LedgerHQ · xchapron-ledger · Jan 26, 2024 · Jan 26, 2024
diff --git a/src/handlers/sign.c b/src/handlers/sign.c
@@ -135,7 +135,7 @@ int handleSign(uint8_t p1, uint8_t p2, uint8_t *workBuffer, uint16_t dataLength)
         return io_send_sw(E_INCORRECT_P1_P2);
     }
     // hash data
-    cx_hash_no_throw((cx_hash_t *) &txContext.sha2, 0, workBuffer, dataLength, NULL, 32);
+    CX_ASSERT(cx_hash_no_throw((cx_hash_t *) &txContext.sha2, 0, workBuffer, dataLength, NULL, 32));
 
 #ifdef HAVE_SWAP
     if (G_called_from_swap) {
@@ -180,12 +180,12 @@ int handleSign(uint8_t p1, uint8_t p2, uint8_t *workBuffer, uint16_t dataLength)
     }
 
     // Last data hash
-    cx_hash_no_throw((cx_hash_t *) &txContext.sha2,
-                     CX_LAST,
-                     workBuffer,
-                     0,
-                     transactionContext.hash,
-                     32);
+    CX_ASSERT(cx_hash_no_throw((cx_hash_t *) &txContext.sha2,
+                               CX_LAST,
+                               workBuffer,
+                               0,
+                               transactionContext.hash,
+                               32));
 
     if (txContent.permission_id > 0) {
         PRINTF("Set permission_id...\n");

diff --git a/src/handlers/sign_personal_message.c b/src/handlers/sign_personal_message.c
@@ -48,17 +48,18 @@ int handleSignPersonalMessage(uint8_t p1, uint8_t p2, uint8_t *workBuffer, uint1
         dataLength -= 4;
 
         // Initialize message header + length
-        cx_keccak_init_no_throw(&sha3, 256);
-        cx_hash_no_throw((cx_hash_t *) &sha3,
-                         0,
-                         (const uint8_t *) SIGN_MAGIC,
-                         sizeof(SIGN_MAGIC) - 1,
-                         NULL,
-                         0);
+        CX_ASSERT(cx_keccak_init_no_throw(&sha3, 256));
+        CX_ASSERT(cx_hash_no_throw((cx_hash_t *) &sha3,
+                                   0,
+                                   (const uint8_t *) SIGN_MAGIC,
+                                   sizeof(SIGN_MAGIC) - 1,
+                                   NULL,
+                                   0));
 
         char tmp[11];
         snprintf((char *) tmp, 11, "%d", (uint32_t) txContent.dataBytes);
-        cx_hash_no_throw((cx_hash_t *) &sha3, 0, (const uint8_t *) tmp, strlen(tmp), NULL, 0);
+        CX_ASSERT(
+            cx_hash_no_throw((cx_hash_t *) &sha3, 0, (const uint8_t *) tmp, strlen(tmp), NULL, 0));
 
     } else if (p1 != P1_MORE) {
         return io_send_sw(E_INCORRECT_P1_P2);
@@ -71,10 +72,15 @@ int handleSignPersonalMessage(uint8_t p1, uint8_t p2, uint8_t *workBuffer, uint1
         return io_send_sw(E_INCORRECT_LENGTH);
     }
 
-    cx_hash_no_throw((cx_hash_t *) &sha3, 0, workBuffer, dataLength, NULL, 0);
+    CX_ASSERT(cx_hash_no_throw((cx_hash_t *) &sha3, 0, workBuffer, dataLength, NULL, 0));
     txContent.dataBytes -= dataLength;
     if (txContent.dataBytes == 0) {
-        cx_hash_no_throw((cx_hash_t *) &sha3, CX_LAST, workBuffer, 0, transactionContext.hash, 32);
+        CX_ASSERT(cx_hash_no_throw((cx_hash_t *) &sha3,
+                                   CX_LAST,
+                                   workBuffer,
+                                   0,
+                                   transactionContext.hash,
+                                   32));
 #ifdef HAVE_BAGL
 #define HASH_LENGTH 4
         format_hex(transactionContext.hash, HASH_LENGTH / 2, fullContract, sizeof(fullContract));

diff --git a/src/helpers.c b/src/helpers.c
@@ -28,13 +28,13 @@ void getAddressFromPublicKey(const uint8_t *publicKey, uint8_t address[static AD
     uint8_t hashAddress[HASH_SIZE];
     cx_sha3_t sha3;
 
-    cx_keccak_init_no_throw(&sha3, 256);
-    cx_hash_no_throw((cx_hash_t *) &sha3,
-                     CX_LAST,
-                     publicKey + 1,
-                     PUBLIC_KEY_SIZE - 1,
-                     hashAddress,
-                     HASH_SIZE);
+    CX_ASSERT(cx_keccak_init_no_throw(&sha3, 256));
+    CX_ASSERT(cx_hash_no_throw((cx_hash_t *) &sha3,
+                               CX_LAST,
+                               publicKey + 1,
+                               PUBLIC_KEY_SIZE - 1,
+                               hashAddress,
+                               HASH_SIZE));
 
     memmove(address, hashAddress + 11, ADDRESS_SIZE);
     address[0] = ADD_PRE_FIX_BYTE_MAINNET;

diff --git a/src/tokens.c b/src/tokens.c
@@ -1576,10 +1576,10 @@ int verifyTokenNameID(const char *tokenId,
 
     cx_hash_sha256(buffer, strlen(tokenId) + strlen(tokenName) + 1, hash, 32);
 
-    cx_ecfp_init_public_key_no_throw(CX_CURVE_256K1,
-                                     (uint8_t *) PIC(&token_public_key),
-                                     65,
-                                     &publicKey);
+    CX_ASSERT(cx_ecfp_init_public_key_no_throw(CX_CURVE_256K1,
+                                               (uint8_t *) PIC(&token_public_key),
+                                               65,
+                                               &publicKey));
 
     int ret = cx_ecdsa_verify_no_throw(&publicKey, hash, 32, signature, signatureLength);
 
@@ -1595,10 +1595,10 @@ int verifyExchangeID(const unsigned char *exchangeValidation,
 
     cx_hash_sha256(exchangeValidation, datLength, hash, 32);
 
-    cx_ecfp_init_public_key_no_throw(CX_CURVE_256K1,
-                                     (uint8_t *) PIC(&token_public_key),
-                                     65,
-                                     &publicKey);
+    CX_ASSERT(cx_ecfp_init_public_key_no_throw(CX_CURVE_256K1,
+                                               (uint8_t *) PIC(&token_public_key),
+                                               65,
+                                               &publicKey));
 
     int ret = cx_ecdsa_verify_no_throw(&publicKey, hash, 32, signature, signatureLength);