check return values of ecdsa_sign calls

firmware/signing.c

@@ -592,7 +592,11 @@ void signing_txack(TransactionType *tx)
 				resp.serialized.signature_index = idx1;
 				resp.serialized.has_signature = true;
 				resp.serialized.has_serialized_tx = true;
-				ecdsa_sign_digest(&secp256k1, privkey, hash, sig, NULL, NULL);
+				if (ecdsa_sign_digest(&secp256k1, privkey, hash, sig, NULL, NULL) != 0) {
+					fsm_sendFailure(FailureType_Failure_Other, "Signing failed");
+					signing_abort();
+					return;
+				}
 				resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes);
 				if (input.script_type == InputScriptType_SPENDMULTISIG) {
 					if (!input.has_multisig) {

firmware/u2f.c

@@ -624,8 +624,10 @@ void u2f_register(const APDU *a)
 		memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
 		memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN);
 		memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN);
-		ecdsa_sign(&nist256p1, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base,
-			   sizeof(sig_base), sig, NULL, NULL);
+		if (ecdsa_sign(&nist256p1, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
+			send_u2f_error(U2F_SW_WRONG_DATA);
+			return;
+		}
 
 		// Where to write the signature in the response
 		uint8_t *resp_sig = resp->keyHandleCertSig +
@@ -744,9 +746,10 @@ void u2f_authenticate(const APDU *a)
 		sig_base.flags = resp->flags;
 		memcpy(sig_base.ctr, resp->ctr, 4);
 		memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
-		ecdsa_sign(&nist256p1, node->private_key,
-			   (uint8_t *)&sig_base, sizeof(sig_base), sig,
-			   NULL, NULL);
+		if (ecdsa_sign(&nist256p1, node->private_key, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
+			send_u2f_error(U2F_SW_WRONG_DATA);
+			return;
+		}
 
 		// Copy DER encoded signature into response
 		const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig);