Skip to content

Commit

Permalink
RUSTSEC-2021-0076 bump libsecp256k1 (paritytech#9391)
Browse files Browse the repository at this point in the history 
* RUSTSEC-2021-0076 bump libsecp256k1

libsecp256k1 allows overflowing signatures
https://rustsec.org/advisories/RUSTSEC-2021-0076

Changes were made to conform to libsecp256k1 version differences.

Closes paritytech#9356

* parse_standard_slice() -> parse_overflowing_slice()

* Added v2 host function for ecdsa_verify

* Add feature tag over helpers

* Added ecdsa_verify v2 to test runner

* PR feedback

- Spaces -> tabs
- renamed two helper functions

* Fixed imports after rebasing

* Bump rest of libsecp256k1

* Add version2 for ecdsa pubkey recovery

* Update primitives/core/src/ecdsa.rs

* Update primitives/core/src/ecdsa.rs

* Update Cargo.lock

Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
  • Loading branch information
@trevor-crypto @bkchr @Neopallium
2 people authored and Neopallium committed Sep 2, 2021
1 parent c3dfee6 commit 696d714
Show file tree
Hide file tree
Showing 7 changed files with 297 additions and 48 deletions.
86 changes: 79 additions & 7 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 0 additions & 2 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,8 +208,6 @@ members = [
#
# This list is ordered alphabetically.
[profile.dev.package]
aes-soft = { opt-level = 3 }
aesni = { opt-level = 3 }
blake2 = { opt-level = 3 }
blake2-rfc = { opt-level = 3 }
blake2b_simd = { opt-level = 3 }
Expand Down
2 changes: 1 addition & 1 deletion client/executor/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ sc-executor-wasmi = { version = "0.9.0", path = "wasmi" }
sc-executor-wasmtime = { version = "0.9.0", path = "wasmtime", optional = true }
parking_lot = "0.11.1"
log = "0.4.8"
libsecp256k1 = "0.3.4"
libsecp256k1 = "0.6"

[dev-dependencies]
assert_matches = "1.3.0"
Expand Down
2 changes: 1 addition & 1 deletion primitives/core/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ schnorrkel = { version = "0.9.1", features = ["preaudit_deprecated", "u64_backen
sha2 = { version = "0.9.2", default-features = false, optional = true }
hex = { version = "0.4", default-features = false, optional = true }
twox-hash = { version = "1.5.0", default-features = false, optional = true }
libsecp256k1 = { version = "0.3.2", default-features = false, features = ["hmac"], optional = true }
libsecp256k1 = { version = "0.6", default-features = false, features = ["hmac", "static-context"], optional = true }
merlin = { version = "2.0", default-features = false, optional = true }

sp-runtime-interface = { version = "3.0.0", default-features = false, path = "../runtime-interface" }
Expand Down
Loading

0 comments on commit 696d714

Please sign in to comment.