Commit graph

74 commits

Author SHA1 Message Date
Fabio Alessandrelli
17d5b471b9 Better error handling in SSLContext, Crypto 2019-08-22 16:49:11 +02:00
Fabio Alessandrelli
99f657d89f Fix StreamPeerSSL connect_to_stream w/ custom cert
Follow up on #29871.
Was checking the wrong parameter, causing the code to ignore provided
stream-specific SSL certificate.
2019-08-22 16:42:37 +02:00
Fabio Alessandrelli
b223b207c4 Fix regression in StreamPeerSSL
Validate that base stream is valid before accepting/connecting.
Also remove unnecessary includes.
2019-08-22 00:14:01 +02:00
Fabio Alessandrelli
ce5a3f56a6 Rewrite StreamPeerSSL with SSLContext helper class
connect_to_stream now accepts optional parameter to specify which
certificates to trust.
Implement accept_stream (SSL server) with key/cert parameters to specify
the RSA key and X509 certificate resources.
2019-08-21 16:59:38 +02:00
Fabio Alessandrelli
dd8107caa4 New CryptoMbedTLS Crypto implementation.
Allows random bytes, RSA keys, and X509 certificates generation.
2019-08-21 16:59:38 +02:00
Fabio Alessandrelli
564d93ff10 CryptoCore class to access to base crypto utils.
Godot core needs MD5/SHA256/AES/Base64 which used to be provided by
separate libraries.
Since we bundle mbedtls in most cases, and we can easily only include
the needed sources if we so desire, let's use it.

To simplify library changes in the future, and better isolate header
dependencies all functions have been wrapped around inside a class in
`core/math/crypto_base.h`.

If the mbedtls module is disabled, we only bundle the needed source
files independently of the `builtin_mbedtls` option.
If the module is enabled, the `builtin_mbedtls` option works as usual.

Also remove some unused headers from StreamPeerMbedTLS which were
causing build issues.
2019-07-02 12:36:27 +02:00
Fabio Alessandrelli
6baa3ff0de Add NULL check in SSL connect_to_stream 2019-06-24 07:43:31 +02:00
Fabio Alessandrelli
2b8b738391 Small hack to avoid runtime error when using ubsan
mbedtls_ssl_read cannot be called with a NULL buffer even if len is 0,
as those are passed to memcpy and compilers doesn't like that.
Always pass a single byte (still len 0 so nothing is actually copied)
2019-02-20 01:49:47 +01:00
Rémi Verschelde
5fc86026ca Fix typos with codespell
Using codespell 1.14.0.

Method:
```
$ cat > ../godot-word-whitelist.txt << EOF
ang
doubleclick
lod
nd
numer
que
te
unselect
EOF
$ codespell -w -q 3 -I ../godot-word-whitelist.txt --skip="./thirdparty,*.po"
$ git diff // undo unwanted changes
```
2019-02-13 09:23:29 +01:00
Rémi Verschelde
b16c309f82 Update copyright statements to 2019
Happy new year to the wonderful Godot community!
2019-01-01 12:58:10 +01:00
Rémi Verschelde
d1f3b622f0 Fix missing/malformed license headers 2019-01-01 12:46:36 +01:00
Rémi Verschelde
3a2ca68af3 SCons: Build thirdparty code in own env, disable warnings
Also remove unnecessary `Export('env')` in other SCsubs,
Export should only be used when exporting *new* objects.
2018-09-28 14:07:39 +02:00
Rémi Verschelde
bca2d3ad40 Fix invalid comparison warnings: [-Wbool-compare] and [-Wenum-compare]
Fixes the following GCC 5 warnings and actual bugs:
```
drivers/unix/net_socket_posix.cpp:562:28: warning: comparison between 'enum IP::Type' and 'enum NetSocket::Type' [-Wenum-compare]
modules/gdscript/gdscript_function.cpp:792:26: warning: comparison of constant '17' with boolean expression is always true [-Wbool-compare]
modules/gdscript/gdscript_function.cpp:792:26: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
modules/gdscript/gdscript_parser.cpp:5082:58: warning: comparison of constant '6' with boolean expression is always false [-Wbool-compare]
modules/gdscript/gdscript_parser.cpp:5082:58: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
modules/mbedtls/stream_peer_mbed_tls.cpp:286:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare]
modules/mbedtls/stream_peer_mbed_tls.cpp:313:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare]
```
2018-09-27 16:25:24 +02:00
Fabio Alessandrelli
92de6df113 Add checks for clean disconnect in HTTP/TCP/SSL.
Half-open TCP connection can, of course, only be detected by
writing the socket, or waiting for TCP timeout.
2018-09-21 14:34:57 +02:00
Fabio Alessandrelli
0e56377e96 Allow system certs file to be used by Editor.
Note, it will only used by the Editor, not when running the game.
This allows package maintainer to compile Godot to use system installed
certificates when accessing the AssetLib.
2018-09-15 14:45:54 +02:00
Rémi Verschelde
277b24dfb7 Make core/ includes absolute, remove subfolders from include path
This allows more consistency in the manner we include core headers,
where previously there would be a mix of absolute, relative and
include path-dependent includes.
2018-09-12 09:52:22 +02:00
Rémi Verschelde
d8e1cd7a10 mbedtls: Update to upstream version 2.12.0
_WIN32_WINNT redefinition fix is no longer needed as it was merged
upstream. PR 1453 is still not merged, diff updated to current state.
2018-07-28 11:16:58 +02:00
Fabio Alessandrelli
99d0b7ba14 Implement non blocking-handshake for StreamPeerSSL 2018-07-16 13:08:17 +02:00
Fabio Alessandrelli
888379e513 Bump mbedTLS to version 2.10.0 2018-06-07 18:50:44 +02:00
Rémi Verschelde
3334209a73 SCons: Pass env to modules can_build method
This allows to disable modules based on the environment,
in particular `env[tools]` which tells us if we are
building the editor or not.
2018-05-30 19:11:36 +02:00
Fabio Alessandrelli
490dd9f946 Generalize SSL cert reading from file 2018-04-03 20:13:57 +02:00
Fabio Alessandrelli
659c62ee33 Use Prepend instead of Append for mbedTLS include
Fixes build on FreeBSD when system-wide mbedTLS and/or openSSL are installed
2018-02-28 20:02:16 +01:00
Fabio Alessandrelli
bd3c27ba78 Allow building with system wide mbedtls on X11
Using builtin_mbedtls=yes is still the default as many distributions
do not ship with mbedtls included.
2018-02-14 01:34:25 +01:00
Fabio Alessandrelli
67b600d957 Add mbedtls module 2018-02-14 01:26:23 +01:00