "*.cpp" -o -name "*.h" -o -name "*.m" -o -name "*.mm" \
  -o -name "*.glsl" > files
perl -0777 -pi -e 's/\n}\n([^#])/\n}\n\n\1/g' $(cat files)
misc/scripts/fix_style.sh -c
```

This adds a newline after all `}` on the first column, unless they
are followed by `#` (typically `#endif`). This leads to having lots
of places with two lines between function/class definitions, but
clang-format then fixes it as we enforce max one line of separation.

This doesn't fix potential occurrences of function definitions which
are indented (e.g. for a helper class defined in a .cpp), but it's
better than nothing. Also can't be made to run easily on CI/hooks so
we'll have to be careful with new code.

Part of #33027.
2020-05-14 16:54:55 +02:00