Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent handling of malformed DER signatures #114

Closed
tomato42 opened this issue Sep 25, 2019 · 3 comments · Fixed by #115
Closed

Inconsistent handling of malformed DER signatures #114

tomato42 opened this issue Sep 25, 2019 · 3 comments · Fixed by #115
Labels
bug unintended behaviour in ecdsa code
Milestone
v0.14

Comments

@tomato42
Copy link
Member

When the DER signature is malformed, the VerifyingKey.verify(sigdecode=sigdecode_der) raises unexpected exceptions and in some cases does not raise any exception.

UnexpectedDER, IndexError and AssertionError are raised in addition to BadSignatureError, at the same time flipping the 4th or 6th least significant bit of 2nd byte of a NIST521p signature does not cause it to be rejected (the DER encoding is strict, and every value has one defined encoding, any other encoding is invalid and needs to be rejected)
@tomato42 tomato42 added the bug unintended behaviour in ecdsa code label Sep 25, 2019
@tomato42 tomato42 added this to the v0.14 milestone Sep 25, 2019
@tomato42 tomato42 mentioned this issue Sep 26, 2019
Merged
This was referenced Sep 27, 2019
Closed
Merged
@abergmann
Copy link

CVE-2019-14853 was assigned to this issue.

@tomato42
Copy link
Member Author

tomato42 commented Oct 7, 2019

@abergmann
Version 0.13.3, that fixes it in a supported branch, has been released.

@tomato42
Copy link
Member Author

CVE-2019-14859 was assigned to the issue of signatures malleability. It is fixed by the same code that addresses CVE-2019-14853. As such 0.13.3 fixes also CVE-2019-14859

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug unintended behaviour in ecdsa code
Projects
None yet
Milestone
v0.14
Development

Successfully merging a pull request may close this issue.

Robust signature decoding tomato42/python-ecdsa
2 participants
@tomato42 @abergmann