This repository has been archived by the owner on May 28, 2019. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 204
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
extmod/modtrezorcrypto: return False or None consistently when a sign…
…ature verification fails So far, we either return False (or None for public recovery) or raise a ValueError (e.g., when the length of the signature). This is inconsistent and dangerous because the inputs to signature verification may be attacker-provided and cannot be assumed to be well-formed. This led to issue #422 where a firmware error is raised when an invalid signature is is provided. This has been fixed for the ethereum app but not for the wallet app. This commit addresses the problem at the core of the issue, i.e., at the verification functions in extmod such that all apps are covered.
- Loading branch information
1 parent
c542cb3
commit a274a36
Showing
5 changed files
with
28 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters