From 810d478f4c459a539d2bc4913f16faf0b0b3053b Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Tue, 8 Nov 2016 15:48:44 +0100
Subject: [PATCH] check return values of ecdsa_sign calls

---
 firmware/signing.c |  6 +++++-
 firmware/u2f.c     | 13 ++++++++-----
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/firmware/signing.c b/firmware/signing.c
index 3743092309..22dcd91b46 100644
--- a/firmware/signing.c
+++ b/firmware/signing.c
@@ -592,7 +592,11 @@ void signing_txack(TransactionType *tx)
 				resp.serialized.signature_index = idx1;
 				resp.serialized.has_signature = true;
 				resp.serialized.has_serialized_tx = true;
-				ecdsa_sign_digest(&secp256k1, privkey, hash, sig, NULL, NULL);
+				if (ecdsa_sign_digest(&secp256k1, privkey, hash, sig, NULL, NULL) != 0) {
+					fsm_sendFailure(FailureType_Failure_Other, "Signing failed");
+					signing_abort();
+					return;
+				}
 				resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes);
 				if (input.script_type == InputScriptType_SPENDMULTISIG) {
 					if (!input.has_multisig) {
diff --git a/firmware/u2f.c b/firmware/u2f.c
index d8b93135fc..56ee8f76bf 100644
--- a/firmware/u2f.c
+++ b/firmware/u2f.c
@@ -624,8 +624,10 @@ void u2f_register(const APDU *a)
 		memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
 		memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN);
 		memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN);
-		ecdsa_sign(&nist256p1, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base,
-			   sizeof(sig_base), sig, NULL, NULL);
+		if (ecdsa_sign(&nist256p1, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
+			send_u2f_error(U2F_SW_WRONG_DATA);
+			return;
+		}
 
 		// Where to write the signature in the response
 		uint8_t *resp_sig = resp->keyHandleCertSig +
@@ -744,9 +746,10 @@ void u2f_authenticate(const APDU *a)
 		sig_base.flags = resp->flags;
 		memcpy(sig_base.ctr, resp->ctr, 4);
 		memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
-		ecdsa_sign(&nist256p1, node->private_key,
-			   (uint8_t *)&sig_base, sizeof(sig_base), sig,
-			   NULL, NULL);
+		if (ecdsa_sign(&nist256p1, node->private_key, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
+			send_u2f_error(U2F_SW_WRONG_DATA);
+			return;
+		}
 
 		// Copy DER encoded signature into response
 		const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig);