Defaulting to SSL verification off, *and* forcing it to be off even
when the emulated software asks us to enable it is very bad behaviour,
inaccurate and insecure.
Because the old option defaulted to off, we have to change the INI
option name to force the new default to be used. Unfortunate,
but without this we cannot ensure our users' security.
LoadPatches was apparently never being called when booting
Wii discs. Maybe this will fix the recent regression with
cheat codes not getting loaded? I don't know how this
managed to work to begin with, though...
(The call was also moved for WADs, just for consistency.)
ES.cpp was becoming pretty huge. This commit splits the ES code into
several files:
* Main ES (launch, UID, current title directory and title ID, etc.)
* Device identity and encryption (ID and cert, keys, encrypt/decrypt)
* Title management (imports, exports, deletions)
* Title contents (open/close/read/seek)
* Title information (titles, stored contents, TMDs)
* Views (for tickets and TMDs)
This prevents truncation when assigning to this member in the
constructor. This isn't size-critical code, so opting for the more
straightforward assignment is fine here.
Advantages:
* Simpler code in general
* No extra volume objects created
* Now actually notices if the disc or partition gets
changed while the core is running
* No longer picks up on disc access done by the GUI
(it used to do so as long as the core was running)
* Gets rid of a Core dependency in DiscIO
There are two performance disadvantages:
* FileMonitor is now a bit slower when used with VolumeDirectory
because FileMonitor now always uses the FileSystemGCWii code
for finding filenames instead of VolumeDirectory finding the
filename on its own and directly hooking into FileMonitor.
But this isn't such a big deal, because it's happening on the
DVD thread, and my currently unmerged file system PR will make
FileSystemGCWii's file finding code about as fast as
VolumeDirectory's.
* FileMonitor's creation of the file system object is now
done on the CPU thread instead of the DVD thread, and
it will be done even if FileMonitor logging is disabled.
This will be fixed in the next commit.
PR #3582 removed VolumeIsValid, then PR #3582 added a call
to VolumeIsValid, then both PRs were merged without either
of them being rebased on top of the other.
There's no point in creating a volume without a blob,
since essentially all the functionality of a volume
requires a blob to be used.
Also, VolumeCreator doesn't support creating volumes
without blobs (it can't even figure out the volume type
unless it gets a blob), so it's currently impossible
for a volume to be created without a blob.
Given none of these are used outside of the DSPEmitter class (nor does
it really make sense to allow them to be used outside of the class),
these should all be made private.
Using DiscIO's NAND content loader is the wrong way to get the ticket
for a title, because it checks whether the TMD is present and the
validity check fails if it isn't. This is not the correct behaviour:
we should just read the ticket from /ticket without caring about TMDs.
* IOS doesn't rely on the number of contents indicated in the TMD.
Instead, it checks whether the contents *do* exist on the NAND.
* Implement ES_GetTMDStoredContents (and the count ioctlv).
* Drop a hack in ES_GetStoredContents, which is unnecessary now that
we do it properly.
This is slightly safer than writing contents to /title directly.
We still cannot rename everything in one go atomically, but this allows
implementing AddTitleCancel very easily.
Also, this ensures that when a title import fails, no incomplete files
will be left in the title directory, which can mess up the system menu.
Regression introduced in e99cd57 / 4935: VideoBackends: Set the maximum
range when the depth range is oversized[1]. The NV_depth_buffer_float
extension is not part of OpenGL 3.0, and requiring it causes a hard
crash when it's not supported (e.g. macOS).
[1]: https://github.com/dolphin-emu/dolphin/pull/4935
Most of the Volume code was written before this
convenience function was added. Let's use it more.
Also deleting m_pReader nullptr checks that are
unnecessary because of Read (which ReadSwapped calls)
already having a nullptr check.
This stops the virtual method call from within the Renderer constructor.
The initialization here for GL had to be moved to VideoBackend, as the
Renderer constructor will not have been executed before the value is
required.
This adds a check to the SSL code to make sure we are using the correct
client certificate and key (and root CA).
Now, instead of silently failing, the user will be notified whenever a
file is missing or when it is invalid, i.e. when the hash does not
match; this is likely to happen for existing users as the program
linked in the network guide extracted the wrong certs :(
This partially restores a hack which causes ES to fake ticket views for
IOS titles.
This is necessary because we still allow users to boot games from the
game list, so, with no way of making sure the required IOSes are
installed beforehand, games may OSPanic() when they try to reload to
some IOS version and just find out that the IOS is not installed
(something which *never* happens on the real console, of course).
A warning is printed in the logs to make sure technical users know the
IOS titles are being faked. To try and keep things accurate in all
other cases, this hack is only active when it is needed (when the
current title is a disc title which was launched from the game list).
Depending upon the desktop colour scheme, the light/dark
GameList backgrounds can cause the always white text
to become unreadble.
Use the common luminance approximation algorithm to
determine whether black text should be used instead.
This adds a hash check for imported contents. IOS does it for security;
we do it for a somewhat different reason, to catch content decryption
bugs before incorrectly decrypted contents get written to the NAND,
which can cause titles to be corrupted.
Either way, we should have been doing this check in all cases.
const, when used on value type parameters in the declaration,
is superfluous. This doesn't really convey any information to take note
of when using the function. This only matters in the definition when you
want to prevent accidental modification.
e.g.
// Header
void CalculateSomething(int lhs, int rhs);
// Definition
void CalculateSomething(const int lhs, const int rhs)
{
// lhs and rhs can't accidentally be modified
}
When the TMD doesn't exist on the NAND, IOS returns -106.
This commit also changes IsValid() to not check for the TMD validity,
since this is not always something we want. (IOS can have different
error codes when the TMD is missing, or even worse, simply assume
that the TMD is valid.)
IOS determines installed titles by looking at /title, not uid.sys,
which is more like a history of installed titles. And it does not care
at all about the installed TMD (or even if it is present at all).
This moves all the byte swapping utilities into a header named Swap.h.
A dedicated header is much more preferable here due to the size of the
code itself. In general usage throughout the codebase, CommonFuncs.h was
generally only included for these functions anyway. These being in their
own header avoids dumping the lesser used utilities into scope. As well
as providing a localized area for more utilities related to byte
swapping in the future (should they be needed). This also makes it nicer
to identify which files depend on the byte swapping utilities in
particular.
Since this is a completely new header, moving the code uncovered a few
indirect includes, as well as making some other inclusions unnecessary.
Not only this is pretty pointless because there is a load and save button on the appropriate panels, but for the breakpoints one, it caused an error while mapping the memory since adding memory breakpoint requires to update the DBAT and this is done too early (right after boot). This also only worked if you had the right panel on making it even more useless because it would fail to laod if you didn't have the right panel on. It's better to just let the user click load and save.
This removes wrappers for ES_DIVerify and ES::LoadWAD. They are not
really useful as we can simply call the ES function directly, and
it is actually somewhat confusing because both functions are static
and are not tied to a particular ES instance.
This allows Dolphin to stay up-to-date about what title is currently
running, which fixes savestates, screenshots, etc. after an ES_Launch.
Same limitation as with MIOS: currently, GameINIs are not reloaded,
because it's a pain with the current config system. It'll happen
when the new config system is done, and this commit makes it much
easier to do!
Some members are shared between ES instances, and they are just global
variables in IOS.
This is more efficient than getting the installed titles or setting the
current active title tons of times for no reason.
This changes ES to keep track of the active title properly,
just like IOS:
* It is NOT changed on resource manager open/close.
* It is reset on IOS reload.
* It is changed by ES_DIVerify and ES_Launch.
IOS stores the active title in a structure like this:
struct ESTitleContext
{
Ticket* ticket;
TMD* tmd;
u32 active;
};
With this commit, we also do keep the Ticket and TMD around. This
makes some of the DI ioctlvs (which return data about the current
active title) trivial to implement in the future.
This fixes the System Menu not being able to see update partitions
and also allows us to change Dolphin's active game info in the future.
Currently, slowmem is used at any time that memory breakpoints are in use. This commit makes it so that whenever the DBAT gets updated, if the address is overllaping any memchecks, it forces the use of slowmem. This allows to keep fastmem for any other cases and noticably increases performance when using memory breakpoints.
This fixes ES_GetTMDView and ES_GetTMDViewSize to return -106
(FS_ENOENT) if the title does not exist (and more specifically when no
TMD exists in the NAND). This allows installed (or not installed) IOSes
to be detected properly.