Inconsistent handling of malformed DER signatures

[tomato42]

When the DER signature is malformed, the VerifyingKey.verify(sigdecode=sigdecode_der) raises unexpected exceptions and in some cases does not raise any exception.

UnexpectedDER, IndexError and AssertionError are raised in addition to BadSignatureError, at the same time flipping the 4th or 6th least significant bit of 2nd byte of a NIST521p signature does not cause it to be rejected (the DER encoding is strict, and every value has one defined encoding, any other encoding is invalid and needs to be rejected)

[abergmann]

CVE-2019-14853 was assigned to this issue.

[tomato42]

@abergmann
Version 0.13.3, that fixes it in a supported branch, has been released.

[tomato42]

CVE-2019-14859 was assigned to the issue of signatures malleability. It is fixed by the same code that addresses CVE-2019-14853. As such 0.13.3 fixes also CVE-2019-14859