Audit (#103)

* fix comment

* zeroize fix

* include picohash in fuzzer

* update snapshots

* update deps

* improve code

CMakeLists.txt

@@ -230,6 +230,7 @@ if(ENABLE_FUZZING)
 
     foreach(target ${FUZZ_TARGETS})
         add_executable(fuzz-${target} ${CMAKE_CURRENT_SOURCE_DIR}/fuzz/${target}.cpp)
+        target_include_directories(fuzz-${target} PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/deps/picohash)
         target_link_libraries(fuzz-${target} PRIVATE app_lib rslib)
         target_link_options(fuzz-${target} PRIVATE "-fsanitize=fuzzer")
     endforeach()

app/Makefile

@@ -26,7 +26,7 @@ include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.installer_script
 
 include $(BOLOS_SDK)/Makefile.defines
 
-# Set the default value for PRODUCTION_BUILD to 0 if not already defined
+# Set the default value for PRODUCTION_BUILD to 1 if not already defined
 PRODUCTION_BUILD ?= 1
 
 $(info ************ TARGET_NAME  = [$(TARGET_NAME)])

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=2
 # This is the `spec_version` field of `Runtime`
 APPVERSION_N=0
 # This is the patch version of this release
-APPVERSION_P=1
+APPVERSION_P=2

app/src/crypto.c

@@ -579,10 +579,8 @@ zxerr_t crypto_fillDeviceSeed(uint8_t *device_seed) {
     MEMCPY(device_seed, raw_privkey, KEY_LENGTH);
 
 catch_cx_error:
-    if (error != zxerr_ok) {
-        MEMZERO(raw_privkey, 64);
-    }
 
+    MEMZERO(raw_privkey, 64);
     return error;
 }
 

tests_zemu/package.json

@@ -25,8 +25,8 @@
   "devDependencies": {
     "@types/jest": "^29.5.14",
     "@types/ledgerhq__hw-transport": "^4.21.6",
-    "@typescript-eslint/eslint-plugin": "^8.18.0",
-    "@typescript-eslint/parser": "^8.18.0",
+    "@typescript-eslint/eslint-plugin": "^8.19.0",
+    "@typescript-eslint/parser": "^8.19.0",
     "blakejs": "^1.1.1",
     "crypto-js": "4.2.0",
     "ed25519-supercop": "^2.0.1",