-
Notifications
You must be signed in to change notification settings - Fork 19.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/clef, signer: security fixes #17554
Conversation
I've now modified it a bit. The cli ui, when performing a listing, shows this (full info):
I also added
This is how it looks:
|
This looks good, just a small request: Please improve the error message for invalid characters in password. It shouldn't list all possible characters. |
signer/storage/aes_gcm_storage.go
Outdated
@@ -129,7 +129,10 @@ func (s *AESEncryptedStorage) writeEncryptedStorage(creds map[string]storedCrede | |||
return nil | |||
} | |||
|
|||
func encrypt(key []byte, plaintext []byte) ([]byte, []byte, error) { | |||
// encrypt encrypts plaingtext with the given key, with additionaldata |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is one g too much in plaintext and one space missing between additional and data
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
Fixed! |
Sorry, I merged a typo fix PR that made this one unmergable. |
a79c9ea
to
433fb67
Compare
rebased |
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
Replaces #17427 .
Origin
andUser-Agent
to the context, and makes it visible for Clef--advanced
mode to enable warnings instead of rejections