Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

psbt: restore compatibility with wallets that patch CVE-2020-14199 #178

Merged
merged 4 commits into from
Aug 26, 2020
Merged

psbt: restore compatibility with wallets that patch CVE-2020-14199 #178

merged 4 commits into from
Aug 26, 2020

Commits on Jul 20, 2020

  1. psbt: remove UTXO sanity check to allow fix for CVE 

    As described in CVE-2020-14199 it is unsafe to only rely on witness
UTXO information when signing. Hardware wallets fixed this by also
requiring the full non-witness UTXO to be present for a witness input.
To be compatible with those newer hardware wallet firmware, we need to
remove the sanity checks that disallowed setting witness and non-witness
UTXOs at the same time.
See bitcoin/bitcoin#19215 for comparison which
removed the sanity checks in Bitcoin Core.
    @guggero
    guggero committed Jul 20, 2020
    Configuration menu
    Copy the full SHA
    c5f199e View commit details
    Browse the repository at this point in the history

  2. psbt: don't remove non-witness UTXO for segwit v0 

    As a countermeasure to CVE-2020-14199 new HW wallet firmwares require
the full non-witness UTXO to be set even for witness inputs.
We therefore shouldn't remove it when signing.
    @guggero
    guggero committed Jul 20, 2020
    Configuration menu
    Copy the full SHA
    b283b0e View commit details
    Browse the repository at this point in the history

  3. psbt: also check witness UTXO if both are set 

    A wallet that has patched the CVE-2020-14199 vulnerability will always
include a non-witness UTXO, even for witness inputs. In the signer, we
detect that the input we spend is a witness input and copy over the
TxOut to the witness UTXO field. Therefore it is possible that both UTXO
fields are set at the same time. We need to adjust the sanity checks
when adding a partial signature to account for that.
    @guggero
    guggero committed Jul 20, 2020
    Configuration menu
    Copy the full SHA
    c7b6a5a View commit details
    Browse the repository at this point in the history

  4. psbt: test full scenario of CVE-2020-14199 patched wallet 

    We add a test that makes sure the full signing scenario of a wallet that
has the CVE-2020-14199 vulnerability patched is supported by this
library.
    @guggero
    guggero committed Jul 20, 2020
    Configuration menu
    Copy the full SHA
    afbd53e View commit details
    Browse the repository at this point in the history