mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-23 06:48:16 +00:00
use explicit_bzero where possible; update trezor-crypto
This commit is contained in:
parent
cd763b979b
commit
4a2d68acb9
@ -402,7 +402,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
|
|||||||
// restore metadata from backup
|
// restore metadata from backup
|
||||||
erase_metadata_sectors();
|
erase_metadata_sectors();
|
||||||
restore_metadata(meta_backup);
|
restore_metadata(meta_backup);
|
||||||
memset(meta_backup, 0, sizeof(meta_backup));
|
explicit_bzero(meta_backup, sizeof(meta_backup));
|
||||||
|
|
||||||
// compare against known hash computed via the following Python3 script:
|
// compare against known hash computed via the following Python3 script:
|
||||||
// hashlib.sha256(binascii.unhexlify('0F5A693C' * 8192)).hexdigest()
|
// hashlib.sha256(binascii.unhexlify('0F5A693C' * 8192)).hexdigest()
|
||||||
@ -599,7 +599,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
|
|||||||
// 2) firmware restore flag isn't set
|
// 2) firmware restore flag isn't set
|
||||||
// 3) signatures are not ok
|
// 3) signatures are not ok
|
||||||
if (old_was_unsigned || (flags & 0x01) == 0 || !signatures_ok(NULL)) {
|
if (old_was_unsigned || (flags & 0x01) == 0 || !signatures_ok(NULL)) {
|
||||||
memset(meta_backup, 0, sizeof(meta_backup));
|
explicit_bzero(meta_backup, sizeof(meta_backup));
|
||||||
}
|
}
|
||||||
// copy new firmware header
|
// copy new firmware header
|
||||||
memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN);
|
memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN);
|
||||||
@ -607,12 +607,12 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
|
|||||||
if (hash_check_ok) {
|
if (hash_check_ok) {
|
||||||
memcpy(meta_backup, FIRMWARE_MAGIC, 4);
|
memcpy(meta_backup, FIRMWARE_MAGIC, 4);
|
||||||
} else {
|
} else {
|
||||||
memset(meta_backup, 0, 4);
|
explicit_bzero(meta_backup, 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
// no need to erase, because we are not changing any already flashed byte.
|
// no need to erase, because we are not changing any already flashed byte.
|
||||||
restore_metadata(meta_backup);
|
restore_metadata(meta_backup);
|
||||||
memset(meta_backup, 0, sizeof(meta_backup));
|
explicit_bzero(meta_backup, sizeof(meta_backup));
|
||||||
|
|
||||||
flash_state = STATE_END;
|
flash_state = STATE_END;
|
||||||
if (hash_check_ok) {
|
if (hash_check_ok) {
|
||||||
|
@ -29,7 +29,6 @@
|
|||||||
#include "curves.h"
|
#include "curves.h"
|
||||||
#include "secp256k1.h"
|
#include "secp256k1.h"
|
||||||
#include "address.h"
|
#include "address.h"
|
||||||
#include "macros.h"
|
|
||||||
#include "coins.h"
|
#include "coins.h"
|
||||||
#include "base58.h"
|
#include "base58.h"
|
||||||
#include "segwit_addr.h"
|
#include "segwit_addr.h"
|
||||||
|
@ -193,7 +193,7 @@ static void send_signature(void)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(privkey, 0, sizeof(privkey));
|
explicit_bzero(privkey, sizeof(privkey));
|
||||||
|
|
||||||
/* Send back the result */
|
/* Send back the result */
|
||||||
msg_tx_request.has_data_length = false;
|
msg_tx_request.has_data_length = false;
|
||||||
@ -592,7 +592,7 @@ void ethereum_signing_txack(EthereumTxAck *tx)
|
|||||||
void ethereum_signing_abort(void)
|
void ethereum_signing_abort(void)
|
||||||
{
|
{
|
||||||
if (ethereum_signing) {
|
if (ethereum_signing) {
|
||||||
memset(privkey, 0, sizeof(privkey));
|
explicit_bzero(privkey, sizeof(privkey));
|
||||||
layoutHome();
|
layoutHome();
|
||||||
ethereum_signing = false;
|
ethereum_signing = false;
|
||||||
}
|
}
|
||||||
|
@ -231,7 +231,7 @@ bool protectChangePin(void)
|
|||||||
storage_update();
|
storage_update();
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(pin_compare, 0, sizeof(pin_compare));
|
explicit_bzero(pin_compare, sizeof(pin_compare));
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
@ -142,7 +142,7 @@ static void recovery_done(void) {
|
|||||||
if (!dry_run) {
|
if (!dry_run) {
|
||||||
// Update mnemonic on storage.
|
// Update mnemonic on storage.
|
||||||
storage_setMnemonic(new_mnemonic);
|
storage_setMnemonic(new_mnemonic);
|
||||||
memset(new_mnemonic, 0, sizeof(new_mnemonic));
|
explicit_bzero(new_mnemonic, sizeof(new_mnemonic));
|
||||||
if (!enforce_wordlist) {
|
if (!enforce_wordlist) {
|
||||||
// not enforcing => mark storage as imported
|
// not enforcing => mark storage as imported
|
||||||
storage_setImported(true);
|
storage_setImported(true);
|
||||||
@ -152,7 +152,7 @@ static void recovery_done(void) {
|
|||||||
} else {
|
} else {
|
||||||
// Inform the user about new mnemonic correctness (as well as whether it is the same as the current one).
|
// Inform the user about new mnemonic correctness (as well as whether it is the same as the current one).
|
||||||
bool match = (storage_isInitialized() && storage_containsMnemonic(new_mnemonic));
|
bool match = (storage_isInitialized() && storage_containsMnemonic(new_mnemonic));
|
||||||
memset(new_mnemonic, 0, sizeof(new_mnemonic));
|
explicit_bzero(new_mnemonic, sizeof(new_mnemonic));
|
||||||
if (match) {
|
if (match) {
|
||||||
layoutDialog(&bmp_icon_ok, NULL, _("Confirm"), NULL,
|
layoutDialog(&bmp_icon_ok, NULL, _("Confirm"), NULL,
|
||||||
_("The seed is valid"),
|
_("The seed is valid"),
|
||||||
@ -172,7 +172,7 @@ static void recovery_done(void) {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// New mnemonic is invalid.
|
// New mnemonic is invalid.
|
||||||
memset(new_mnemonic, 0, sizeof(new_mnemonic));
|
explicit_bzero(new_mnemonic, sizeof(new_mnemonic));
|
||||||
if (!dry_run) {
|
if (!dry_run) {
|
||||||
session_clear(true);
|
session_clear(true);
|
||||||
} else {
|
} else {
|
||||||
|
@ -262,9 +262,9 @@ void storage_generate_uuid(void)
|
|||||||
void session_clear(bool clear_pin)
|
void session_clear(bool clear_pin)
|
||||||
{
|
{
|
||||||
sessionSeedCached = false;
|
sessionSeedCached = false;
|
||||||
memset(&sessionSeed, 0, sizeof(sessionSeed));
|
explicit_bzero(&sessionSeed, sizeof(sessionSeed));
|
||||||
sessionPassphraseCached = false;
|
sessionPassphraseCached = false;
|
||||||
memset(&sessionPassphrase, 0, sizeof(sessionPassphrase));
|
explicit_bzero(&sessionPassphrase, sizeof(sessionPassphrase));
|
||||||
if (clear_pin) {
|
if (clear_pin) {
|
||||||
sessionPinCached = false;
|
sessionPinCached = false;
|
||||||
}
|
}
|
||||||
@ -297,7 +297,7 @@ static void storage_compute_u2froot(const char* mnemonic, StorageHDNode *u2froot
|
|||||||
u2froot->has_private_key = true;
|
u2froot->has_private_key = true;
|
||||||
u2froot->private_key.size = sizeof(node.private_key);
|
u2froot->private_key.size = sizeof(node.private_key);
|
||||||
memcpy(u2froot->private_key.bytes, node.private_key, sizeof(node.private_key));
|
memcpy(u2froot->private_key.bytes, node.private_key, sizeof(node.private_key));
|
||||||
memset(&node, 0, sizeof(node));
|
explicit_bzero(&node, sizeof(node));
|
||||||
session_clear(false); // invalidate seed cache
|
session_clear(false); // invalidate seed cache
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -399,7 +399,7 @@ static void storage_commit_locked(bool update)
|
|||||||
|
|
||||||
void storage_clear_update(void)
|
void storage_clear_update(void)
|
||||||
{
|
{
|
||||||
memset(&storageUpdate, 0, sizeof(storageUpdate));
|
explicit_bzero(&storageUpdate, sizeof(storageUpdate));
|
||||||
}
|
}
|
||||||
|
|
||||||
void storage_update(void)
|
void storage_update(void)
|
||||||
|
2
vendor/trezor-crypto
vendored
2
vendor/trezor-crypto
vendored
@ -1 +1 @@
|
|||||||
Subproject commit 0d8a3beeaf22af837f558a5b5e9ae98cdd47a767
|
Subproject commit b7f73ee3ff78e09c266a30dbc31407558d471615
|
Loading…
Reference in New Issue
Block a user