Fix verification bug with pendingEventOrdering: "chronological"
#3382
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If we don't do this, then we end up trying to match the MAC on our own `m.key.verification.mac`, which of course fails.
richvdh
added
the
T-Defect
|
In an ideal world, I'd add an explicit test for this, but it's a bit of an obscure bug in the legacy Crypto implementation, and setting up a test to exercise it will be a non-trivial amount of work. I do have a minor change to react-sdk's cypress tests which rely on it, so that will have to do. |
richvdh
added a commit
to matrix-org/matrix-react-sdk
that referenced
this pull request
May 18, 2023
This `done` call completes the verification process and stops it responding with further messages. It is unnecessary, *provided* the verification completes successfully, for which see matrix-org/matrix-js-sdk#3382.
t3chguy
approved these changes
May 18, 2023
github-merge-queue bot
pushed a commit
to matrix-org/matrix-react-sdk
that referenced
this pull request
May 18, 2023
* Remove redundant `verifier.done()` call This `done` call completes the verification process and stops it responding with further messages. It is unnecessary, *provided* the verification completes successfully, for which see matrix-org/matrix-js-sdk#3382. * Remove duplicated code in `decryption-failure` test * remove unused imports
su-ex
added a commit
to SchildiChat/matrix-js-sdk
that referenced
this pull request
Dec 13, 2023
* Ensure we do not add relations to the wrong timeline ([\matrix-org#3427](matrix-org#3427)). Fixes element-hq/element-web#25450 and element-hq/element-web#25494. * Deprecate `QrCodeEvent`, `SasEvent` and `VerificationEvent` ([\matrix-org#3386](matrix-org#3386)). * Move crypto classes into a separate namespace ([\matrix-org#3385](matrix-org#3385)). * Mention deno support in the README ([\matrix-org#3417](matrix-org#3417)). Contributed by @sigmaSd. * Mark room version 10 as safe ([\matrix-org#3425](matrix-org#3425)). * Prioritise entirely supported flows for UIA ([\matrix-org#3402](matrix-org#3402)). * Add methods to terminate idb worker ([\matrix-org#3362](matrix-org#3362)). * Total summary count ([\matrix-org#3351](matrix-org#3351)). Contributed by @toger5. * Audio concealment ([\matrix-org#3349](matrix-org#3349)). Contributed by @toger5. * Correctly accumulate sync summaries. ([\matrix-org#3366](matrix-org#3366)). Fixes element-hq/element-web#23345. * Keep measuring a call feed's volume after a stream replacement ([\matrix-org#3361](matrix-org#3361)). Fixes element-hq/element-call#1051. * Element-R: Avoid uploading a new fallback key at every `/sync` ([\matrix-org#3338](matrix-org#3338)). Fixes element-hq/element-web#25215. * Accumulate receipts for the main thread and unthreaded separately ([\matrix-org#3339](matrix-org#3339)). Fixes element-hq/element-web#24629. * Remove spec non-compliant extended glob format ([\matrix-org#3423](matrix-org#3423)). Fixes element-hq/element-web#25474. * Fix bug where original event was inserted into timeline instead of the edit event ([\matrix-org#3398](matrix-org#3398)). Contributed by @andybalaam. * Only add a local receipt if it's after an existing receipt ([\matrix-org#3399](matrix-org#3399)). Contributed by @andybalaam. * Attempt a potential workaround for stuck notifs ([\matrix-org#3384](matrix-org#3384)). Fixes element-hq/element-web#25406. Contributed by @andybalaam. * Fix verification bug with `pendingEventOrdering: "chronological"` ([\matrix-org#3382](matrix-org#3382)).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There exists a bug (in the legacy
Cryptoimplementation), in which in-room verifications-via-emoji will fail for applications which use the defaultpendingEventOrderingsetting.The basis of the problem is that the verifier sees a local echo of our own outgoing
m.key.verification.mac. It tries to verify the MAC in that message, which of course fails.The solution is to treat such local echoes in the same way as remote echoes.
Here's what your changelog entry will look like:
馃悰 Bug Fixes
pendingEventOrdering: "chronological"(#3382).