summaryrefslogtreecommitdiff
path: root/modules/mbedtls
AgeCommit message (Collapse)Author
2020-09-15Fix certificate generation with mbedtls 2.16.8 .Fabio Alessandrelli
When generating certificates with `Crypto.generate_self_signed_certificate` we generate the PEM in a buffer via `mbedtls_x509write_crt_pem`. Since version 2.16.8, mbedtls adds spurious data at the end of the buffer due to internal optimizations, this breaks our logic when we try to immediately parse it and return a proper `X509Certificate` object. This commit updates the code to find the actual PEM length to parse using `strlen`, takes extra caution always adding the terminator to the buffer, and slightly improve error messages.
2020-06-18Implement RSA encryption/decryption.Fabio Alessandrelli
2020-06-18Implement sign and verify in crypto.Fabio Alessandrelli
2020-06-18CryptoKey supports public keys.Fabio Alessandrelli
2020-06-18Better zeroizing in CryptoKey.Fabio Alessandrelli
Small code clenup (after PoolByteArray change).
2020-05-14Style: Enforce braces around if blocks and loopsRémi Verschelde
Using clang-tidy's `readability-braces-around-statements`. https://clang.llvm.org/extra/clang-tidy/checks/readability-braces-around-statements.html
2020-05-14Style: Enforce separation line between function definitionsRémi Verschelde
I couldn't find a tool that enforces it, so I went the manual route: ``` find -name "thirdparty" -prune \ -o -name "*.cpp" -o -name "*.h" -o -name "*.m" -o -name "*.mm" \ -o -name "*.glsl" > files perl -0777 -pi -e 's/\n}\n([^#])/\n}\n\n\1/g' $(cat files) misc/scripts/fix_style.sh -c ``` This adds a newline after all `}` on the first column, unless they are followed by `#` (typically `#endif`). This leads to having lots of places with two lines between function/class definitions, but clang-format then fixes it as we enforce max one line of separation. This doesn't fix potential occurrences of function definitions which are indented (e.g. for a helper class defined in a .cpp), but it's better than nothing. Also can't be made to run easily on CI/hooks so we'll have to be careful with new code. Part of #33027.
2020-05-14Style: clang-format: Disable KeepEmptyLinesAtTheStartOfBlocksRémi Verschelde
Which means that reduz' beloved style which we all became used to will now be changed automatically to remove the first empty line. This makes us lean closer to 1TBS (the one true brace style) instead of hybridating it with some Allman-inspired spacing. There's still the case of braces around single-statement blocks that needs to be addressed (but clang-format can't help with that, but clang-tidy may if we agree about it). Part of #33027.
2020-05-10Style: clang-format: Disable AllowShortIfStatementsOnASingleLineRémi Verschelde
Part of #33027, also discussed in #29848. Enforcing the use of brackets even on single line statements would be preferred, but `clang-format` doesn't have this functionality yet.
2020-04-02Replace NULL with nullptrlupoDharkael
2020-03-30SCons: Format buildsystem files with psf/blackRémi Verschelde
Configured for a max line length of 120 characters. psf/black is very opinionated and purposely doesn't leave much room for configuration. The output is mostly OK so that should be fine for us, but some things worth noting: - Manually wrapped strings will be reflowed, so by using a line length of 120 for the sake of preserving readability for our long command calls, it also means that some manually wrapped strings are back on the same line and should be manually merged again. - Code generators using string concatenation extensively look awful, since black puts each operand on a single line. We need to refactor these generators to use more pythonic string formatting, for which many options are available (`%`, `format` or f-strings). - CI checks and a pre-commit hook will be added to ensure that future buildsystem changes are well-formatted.
2020-03-23Adding missing include guards to header files identified by LGTM.Rajat Goswami
This addresses the issue godotengine/godot#37143
2020-03-17Style: Set clang-format Standard to Cpp11Rémi Verschelde
For us, it practically only changes the fact that `A<A<int>>` is now used instead of the C++03 compatible `A<A<int> >`. Note: clang-format 10+ changed the `Standard` arguments to fully specified `c++11`, `c++14`, etc. versions, but we can't use `c++17` now if we want to preserve compatibility with clang-format 8 and 9. `Cpp11` is still supported as deprecated alias for `Latest`.
2020-03-17Changed default for p_validate_certs to true.simpuid
Fixes #37084
2020-02-20Reworked signal connection system, added support for Callable and Signal ↵Juan Linietsky
objects and made them default.
2020-02-18Merge pull request #36296 from Faless/dtls/enet_vulkanRémi Verschelde
DTLS support + optional ENet encryption
2020-02-18PoolVector is gone, replaced by VectorJuan Linietsky
Typed `PoolTypeArray` types are now renamed `PackedTypeArray` and are sugar for `Vector<Type>`.
2020-02-17New PacketPeerDTLS and DTLSServer classes.Fabio Alessandrelli
Custom instance implementation via the mbedtls module.
2020-02-16Move mbedlts print func to SSLMbedTLSContext.Fabio Alessandrelli
2020-02-05Remove duplicate ERR_PRINT macro.Marcel Admiraal
2020-01-01Update copyright statements to 2020Rémi Verschelde
Happy new year to the wonderful Godot community! We're starting a new decade with a well-established, non-profit, free and open source game engine, and tons of further improvements in the pipeline from hundreds of contributors. Godot will keep getting better, and we're looking forward to all the games that the community will keep developing and releasing with it.
2019-12-10Removed unused variables, add some constants numbersRafał Mikrut
2019-10-09Fix crash when passing invalid key to Crypto.Fabio Alessandrelli
In generate_self_signed_certificate
2019-09-25Added some obvious errors explanationsqarmin
2019-08-28Style: Fix copyright headers in new filesRémi Verschelde
2019-08-22Better error handling in SSLContext, CryptoFabio Alessandrelli
2019-08-22Fix StreamPeerSSL connect_to_stream w/ custom certFabio Alessandrelli
Follow up on #29871. Was checking the wrong parameter, causing the code to ignore provided stream-specific SSL certificate.
2019-08-22Fix regression in StreamPeerSSLFabio Alessandrelli
Validate that base stream is valid before accepting/connecting. Also remove unnecessary includes.
2019-08-21Rewrite StreamPeerSSL with SSLContext helper classFabio Alessandrelli
connect_to_stream now accepts optional parameter to specify which certificates to trust. Implement accept_stream (SSL server) with key/cert parameters to specify the RSA key and X509 certificate resources.
2019-08-21New CryptoMbedTLS Crypto implementation.Fabio Alessandrelli
Allows random bytes, RSA keys, and X509 certificates generation.
2019-07-02CryptoCore class to access to base crypto utils.Fabio Alessandrelli
Godot core needs MD5/SHA256/AES/Base64 which used to be provided by separate libraries. Since we bundle mbedtls in most cases, and we can easily only include the needed sources if we so desire, let's use it. To simplify library changes in the future, and better isolate header dependencies all functions have been wrapped around inside a class in `core/math/crypto_base.h`. If the mbedtls module is disabled, we only bundle the needed source files independently of the `builtin_mbedtls` option. If the module is enabled, the `builtin_mbedtls` option works as usual. Also remove some unused headers from StreamPeerMbedTLS which were causing build issues.
2019-06-24Add NULL check in SSL connect_to_streamFabio Alessandrelli
2019-02-20Small hack to avoid runtime error when using ubsanFabio Alessandrelli
mbedtls_ssl_read cannot be called with a NULL buffer even if len is 0, as those are passed to memcpy and compilers doesn't like that. Always pass a single byte (still len 0 so nothing is actually copied)
2019-02-13Fix typos with codespellRémi Verschelde
Using codespell 1.14.0. Method: ``` $ cat > ../godot-word-whitelist.txt << EOF ang doubleclick lod nd numer que te unselect EOF $ codespell -w -q 3 -I ../godot-word-whitelist.txt --skip="./thirdparty,*.po" $ git diff // undo unwanted changes ```
2019-01-01Update copyright statements to 2019Rémi Verschelde
Happy new year to the wonderful Godot community!
2019-01-01Fix missing/malformed license headersRémi Verschelde
2018-09-28SCons: Build thirdparty code in own env, disable warningsRémi Verschelde
Also remove unnecessary `Export('env')` in other SCsubs, Export should only be used when exporting *new* objects.
2018-09-27Fix invalid comparison warnings: [-Wbool-compare] and [-Wenum-compare]Rémi Verschelde
Fixes the following GCC 5 warnings and actual bugs: ``` drivers/unix/net_socket_posix.cpp:562:28: warning: comparison between 'enum IP::Type' and 'enum NetSocket::Type' [-Wenum-compare] modules/gdscript/gdscript_function.cpp:792:26: warning: comparison of constant '17' with boolean expression is always true [-Wbool-compare] modules/gdscript/gdscript_function.cpp:792:26: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] modules/gdscript/gdscript_parser.cpp:5082:58: warning: comparison of constant '6' with boolean expression is always false [-Wbool-compare] modules/gdscript/gdscript_parser.cpp:5082:58: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] modules/mbedtls/stream_peer_mbed_tls.cpp:286:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare] modules/mbedtls/stream_peer_mbed_tls.cpp:313:45: warning: comparison between 'enum StreamPeerTCP::Status' and 'enum StreamPeerSSL::Status' [-Wenum-compare] ```
2018-09-21Add checks for clean disconnect in HTTP/TCP/SSL.Fabio Alessandrelli
Half-open TCP connection can, of course, only be detected by writing the socket, or waiting for TCP timeout.
2018-09-15Allow system certs file to be used by Editor.Fabio Alessandrelli
Note, it will only used by the Editor, not when running the game. This allows package maintainer to compile Godot to use system installed certificates when accessing the AssetLib.
2018-09-12Make core/ includes absolute, remove subfolders from include pathRémi Verschelde
This allows more consistency in the manner we include core headers, where previously there would be a mix of absolute, relative and include path-dependent includes.
2018-07-28mbedtls: Update to upstream version 2.12.0Rémi Verschelde
_WIN32_WINNT redefinition fix is no longer needed as it was merged upstream. PR 1453 is still not merged, diff updated to current state.
2018-07-16Implement non blocking-handshake for StreamPeerSSLFabio Alessandrelli
2018-06-07Bump mbedTLS to version 2.10.0Fabio Alessandrelli
2018-05-30SCons: Pass env to modules can_build methodRémi Verschelde
This allows to disable modules based on the environment, in particular `env[tools]` which tells us if we are building the editor or not.
2018-04-03Generalize SSL cert reading from fileFabio Alessandrelli
2018-02-28Use Prepend instead of Append for mbedTLS includeFabio Alessandrelli
Fixes build on FreeBSD when system-wide mbedTLS and/or openSSL are installed
2018-02-14Allow building with system wide mbedtls on X11Fabio Alessandrelli
Using builtin_mbedtls=yes is still the default as many distributions do not ship with mbedtls included.
2018-02-14Add mbedtls moduleFabio Alessandrelli