Olm merge requestshttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests2021-05-24T14:19:26Zhttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests/27Decoding fixes for invalid base64 payloads2021-05-24T14:19:26ZDenis KasakDecoding fixes for invalid base64 payloadsSigned-off-by: Denis Kasak <dkasak@termina.org.uk>Signed-off-by: Denis Kasak <dkasak@termina.org.uk>https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/26Fix use of uninitialized value in message decoding.2021-05-14T14:14:21ZDenis KasakFix use of uninitialized value in message decoding.`_olm_decode_group_message` should initialize all fields of the results
struct before returning. This is because its caller
`_decrypt_max_plaintext_length` relies on it having initialized these
fields.
Luckily, this only allows one to s...`_olm_decode_group_message` should initialize all fields of the results
struct before returning. This is because its caller
`_decrypt_max_plaintext_length` relies on it having initialized these
fields.
Luckily, this only allows one to subvert the version check in
`_decrypt_max_plaintext_length`, but not the following check that the
ciphertext field is non-null because that field *is* initialized.https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/25Fix a double free in the fuzzing harness when input is of size 0.2021-05-11T08:27:02ZDenis KasakFix a double free in the fuzzing harness when input is of size 0.Consider the case when the input is size 0. In this case, `count` and
`buffer_pos` will be 0 as well. The `realloc` call in the `count == 0`
branch will then effectively become a free.
However, `realloc` can sometimes return `NULL` when...Consider the case when the input is size 0. In this case, `count` and
`buffer_pos` will be 0 as well. The `realloc` call in the `count == 0`
branch will then effectively become a free.
However, `realloc` can sometimes return `NULL` when a 0 is passed for
the size. The current code assumes that this only happens on a memory
allocation error and breaks out of the loop. This then becomes a double
free because the buffer is freed a second time, causing an abort.
The intent of the `realloc` is probably to downsize the buffer to fit
the data exactly in order to make incorrect memory access more obvious.
This changes the code to skip this downsizing if the size of the input data
is 0.
Signed-off-by: Denis Kasak <dkasak@termina.org.uk>https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/24Optionally use OpenSSL or LibreSSL instead of bundled crypto-algorithms2021-05-04T22:15:39ZHubert ChathiOptionally use OpenSSL or LibreSSL instead of bundled crypto-algorithmscrypto-algorithms "have no resistence to side-channel attacks and should not
be used in contexts that need cryptographically secure implementations" (see
lib/crypto-algorithms/README.md), so using OpenSSL or LibreSSL is preferable.
This...crypto-algorithms "have no resistence to side-channel attacks and should not
be used in contexts that need cryptographically secure implementations" (see
lib/crypto-algorithms/README.md), so using OpenSSL or LibreSSL is preferable.
This does solve https://github.com/matrix-org/olm/issues/3 for some platforms,
without breaking other platforms without these libraries (like web).
Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/23Use CMake for Android builds (externalNativeBuild)2021-05-04T22:09:07ZHubert ChathiUse CMake for Android builds (externalNativeBuild)Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/22Fix URL to the NCC Group audit.2021-05-04T21:58:36ZDenis KasakFix URL to the NCC Group audit.The original URL is now redirecting to a generic listing page and there
are no links to the actual Olm audit paper there.
Signed-off-by: Denis Kasak <dkasak@termina.org.uk>The original URL is now redirecting to a generic listing page and there
are no links to the actual Olm audit paper there.
Signed-off-by: Denis Kasak <dkasak@termina.org.uk>https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/21WIP: ci/android: publish package (wip)2021-12-07T16:50:53ZGhost UserWIP: ci/android: publish package (wip)https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/20Update gradle wrapper and build tools2021-04-16T20:17:51ZBenoƮt MartyUpdate gradle wrapper and build toolsBuildConfig.VERSION_NAME is not available anymore when building library
Also replace JCenter by MavenCentralBuildConfig.VERSION_NAME is not available anymore when building library
Also replace JCenter by MavenCentralhttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests/19Xcode: Add support of Swift Package Manager2021-04-06T18:22:52ZManuXcode: Add support of Swift Package ManagerMade by Johennes at https://github.com/matrix-org/olm/issues/51#issuecomment-809128833Made by Johennes at https://github.com/matrix-org/olm/issues/51#issuecomment-809128833https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/18ci: add initial build pipeline2021-05-10T21:04:02ZGhost Userci: add initial build pipelinehttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests/17OLMKit: New pickle version using a pickle key provided externally2021-02-19T19:23:21ZManuOLMKit: New pickle version using a pickle key provided externallyImprove ObjC wrappers so that they can use a pickle key provided by the olm lib user.
This new behavior is optional to not break existing usage.
It is retro compatible and use pickle versioning already in place.
Existing key will be u...Improve ObjC wrappers so that they can use a pickle key provided by the olm lib user.
This new behavior is optional to not break existing usage.
It is retro compatible and use pickle versioning already in place.
Existing key will be unpickled with pickle v1 and pickled with pickle v2 if an external pickle key is provided.https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/16sas: Fix the base64 encoding of the MAC.2021-02-19T22:18:28Zpoljarsas: Fix the base64 encoding of the MAC.Please note that this is a breaking change, so we'll likely need to introduce another `calculate_mac()` method instead of applying this patch as is.
When calculating the MAC for a message using `olm_sas_calculate_mac()` and
`olm_sas_cal...Please note that this is a breaking change, so we'll likely need to introduce another `calculate_mac()` method instead of applying this patch as is.
When calculating the MAC for a message using `olm_sas_calculate_mac()` and
`olm_sas_calculate_mac_long_kdf()` the resulting MAC will be base64
encoded using `_olm_encode_base64()`.
The `_olm_encode_base64()` method requires an input buffer and output
buffer to be passed alongside the input length. The method is called
with the same buffer, containing the MAC, for the input buffer as well
as for the output buffer. This results in an incorrectly base64 encoded
MAC.
For example the byte array:
```python
[121, 105, 187, 19, 37, 94, 119, 248, 224, 34, 94, 29, 157, 5,
15, 230, 246, 115, 236, 217, 80, 78, 56, 200, 80, 200, 82, 158,
168, 179, 10, 230]
```
will be encoded as
eWm7NyVeVmXgbVhnYlZobllsWm9ibGxzV205aWJHeHo
instead of as
eWm7EyVed/jgIl4dnQUP5vZz7NlQTjjIUMhSnqizCuY
Notice the different value at the 10th character.
The correct result can be independently checked using Python for example:
```python
>>> from base64 import b64encode
>>> mac = [121, 105, 187, 19, 37, 94, 119, 248, 224, 34, 94, 29, 157, \
5, 15, 230, 246, 115, 236, 217, 80, 78, 56, 200, 80, 200, \
82, 158, 168, 179, 10, 230]
>>> b64encode(bytearray(mac)).rstrip(b"=")
>>> b'eWm7EyVed/jgIl4dnQUP5vZz7NlQTjjIUMhSnqizCuY'
```
This happens because the `_olm_encode_base64()` method that is used does not support in-place encoding in the general case. This is because the remainder for a 32 bit input will always be 2 (32 % 6 == 2).
The remainder will be used over here:
https://gitlab.matrix.org/matrix-org/olm/-/blob/c01164f001d57fbe2297fe11954b58077a68dc0d/src/base64.cpp#L74
The logic that gets executed if a remainder exists depends on the original input values, since those already got in-place encoded, the whole block will behave differently if the input buffer is the same as the output buffer.https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/15Update index.d.ts; specify PRIVATE_KEY_LENGTH const export2020-10-14T01:43:31ZMichael TelatynskiUpdate index.d.ts; specify PRIVATE_KEY_LENGTH const exporthttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests/14remove other_key checks from Python binding since it's done in C now2020-09-24T18:56:19ZHubert Chathiremove other_key checks from Python binding since it's done in C nowpoljarpoljarhttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests/13add support for fallback keys2020-09-17T21:42:26ZHubert Chathiadd support for fallback keysto support [MSC2732](https://github.com/matrix-org/matrix-doc/pull/2732)to support [MSC2732](https://github.com/matrix-org/matrix-doc/pull/2732)https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/12Fix JS demos, which had bitrotted2020-05-19T15:08:28ZMatthew HodgsonFix JS demos, which had bitrottedHubert ChathiHubert Chathihttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests/11Add TypeScript definition file2020-04-29T16:42:26ZHubert ChathiAdd TypeScript definition fileso that TypeScript users can have their olm function calls checked.so that TypeScript users can have their olm function calls checked.David BakerDavid Bakerhttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests/10Fix some math blocks2019-11-08T14:09:13ZRichard van der HoffFix some math blockshttps://gitlab.matrix.org/matrix-org/olm/-/merge_requests/9Add olm_session_describe2019-10-09T15:37:57ZDavid BakerAdd olm_session_describeAs a way to dump the state of an olm session, ie. the chain indicies,
so we can debug why olm sessions break and get out of sync.As a way to dump the state of an olm session, ie. the chain indicies,
so we can debug why olm sessions break and get out of sync.https://gitlab.matrix.org/matrix-org/olm/-/merge_requests/8Build the js objects without PIC2019-09-30T13:12:39ZDavid BakerBuild the js objects without PICThis confuses emscripten nowThis confuses emscripten now