Commit Graph

40 Commits

Author SHA1 Message Date
Fabio Alessandrelli 8ffb7699af [mbedTLS] Enable TLS 1.3 support
Move library initialization to module registration functions.

Only set library debug threshold when verbose output is enabled.

TLSv1.3 functions seems to be a bit more verbose then expected, and
generate a lot of noise. Yet, some level of debugging without
recompiling the engine would be nice. We should discuss this upstream.
2024-09-26 17:37:38 +02:00
Daylily-Zeleen 3d575801ce Allow ClassDB to create a Object without postinitialization for GDExtension. 2024-08-20 20:19:02 +08:00
Lyuma 40fa684c18 mbedTLS: Update to new LTS v3.6.0
Keep module compatibility with mbedtls 2.x (old LTS branch).

A patch has been added to allow compiling after removing all the `psa_*`
files from the library folder (will look into upstreaming it).

Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires
some module changes, and to enable PSA crypto (new "standard" API
specification), so it might be best done in a separate commit/PR.
2024-04-10 21:19:22 +02:00
Muller-Castro a8bc9f3e78 Add const lvalue ref to core/* container parameters 2024-02-14 11:20:36 -03:00
A Thousand Ships 517e9f8aef [Modules] Replace `ERR_FAIL_COND` with `ERR_FAIL_NULL` where applicable 2023-09-26 16:44:52 +02:00
Fabio Alessandrelli e0140601a5 [Crypto] Fix generate_random_bytes for large chunks
Properly handle mbedtls errors, ensure we don't ask more bytes than
allowed for each iteration.
2023-09-25 22:16:36 +02:00
Rémi Verschelde 8321e0355e
mbedtls: Improve X509 certificate load error handling
Positive numbers shouldn't be treated as a hard failure:

> For CRTs in PEM encoding, the function parses permissively:
> if at least one certificate can be parsed, the function
> returns the number of certificates for which parsing failed
> (hence \c 0 if all certificates were parsed successfully).
> If no certificate could be parsed, the function returns
> the first (negative) error encountered during parsing.

Fixes #77994.
2023-06-26 19:17:17 +02:00
Rémi Verschelde 25b2f1780a
Style: Harmonize header includes in modules
This applies our existing style guide, and adds a new rule to that style
guide for modular components such as platform ports and modules:

Includes from the platform port or module ("local" includes) should be listed
first in their own block using relative paths, before Godot's "core" includes
which use "absolute" (project folder relative) paths, and finally thirdparty
includes.

Includes in `#ifdef`s come after their relevant section, i.e. the overall
structure is:

- Local includes
  * Conditional local includes
- Core includes
  * Conditional core includes
- Thirdparty includes
  * Conditional thirdparty includes
2023-06-15 14:35:45 +02:00
Fabio Alessandrelli 6fd9982358 [TLS] Add support for platform-specific CA bundles.
Adds a new OS::get_system_ca_certs method which can be implemented by
platforms to retrieve the list of trusted CA certificates using OS
specific APIs.

The function should return the certificates in PEM format, and is
currently implemented for Windows/macOS/LinuxBSD(*)/Android.

mbedTLS will fall back to bundled certificates when the OS returns no
certificates.

(*) LinuxBSD does not have a standardized certificates store location.
    The current implementation will test for common locations and may
    return an empty string on some distributions (falling back to the
    bundled certificates).
2023-05-12 09:58:23 +02:00
ScorpionInc a5b867391e Exposes String functions for X509Certificates
Exposes String functions for X509Certificates via two function calls: save_to_string() and load_from_string(str).
2023-05-09 19:02:33 -04:00
Rémi Verschelde d95794ec8a
One Copyright Update to rule them all
As many open source projects have started doing it, we're removing the
current year from the copyright notice, so that we don't need to bump
it every year.

It seems like only the first year of publication is technically
relevant for copyright notices, and even that seems to be something
that many companies stopped listing altogether (in a version controlled
codebase, the commits are a much better source of date of publication
than a hardcoded copyright statement).

We also now list Godot Engine contributors first as we're collectively
the current maintainers of the project, and we clarify that the
"exclusive" copyright of the co-founders covers the timespan before
opensourcing (their further contributions are included as part of Godot
Engine contributors).

Also fixed "cf." Frenchism - it's meant as "refer to / see".
2023-01-05 13:25:55 +01:00
bruvzg 9381acb6a4
Make FileAccess and DirAccess classes reference counted. 2022-04-11 13:28:51 +03:00
Rémi Verschelde fe52458154
Update copyright statements to 2022
Happy new year to the wonderful Godot community!
2022-01-03 21:27:34 +01:00
Nathan Franke 49403cbfa0
Replace String comparisons with "", String() to is_empty()
Also:
- Adds two stress tests to test_string.h
- Changes to .empty() on std::strings
2021-12-09 04:48:38 -06:00
Fabio Alessandrelli a28d25c441 [Crypto] Delete mbedtls ctx in deconstructor.
Would cause memory leak when the context was `start`ed but not
`finish`ed.
2021-07-03 16:12:55 +02:00
Lightning_A e28fd07b2b Rename `instance()`->`instantiate()` when it's a verb 2021-06-19 20:49:18 -06:00
Rémi Verschelde 9e328bb5b7
Core: Move DirAccess and FileAccess to `core/io`
File handling APIs are typically considered part of I/O, and we did have most
`FileAccess` implementations in `core/io` already.
2021-06-11 14:52:39 +02:00
Marcel Admiraal da5d7db610 Rename File::get_len() get_length() 2021-05-25 11:54:28 +01:00
Pedro J. Estébanez 469fa47e06
Make all file access 64-bit (uint64_t)
This changes the types of a big number of variables.

General rules:
- Using `uint64_t` in general. We also considered `int64_t` but eventually
  settled on keeping it unsigned, which is also closer to what one would expect
  with `size_t`/`off_t`.
- We only keep `int64_t` for `seek_end` (takes a negative offset from the end)
  and for the `Variant` bindings, since `Variant::INT` is `int64_t`. This means
  we only need to guard against passing negative values in `core_bind.cpp`.
- Using `uint32_t` integers for concepts not needing such a huge range, like
  pages, blocks, etc.

In addition:
- Improve usage of integer types in some related places; namely, `DirAccess`,
  core binds.

Note:
- On Windows, `_ftelli64` reports invalid values when using 32-bit MinGW with
  version < 8.0. This was an upstream bug fixed in 8.0. It breaks support for
  big files on 32-bit Windows builds made with that toolchain. We might add a
  workaround.

Fixes #44363.
Fixes godotengine/godot-proposals#400.

Co-authored-by: Rémi Verschelde <rverschelde@gmail.com>
2021-05-17 15:06:19 +02:00
Rémi Verschelde 8247667a3e
Core: Drop custom `copymem`/`zeromem` defines
We've been using standard C library functions `memcpy`/`memset` for these since
2016 with 67f65f6639.

There was still the possibility for third-party platform ports to override the
definitions with a custom header, but this doesn't seem useful anymore.
2021-04-27 16:26:27 +02:00
Rémi Verschelde b5334d14f7
Update copyright statements to 2021
Happy new year to the wonderful Godot community!

2020 has been a tough year for most of us personally, but a good year for
Godot development nonetheless with a huge amount of work done towards Godot
4.0 and great improvements backported to the long-lived 3.2 branch.

We've had close to 400 contributors to engine code this year, authoring near
7,000 commit! (And that's only for the `master` branch and for the engine code,
there's a lot more when counting docs, demos and other first-party repos.)

Here's to a great year 2021 for all Godot users 🎆
2021-01-01 20:19:21 +01:00
Marcel Admiraal 5b937d493f Rename empty() to is_empty() 2020-12-28 10:39:56 +00:00
Jon Bonazza d5925fd522 feat: HMAC support in Crypto APIs 2020-11-26 18:39:56 -08:00
reduz 127458ed17 Reorganized core/ directory, it was too fatty already
-Removed FuncRef, since Callable makes it obsolete
-Removed int_types.h as its obsolete in c++11+
-Changed color names code
2020-11-07 20:17:12 -03:00
Fabio Alessandrelli 60687ce778 Fix certificate generation with mbedtls 2.16.8 .
When generating certificates with
`Crypto.generate_self_signed_certificate` we generate the PEM in a
buffer via `mbedtls_x509write_crt_pem`.

Since version 2.16.8, mbedtls adds spurious data at the end of the
buffer due to internal optimizations, this breaks our logic when we try
to immediately parse it and return a proper `X509Certificate` object.

This commit updates the code to find the actual PEM length to parse
using `strlen`, takes extra caution always adding the terminator to the
buffer, and slightly improve error messages.
2020-09-15 18:47:51 +02:00
Fabio Alessandrelli 8e3f9aa681 Implement RSA encryption/decryption. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli dfcc11fa52 Implement sign and verify in crypto. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli 788f18086e CryptoKey supports public keys. 2020-06-18 15:29:39 +02:00
Fabio Alessandrelli f03b7f3d7a Better zeroizing in CryptoKey.
Small code clenup (after PoolByteArray change).
2020-06-18 15:26:01 +02:00
Rémi Verschelde 0be6d925dc Style: clang-format: Disable KeepEmptyLinesAtTheStartOfBlocks
Which means that reduz' beloved style which we all became used to
will now be changed automatically to remove the first empty line.

This makes us lean closer to 1TBS (the one true brace style) instead
of hybridating it with some Allman-inspired spacing.

There's still the case of braces around single-statement blocks that
needs to be addressed (but clang-format can't help with that, but
clang-tidy may if we agree about it).

Part of #33027.
2020-05-14 16:54:55 +02:00
lupoDharkael 95a1400a2a Replace NULL with nullptr 2020-04-02 13:38:00 +02:00
Rémi Verschelde cb282c6ef0 Style: Set clang-format Standard to Cpp11
For us, it practically only changes the fact that `A<A<int>>` is now
used instead of the C++03 compatible `A<A<int> >`.

Note: clang-format 10+ changed the `Standard` arguments to fully
specified `c++11`, `c++14`, etc. versions, but we can't use `c++17`
now if we want to preserve compatibility with clang-format 8 and 9.
`Cpp11` is still supported as deprecated alias for `Latest`.
2020-03-17 07:36:24 +01:00
Juan Linietsky 3205a92ad8 PoolVector is gone, replaced by Vector
Typed `PoolTypeArray` types are now renamed `PackedTypeArray` and are
sugar for `Vector<Type>`.
2020-02-18 10:10:36 +01:00
Marcel Admiraal 5af3b4ca27 Remove duplicate ERR_PRINT macro. 2020-02-05 11:13:24 +01:00
Rémi Verschelde a7f49ac9a1 Update copyright statements to 2020
Happy new year to the wonderful Godot community!

We're starting a new decade with a well-established, non-profit, free
and open source game engine, and tons of further improvements in the
pipeline from hundreds of contributors.

Godot will keep getting better, and we're looking forward to all the
games that the community will keep developing and releasing with it.
2020-01-01 11:16:22 +01:00
Rafał Mikrut ed1c4bc77d Removed unused variables, add some constants numbers 2019-12-10 05:13:02 +01:00
Fabio Alessandrelli e9abcbac3b Fix crash when passing invalid key to Crypto.
In generate_self_signed_certificate
2019-10-09 15:59:17 +02:00
qarmin 17732fe698 Added some obvious errors explanations 2019-09-25 10:28:50 +02:00
Fabio Alessandrelli 17d5b471b9 Better error handling in SSLContext, Crypto 2019-08-22 16:49:11 +02:00
Fabio Alessandrelli dd8107caa4 New CryptoMbedTLS Crypto implementation.
Allows random bytes, RSA keys, and X509 certificates generation.
2019-08-21 16:59:38 +02:00