switch to xmake for package management (#611)

This change removes our dependency on vcpkg for package management, in favour of bringing some code in-tree in the `thirdparty` folder as well as using the xmake build-in package management feature. For the latter, all the package definitions are maintained in the zen repo itself, in the `repo` folder.

It should now also be easier to build the project as it will no longer depend on having the right version of vcpkg installed, which has been a common problem for new people coming in to the codebase. Now you should only need xmake to build.

* Bumps xmake requirement on github runners to 2.9.9 to resolve an issue where xmake on Windows invokes cmake with `v144` toolchain which does not exist
* BLAKE3 is now in-tree at `thirdparty/blake3`
* cpr is now in-tree at `thirdparty/cpr`
* cxxopts is now in-tree at `thirdparty/cxxopts`
* fmt is now in-tree at `thirdparty/fmt`
* robin-map is now in-tree at `thirdparty/robin-map`
* ryml is now in-tree at `thirdparty/ryml`
* sol2 is now in-tree at `thirdparty/sol2`
* spdlog is now in-tree at `thirdparty/spdlog`
* utfcpp is now in-tree at `thirdparty/utfcpp`
* xmake package repo definitions is in `repo`
* implemented support for sanitizers. ASAN is supported on windows, TSAN, UBSAN, MSAN etc are supported on Linux/MacOS though I have not yet tested it extensively on MacOS
* the zencore encryption implementation also now supports using mbedTLS which is used on MacOS, though for now we still use openssl on Linux
* crashpad
* bumps libcurl to 8.11.0 (from 8.8.0) which should address a rare build upload bug

1 files changed, 125 insertions, 2 deletions

diff --git a/src/zencore/crypto.cpp b/src/zencore/crypto.cpp
index 78bea0c17..09eebb6ae 100644
--- a/src/zencore/crypto.cpp
+++ b/src/zencore/crypto.cpp
@@ -9,14 +9,37 @@
 #include <string>
 #include <string_view>
 
+// On Windows we can use the built-in BCrypt API, on other platforms we currently
+// support either OpenSSL or mbedTLS. The preference is to use OpenSSL if available
+// mostly for historical reasons. We should investigate making mbedTLS the default
+// on non-Windows platforms in future as it is more lightweight.
+
+#if ZEN_PLATFORM_WINDOWS
+#	define ZEN_USE_BCRYPT 1
+#else
+#	define ZEN_USE_BCRYPT 0
+#endif
+
 #ifndef ZEN_USE_OPENSSL
-#	if ZEN_PLATFORM_WINDOWS
+#	if ZEN_USE_BCRYPT
 #		define ZEN_USE_OPENSSL 0
 #	else
 #		define ZEN_USE_OPENSSL 1
 #	endif
 #endif
 
+#ifndef ZEN_USE_MBEDTLS
+#	if ZEN_PLATFORM_WINDOWS
+#		define ZEN_USE_MBEDTLS 0
+#	elif !ZEN_USE_OPENSSL
+#		define ZEN_USE_MBEDTLS 1
+#	else
+#		define ZEN_USE_MBEDTLS 0
+#	endif
+#endif
+
+static_assert(ZEN_USE_OPENSSL + ZEN_USE_MBEDTLS + ZEN_USE_BCRYPT <= 1, "Only one crypto backend can be selected");
+
 ZEN_THIRD_PARTY_INCLUDES_START
 #include <fmt/format.h>
 
@@ -24,6 +47,8 @@ ZEN_THIRD_PARTY_INCLUDES_START
 #	include <openssl/conf.h>
 #	include <openssl/err.h>
 #	include <openssl/evp.h>
+#elif ZEN_USE_MBEDTLS
+#	include <mbedtls/cipher.h>
 #else
 #	include <zencore/windows.h>
 #	include <bcrypt.h>
@@ -43,8 +68,104 @@ namespace crypto {
 		Encrypt
 	};
 
-#if ZEN_USE_OPENSSL
+#if ZEN_USE_MBEDTLS
+
+	class MbedCipherCtx
+	{
+	public:
+		MbedCipherCtx() { mbedtls_cipher_init(&m_Ctx); }
+		~MbedCipherCtx() { mbedtls_cipher_free(&m_Ctx); }
+
+		mbedtls_cipher_context_t* operator&() { return &m_Ctx; }
+		mbedtls_cipher_context_t* get() { return &m_Ctx; }
+
+	private:
+		mbedtls_cipher_context_t m_Ctx;
+	};
+
+	MemoryView Transform(TransformMode				 Mode,
+						 MemoryView					 Key,
+						 MemoryView					 IV,
+						 MemoryView					 In,
+						 MutableMemoryView			 Out,
+						 std::optional<std::string>& Reason)
+	{
+		const mbedtls_cipher_info_t* CipherInfo = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_CBC);
+		if (CipherInfo == nullptr)
+		{
+			Reason = "failed to get mbedTLS cipher info"sv;
+			return MemoryView();
+		}
+
+		MbedCipherCtx Ctx;
+		int			  ret = mbedtls_cipher_setup(Ctx.get(), CipherInfo);
+		if (ret != 0)
+		{
+			Reason = fmt::format("mbedTLS cipher setup failed, ret={}", ret);
+			return MemoryView();
+		}
+
+		// key length in bits
+		ret = mbedtls_cipher_setkey(Ctx.get(),
+									reinterpret_cast<const unsigned char*>(Key.GetData()),
+									static_cast<int>(Key.GetSize() * 8),
+									(Mode == TransformMode::Encrypt) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
+		if (ret != 0)
+		{
+			Reason = fmt::format("mbedTLS setkey failed, ret={}", ret);
+			return MemoryView();
+		}
+
+		ret = mbedtls_cipher_set_iv(Ctx.get(), reinterpret_cast<const unsigned char*>(IV.GetData()), static_cast<size_t>(IV.GetSize()));
+		if (ret != 0)
+		{
+			Reason = fmt::format("mbedTLS set_iv failed, ret={}", ret);
+			return MemoryView();
+		}
+
+		ret = mbedtls_cipher_set_padding_mode(Ctx.get(), MBEDTLS_PADDING_PKCS7);
+
+		if (ret != 0)
+		{
+			Reason = fmt::format("mbedTLS padding mode configuration failed, ret={}", ret);
+			return MemoryView();
+		}
 
+		ret = mbedtls_cipher_reset(Ctx.get());
+		if (ret != 0)
+		{
+			Reason = fmt::format("mbedTLS reset failed, ret={}", ret);
+			return MemoryView();
+		}
+
+		size_t olen	 = 0;
+		size_t total = 0;
+
+		ret = mbedtls_cipher_update(Ctx.get(),
+									reinterpret_cast<const unsigned char*>(In.GetData()),
+									static_cast<size_t>(In.GetSize()),
+									reinterpret_cast<unsigned char*>(Out.GetData()),
+									&olen);
+		if (ret != 0)
+		{
+			Reason = fmt::format("mbedTLS update failed, ret={}", ret);
+			return MemoryView();
+		}
+
+		total = olen;
+
+		ret = mbedtls_cipher_finish(Ctx.get(), reinterpret_cast<unsigned char*>(Out.GetData()) + total, &olen);
+		if (ret != 0)
+		{
+			Reason = fmt::format("mbedTLS finish failed, ret={}", ret);
+			return MemoryView();
+		}
+
+		total += olen;
+
+		return Out.Left(static_cast<size_t>(total));
+	}
+#elif ZEN_USE_OPENSSL
 	class EvpContext
 	{
 	public:
@@ -368,7 +489,9 @@ TEST_CASE("crypto.aes")
 		DecryptionBuffer.resize(PlainText.size() + Aes::BlockSize);
 
 		MemoryView EncryptedView = Aes::Encrypt(Key, IV, MakeMemoryView(PlainText), MakeMutableMemoryView(EncryptionBuffer), Reason);
+		CHECK(Reason.has_value() == false);
 		MemoryView DecryptedView = Aes::Decrypt(Key, IV, EncryptedView, MakeMutableMemoryView(DecryptionBuffer), Reason);
+		CHECK(Reason.has_value() == false);
 
 		std::string_view EncryptedDecryptedText =
 			std::string_view(reinterpret_cast<const char*>(DecryptedView.GetData()), DecryptedView.GetSize());