Skip to content

Commit

Permalink
Build(deps): Upgrade libsecp256k1 version 0.3.5 => 0.7.0
Browse files Browse the repository at this point in the history 
This resolves security issues with Signature::parse functions

See paritytech/libsecp256k1@b525d5d

Also upgrades `aurora-blake2` version `0.9.1` => `0.10.4` to avoid using dicontinued `crypto-mac` dependency
  • Loading branch information
@RomanHodulak
RomanHodulak committed Jun 8, 2022
1 parent 7035858 commit 56966ea
Show file tree
Hide file tree
Showing 23 changed files with 177 additions and 154 deletions.
150 changes: 69 additions & 81 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ lto = true
opt-level = 3

[workspace]
resolver = "2"
members = [
"engine",
"engine-precompiles",
Expand Down
2 changes: 1 addition & 1 deletion engine-precompiles/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ borsh = { version = "0.8.2", default-features = false }
bn = { package = "aurora-bn", git = "https://github.com/aurora-is-near/aurora-bn.git", default-features = false }
evm = { git = "https://github.com/aurora-is-near/sputnikvm.git", rev = "37448b6cacd98b06282cff5a559684505c29bd2b", default-features = false }
evm-core = { git = "https://github.com/aurora-is-near/sputnikvm.git", rev = "37448b6cacd98b06282cff5a559684505c29bd2b", default-features = false }
libsecp256k1 = { version = "0.3.5", default-features = false }
libsecp256k1 = { version = "0.7.0", default-features = false, features = ["static-context", "hmac"] }
num = { version = "0.4.0", default-features = false, features = ["alloc"] }
primitive-types = { version = "0.10.0", default-features = false, features = ["rlp"] }
ripemd160 = { version = "0.9.1", default-features = false }
Expand Down
9 changes: 5 additions & 4 deletions engine-precompiles/src/secp256k1.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,17 @@ pub fn ecrecover(hash: H256, signature: &[u8]) -> Result<Address, ExitError> {
fn internal_impl(hash: H256, signature: &[u8]) -> Result<Address, ExitError> {
use sha3::Digest;

let hash = secp256k1::Message::parse_slice(hash.as_bytes()).unwrap();
let hash = libsecp256k1::Message::parse_slice(hash.as_bytes()).unwrap();
let v = signature[64];
let signature = secp256k1::Signature::parse_slice(&signature[0..64]).unwrap();
let signature = libsecp256k1::Signature::parse_standard_slice(&signature[0..64])
.map_err(|_| ExitError::Other(Borrowed(sdk::ECRecoverErr.as_str())))?;
let bit = match v {
0..=26 => v,
_ => v - 27,
};

if let Ok(recovery_id) = secp256k1::RecoveryId::parse(bit) {
if let Ok(public_key) = secp256k1::recover(&hash, &signature, &recovery_id) {
if let Ok(recovery_id) = libsecp256k1::RecoveryId::parse(bit) {
if let Ok(public_key) = libsecp256k1::recover(&hash, &signature, &recovery_id) {
// recover returns a 65-byte key, but addresses come from the raw 64-byte key
let r = sha3::Keccak256::digest(&public_key.serialize()[1..]);
return Address::try_from_slice(&r[12..])
Expand Down
Loading

0 comments on commit 56966ea

Please sign in to comment.