1. 19 Dec, 2016 1 commit
  2. 16 Dec, 2016 1 commit
    • Richard van der Hoff's avatar
      Avoid buffer overrun on encryption · 8e554ab5
      Richard van der Hoff authored
      Make sure we null-terminate encrypted strings before passing them to
      UTF8ToString.
      
      This used to work when we allocated the buffer on the stack, because it turns
      out that allocate() zeroinits the returned memory. malloc(), of course, does
      not.
      8e554ab5
  3. 15 Dec, 2016 2 commits
  4. 14 Dec, 2016 2 commits
  5. 12 Dec, 2016 1 commit
  6. 25 Oct, 2016 1 commit
  7. 20 Oct, 2016 1 commit
  8. 14 Sep, 2016 2 commits
  9. 13 Sep, 2016 2 commits
  10. 06 Sep, 2016 3 commits
  11. 05 Sep, 2016 1 commit
  12. 04 Sep, 2016 2 commits
    • Richard van der Hoff's avatar
      Fix megolm decryption of UTF-8 · 1d4c13c7
      Richard van der Hoff authored
      Repeat the fix from b10f90d for megolm messages.
      
      It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
      the input includes characters >= 128.
      
      Rather than try to figure out which methods can return UTF-8, and which always
      return plain ascii, replace all uses of Pointer_stringify with a 'length'
      argument with the version that expects a NULL-terminated input, and extend the
      buffer by a byte to allow space for a null-terminator.
      
      In the case of decrypt, we need to add the null ourself.
      
      Fixes https://github.com/vector-im/vector-web/issues/2078.
      1d4c13c7
    • Richard van der Hoff's avatar
      OlmSession.has_received_message · 2e9021c2
      Richard van der Hoff authored
      I find myself wanting to know if an OlmSession is in the pre-key state or not,
      to help debugging at the application level.
      2e9021c2
  13. 01 Sep, 2016 2 commits
    • Richard van der Hoff's avatar
      Bump version in package.json · 0c3f527d
      Richard van der Hoff authored
      ... to match the Makefile
      0c3f527d
    • Richard van der Hoff's avatar
      Fix Ed25519 keypair generation · 0c462cff
      Richard van der Hoff authored
      Ed25519 private keys, it turns out, have 64 bytes, not 32.
      
      We were previously generating only 32 bytes (which is all that is required to
      generate the public key), and then using the public key as the upper 32 bytes
      when generating the per-message session key. This meant that everything
      appeared to work, but the security of the private key was severely compromised.
      
      By way of fixes:
      
       * Use the correct algorithm for generating the Ed25519 private key, and store
         all 512 bits of it.
      
       * Update the account pickle format and refuse to load the old format (since we
         should consider it compromised).
      
       * Bump the library version, and add a function to retrieve the library
         version, so that applications can verify that they are linked against a
         fixed version of the library.
      
       * Remove the curve25519_{sign, verify} functions which were unused and of
         dubious quality.
      0c462cff
  14. 11 Jul, 2016 1 commit
  15. 06 Jul, 2016 1 commit
    • Richard van der Hoff's avatar
      JS: make sure returned strings are null-terminated · 939aa747
      Richard van der Hoff authored
      It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
      the input includes characters >= 128.
      
      Rather than try to figure out which methods can return UTF-8, and which always
      return plain ascii, replace all uses of Pointer_stringify with a 'length'
      argument with the version that expects a NULL-terminated input, and extend the
      buffer by a byte to allow space for a null-terminator.
      
      In the case of decrypt, we need to add the null ourself.
      
      Fixes https://github.com/vector-im/vector-web/issues/1719.
      939aa747
  16. 26 May, 2016 3 commits
  17. 25 May, 2016 2 commits
  18. 20 May, 2016 1 commit
  19. 16 May, 2016 1 commit
  20. 26 Apr, 2016 4 commits
  21. 02 Dec, 2015 2 commits
  22. 01 Nov, 2015 1 commit
  23. 04 Aug, 2015 1 commit
  24. 21 Jul, 2015 2 commits