psbt: remove UTXO sanity check to allow fix for CVE
As described in CVE-2020-14199 it is unsafe to only rely on witness UTXO information when signing. Hardware wallets fixed this by also requiring the full non-witness UTXO to be present for a witness input. To be compatible with those newer hardware wallet firmware, we need to remove the sanity checks that disallowed setting witness and non-witness UTXOs at the same time. See https://github.com/bitcoin/bitcoin/pull/19215 for comparison which removed the sanity checks in Bitcoin Core.
This commit is contained in:
parent
4649e4b73b
commit
c5f199e40f
2 changed files with 8 additions and 11 deletions
|
@ -49,19 +49,13 @@ func NewPsbtInput(nonWitnessUtxo *wire.MsgTx,
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsSane returns true only if there are no conflicting values in the Psbt
|
// IsSane returns true only if there are no conflicting values in the Psbt
|
||||||
// PInput. It checks that witness and non-witness utxo entries do not both
|
// PInput. For segwit v0 no checks are currently implemented.
|
||||||
// exist, and that witnessScript entries are only added to witness inputs.
|
|
||||||
func (pi *PInput) IsSane() bool {
|
func (pi *PInput) IsSane() bool {
|
||||||
|
|
||||||
if pi.NonWitnessUtxo != nil && pi.WitnessUtxo != nil {
|
// TODO(guggero): Implement sanity checks for segwit v1. For segwit v0
|
||||||
return false
|
// it is unsafe to only rely on the witness UTXO so we don't check that
|
||||||
}
|
// only one is set anymore.
|
||||||
if pi.WitnessUtxo == nil && pi.WitnessScript != nil {
|
// See https://github.com/bitcoin/bitcoin/pull/19215.
|
||||||
return false
|
|
||||||
}
|
|
||||||
if pi.WitnessUtxo == nil && pi.FinalScriptWitness != nil {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
|
@ -161,6 +161,9 @@ func TestReadInvalidPsbt(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSanityCheck(t *testing.T) {
|
func TestSanityCheck(t *testing.T) {
|
||||||
|
// TODO(guggero): Remove when checks for segwit v1 are implemented.
|
||||||
|
t.Skip("Skipping PSBT sanity checks for segwit v0.")
|
||||||
|
|
||||||
// Test strategy:
|
// Test strategy:
|
||||||
// 1. Create an invalid PSBT from a serialization
|
// 1. Create an invalid PSBT from a serialization
|
||||||
// Then ensure that the sanity check fails.
|
// Then ensure that the sanity check fails.
|
||||||
|
|
Loading…
Reference in a new issue