summary refs log tree commit diff
path: root/src/encryption (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'v0.10.2-fixes'Nicolas Werner2022-09-281-15/+25
|\
| * Prevent the homeserver from inserting malicious secretsNicolas Werner2022-09-281-15/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Correctly verify that the reply to a secrets request is actually coming from a verified device. While we did verify that it was us who replied, we didn't properly cancel storing the secret if the sending device was one of ours but was maliciously inserted by the homeserver and unverified. We only send secret requests to verified devices in the first place, so only the homeserver could abuse this issue. Additionally we protected against malicious secret poisoning by verifying that the secret is actually the reply to a request. This means the server only has 2 places where it can poison the secrets: - After a verification when we automatically request the secrets - When the user manually hits the request button It also needs to prevent other secret answers to reach the client first since we ignore all replies after that one. The impact of this might be quite severe. It could allow the server to replace the cross-signing keys silently and while we might not trust that key, we possibly could trust it in the future if we rely on the stored secret. Similarly this could potentially be abused to make the client trust a malicious online key backup. If your deployment is not patched yet and you don't control your homeserver, you can protect against this by simply not doing any verifications of your own devices and not pressing the request button in the settings menu.
* | Switch to clang-format14Nicolas Werner2022-09-252-2/+3
|/
* Fix too many fmt parametersNicolas Werner2022-07-301-1/+1
|
* Make code compile with hidden friendsNicolas Werner2022-07-291-1/+1
|
* Verifications sneakily accumulating in the backgroundNicolas Werner2022-07-223-13/+44
|
* Request full online keybackup when turning it onNicolas Werner2022-06-192-0/+69
|
* Remove a few more headersNicolas Werner2022-06-183-11/+9
|
* Get rid of 'using json = nlohmann::json'Nicolas Werner2022-06-173-15/+15
|
* Fix compilation without implicit nlohmann conversionsNicolas Werner2022-06-172-13/+16
|
* Simplify includes a bitNicolas Werner2022-06-161-0/+2
|
* Fix comparison for glare algorithmNicolas Werner2022-06-122-5/+9
|
* Properly handle glare when verifyingNicolas Werner2022-06-121-4/+17
|
* Use right linterNicolas Werner2022-05-102-3/+2
|
* More image dialog fixesNicolas Werner2022-05-102-2/+3
|
* Remove sender key from megolm session indexNicolas Werner2022-04-081-24/+24
| | | | | | implements MSC3700 see https://github.com/matrix-org/matrix-spec-proposals/pull/3700
* Allow properly editing pending encrypted messagesNicolas Werner2022-02-272-13/+30
|
* Prevent old verification requests from showing upNicolas Werner2022-02-141-0/+27
|
* Update year in copyright notice to shut up lint jobNicolas Werner2022-01-018-0/+8
|
* Reserve size of some containers we are fillingNicolas Werner2021-12-291-0/+1
|
* Reduce allocations using QStringLiteralNicolas Werner2021-12-292-11/+11
|
* Fix more warnings and remove dead codeNicolas Werner2021-12-283-5/+5
|
* Fix a few shadowing warningsNicolas Werner2021-12-113-11/+11
| | | | fixes #824
* Make clang-format <13 and clang-format >=13 behave the sameNicolas Werner2021-11-222-18/+21
| | | | | I think old clang-format is just buggy in those cases, so we should reenable those blocks, once everyone has 13 or up.
* Fix no replies being rendered for edits sent from Element in encrypted roomsNicolas Werner2021-11-111-5/+4
|
* Improve fetching of device keys after loginNicolas Werner2021-11-081-3/+14
|
* Fix self verification status never updatingNicolas Werner2021-11-071-1/+2
|
* Don't try to load verification status before db is readyNicolas Werner2021-11-071-1/+0
|
* Move away from using an event loop to access secretsNicolas Werner2021-11-071-4/+9
| | | | | | | | Fixes messages in room flickering and being stuck fixes #760 relates to #770 relates to #789
* Fix translation nitsNicolas Werner2021-11-041-1/+1
|
* Prompt user when there are unverified devicesNicolas Werner2021-11-012-1/+21
|
* Add self verification after loginNicolas Werner2021-10-307-68/+182
|
* lint using clang11Nicolas Werner2021-10-171-2/+2
|
* lintNicolas Werner2021-10-172-3/+2
|
* move device verification management to its own fileNicolas Werner2021-10-172-0/+174
|
* Move voip and encryption stuff into their own directoriesNicolas Werner2021-10-176-0/+3126
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-31 13:39:11 +0000