RUSTSEC-2021-0076 bump libsecp256k1 (#9391)

* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
paritytech · Sep 6, 2021 · 6148380 · 6148380
1 parent 676526a
commit 6148380
Show file tree

Hide file tree

Showing 26 changed files with 711 additions and 364 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -221,8 +221,6 @@ members = [
 #
 # This list is ordered alphabetically.
 [profile.dev.package]
-aes-soft = { opt-level = 3 }
-aesni = { opt-level = 3 }
 blake2 = { opt-level = 3 }
 blake2-rfc = { opt-level = 3 }
 blake2b_simd = { opt-level = 3 }

diff --git a/bin/node/cli/Cargo.toml b/bin/node/cli/Cargo.toml
@@ -109,7 +109,7 @@ try-runtime-cli = { version = "0.10.0-dev", optional = true, path = "../../../ut
 wasm-bindgen = { version = "0.2.73", optional = true }
 wasm-bindgen-futures = { version = "0.4.18", optional = true }
 browser-utils = { package = "substrate-browser-utils", path = "../../../utils/browser", optional = true, version = "0.10.0-dev"}
-libp2p-wasm-ext = { version = "0.28", features = ["websocket"], optional = true }
+libp2p-wasm-ext = { version = "0.29", features = ["websocket"], optional = true }
 
 [target.'cfg(target_arch="x86_64")'.dependencies]
 node-executor = { version = "3.0.0-dev", path = "../executor", features = [ "wasmtime" ] }

diff --git a/client/authority-discovery/Cargo.toml b/client/authority-discovery/Cargo.toml
@@ -24,7 +24,7 @@ either = "1.5.3"
 futures = "0.3.9"
 futures-timer = "3.0.1"
 ip_network = "0.3.4"
-libp2p = { version = "0.37.1", default-features = false, features = ["kad"] }
+libp2p = { version = "0.39.1", default-features = false, features = ["kad"] }
 log = "0.4.8"
 prometheus-endpoint = { package = "substrate-prometheus-endpoint", path = "../../utils/prometheus", version = "0.9.0"}
 prost = "0.7"

diff --git a/client/cli/Cargo.toml b/client/cli/Cargo.toml
@@ -18,7 +18,7 @@ regex = "1.4.2"
 tokio = { version = "0.2.21", features = [ "signal", "rt-core", "rt-threaded", "blocking" ] }
 futures = "0.3.9"
 fdlimit = "0.2.1"
-libp2p = "0.37.1"
+libp2p = "0.39.1"
 parity-scale-codec = "2.0.0"
 hex = "0.4.2"
 rand = "0.7.3"

diff --git a/client/consensus/common/Cargo.toml b/client/consensus/common/Cargo.toml
@@ -14,7 +14,7 @@ targets = ["x86_64-unknown-linux-gnu"]
 
 [dependencies]
 thiserror = "1.0.21"
-libp2p = { version = "0.37.1", default-features = false }
+libp2p = { version = "0.39.1", default-features = false }
 log = "0.4.8"
 futures = { version = "0.3.1", features = ["thread-pool"] }
 futures-timer = "3.0.1"

diff --git a/client/executor/Cargo.toml b/client/executor/Cargo.toml
@@ -35,7 +35,7 @@ sc-executor-wasmi = { version = "0.10.0-dev", path = "wasmi" }
 sc-executor-wasmtime = { version = "0.10.0-dev", path = "wasmtime", optional = true }
 parking_lot = "0.11.1"
 log = "0.4.8"
-libsecp256k1 = "0.3.4"
+libsecp256k1 = "0.6"
 
 [dev-dependencies]
 assert_matches = "1.3.0"

diff --git a/client/network-gossip/Cargo.toml b/client/network-gossip/Cargo.toml
@@ -17,7 +17,7 @@ targets = ["x86_64-unknown-linux-gnu"]
 [dependencies]
 futures = "0.3.9"
 futures-timer = "3.0.1"
-libp2p = { version = "0.37.1", default-features = false }
+libp2p = { version = "0.39.1", default-features = false }
 log = "0.4.8"
 lru = "0.6.5"
 prometheus-endpoint = { package = "substrate-prometheus-endpoint", version = "0.9.0", path = "../../utils/prometheus" }

diff --git a/client/network/Cargo.toml b/client/network/Cargo.toml
@@ -65,17 +65,17 @@ wasm-timer = "0.2"
 zeroize = "1.2.0"
 
 [dependencies.libp2p]
-version = "0.37.1"
+version = "0.39.1"
 
 [target.'cfg(target_os = "unknown")'.dependencies.libp2p]
-version = "0.37.1"
+version = "0.39.1"
 default-features = false
 features = ["identify", "kad", "mdns", "mplex", "noise", "ping", "request-response", "tcp-async-io", "websocket", "yamux"]
 
 
 [dev-dependencies]
 assert_matches = "1.3"
-libp2p = { version = "0.37.1", default-features = false }
+libp2p = { version = "0.39.1", default-features = false }
 quickcheck = "1.0.3"
 rand = "0.7.2"
 sp-keyring = { version = "4.0.0-dev", path = "../../primitives/keyring" }

diff --git a/client/network/src/bitswap.rs b/client/network/src/bitswap.rs
@@ -94,7 +94,7 @@ where
 
 	fn upgrade_inbound(self, mut socket: TSocket, _info: Self::Info) -> Self::Future {
 		Box::pin(async move {
-			let packet = upgrade::read_one(&mut socket, MAX_PACKET_SIZE).await?;
+			let packet = upgrade::read_length_prefixed(&mut socket, MAX_PACKET_SIZE).await?;
 			let message: BitswapMessage = Message::decode(packet.as_slice())?;
 			Ok(message)
 		})
@@ -122,7 +122,7 @@ where
 		Box::pin(async move {
 			let mut data = Vec::with_capacity(self.encoded_len());
 			self.encode(&mut data)?;
-			upgrade::write_one(&mut socket, data).await
+			upgrade::write_length_prefixed(&mut socket, data).await
 		})
 	}
 }
@@ -328,7 +328,7 @@ pub enum BitswapError {
 	/// Error parsing CID
 	BadCid(cid::Error),
 	/// Packet read error.
-	Read(upgrade::ReadOneError),
+	Read(io::Error),
 	/// Error sending response.
 	#[display(fmt = "Failed to send response.")]
 	SendResponse,

diff --git a/client/network/src/discovery.rs b/client/network/src/discovery.rs
@@ -722,7 +722,7 @@ impl NetworkBehaviour for DiscoveryBehaviour {
 						KademliaEvent::PendingRoutablePeer { .. } => {
 							// We are not interested in this event at the moment.
 						},
-						KademliaEvent::QueryResult {
+						KademliaEvent::OutboundQueryCompleted {
 							result: QueryResult::GetClosestPeers(res),
 							..
 						} => match res {
@@ -741,7 +741,7 @@ impl NetworkBehaviour for DiscoveryBehaviour {
 								}
 							},
 						},
-						KademliaEvent::QueryResult {
+						KademliaEvent::OutboundQueryCompleted {
 							result: QueryResult::GetRecord(res),
 							stats,
 							..
@@ -778,7 +778,7 @@ impl NetworkBehaviour for DiscoveryBehaviour {
 							};
 							return Poll::Ready(NetworkBehaviourAction::GenerateEvent(ev))
 						},
-						KademliaEvent::QueryResult {
+						KademliaEvent::OutboundQueryCompleted {
 							result: QueryResult::PutRecord(res),
 							stats,
 							..
@@ -799,7 +799,7 @@ impl NetworkBehaviour for DiscoveryBehaviour {
 							};
 							return Poll::Ready(NetworkBehaviourAction::GenerateEvent(ev))
 						},
-						KademliaEvent::QueryResult {
+						KademliaEvent::OutboundQueryCompleted {
 							result: QueryResult::RepublishRecord(res),
 							..
 						} => match res {
@@ -830,6 +830,11 @@ impl NetworkBehaviour for DiscoveryBehaviour {
 							address,
 							score,
 						}),
+					NetworkBehaviourAction::CloseConnection { peer_id, connection } =>
+						return Poll::Ready(NetworkBehaviourAction::CloseConnection {
+							peer_id,
+							connection,
+						}),
 				}
 			}
 		}
@@ -862,6 +867,11 @@ impl NetworkBehaviour for DiscoveryBehaviour {
 						address,
 						score,
 					}),
+				NetworkBehaviourAction::CloseConnection { peer_id, connection } =>
+					return Poll::Ready(NetworkBehaviourAction::CloseConnection {
+						peer_id,
+						connection,
+					}),
 			}
 		}
 
@@ -931,7 +941,7 @@ mod tests {
 		},
 		identity::Keypair,
 		noise,
-		swarm::Swarm,
+		swarm::{Swarm, SwarmEvent},
 		yamux, Multiaddr, PeerId,
 	};
 	use std::{collections::HashSet, task::Poll};
@@ -1000,31 +1010,42 @@ mod tests {
 					match swarms[swarm_n].0.poll_next_unpin(cx) {
 						Poll::Ready(Some(e)) => {
 							match e {
-								DiscoveryOut::UnroutablePeer(other) |
-								DiscoveryOut::Discovered(other) => {
-									// Call `add_self_reported_address` to simulate identify happening.
-									let addr = swarms
-										.iter()
-										.find_map(|(s, a)| {
-											if s.behaviour().local_peer_id == other {
-												Some(a.clone())
-											} else {
-												None
-											}
-										})
-										.unwrap();
-									swarms[swarm_n].0.behaviour_mut().add_self_reported_address(
-										&other,
-										[protocol_name_from_protocol_id(&protocol_id)].iter(),
-										addr,
-									);
-
-									to_discover[swarm_n].remove(&other);
-								},
-								DiscoveryOut::RandomKademliaStarted(_) => {},
-								e => {
-									panic!("Unexpected event: {:?}", e)
+								SwarmEvent::Behaviour(behavior) => {
+									match behavior {
+										DiscoveryOut::UnroutablePeer(other) |
+										DiscoveryOut::Discovered(other) => {
+											// Call `add_self_reported_address` to simulate identify
+											// happening.
+											let addr = swarms
+												.iter()
+												.find_map(|(s, a)| {
+													if s.behaviour().local_peer_id == other {
+														Some(a.clone())
+													} else {
+														None
+													}
+												})
+												.unwrap();
+											swarms[swarm_n]
+												.0
+												.behaviour_mut()
+												.add_self_reported_address(
+													&other,
+													[protocol_name_from_protocol_id(&protocol_id)]
+														.iter(),
+													addr,
+												);
+
+											to_discover[swarm_n].remove(&other);
+										},
+										DiscoveryOut::RandomKademliaStarted(_) => {},
+										e => {
+											panic!("Unexpected event: {:?}", e)
+										},
+									}
 								},
+								// ignore non Behaviour events
+								_ => {},
 							}
 							continue 'polling
 						},

diff --git a/client/network/src/peer_info.rs b/client/network/src/peer_info.rs
@@ -340,6 +340,11 @@ impl NetworkBehaviour for PeerInfoBehaviour {
 						address,
 						score,
 					}),
+				Poll::Ready(NetworkBehaviourAction::CloseConnection { peer_id, connection }) =>
+					return Poll::Ready(NetworkBehaviourAction::CloseConnection {
+						peer_id,
+						connection,
+					}),
 			}
 		}
 
@@ -372,6 +377,11 @@ impl NetworkBehaviour for PeerInfoBehaviour {
 						address,
 						score,
 					}),
+				Poll::Ready(NetworkBehaviourAction::CloseConnection { peer_id, connection }) =>
+					return Poll::Ready(NetworkBehaviourAction::CloseConnection {
+						peer_id,
+						connection,
+					}),
 			}
 		}
 

diff --git a/client/network/src/protocol.rs b/client/network/src/protocol.rs
@@ -1575,6 +1575,8 @@ impl<B: BlockT> NetworkBehaviour for Protocol<B> {
 				}),
 			Poll::Ready(NetworkBehaviourAction::ReportObservedAddr { address, score }) =>
 				return Poll::Ready(NetworkBehaviourAction::ReportObservedAddr { address, score }),
+			Poll::Ready(NetworkBehaviourAction::CloseConnection { peer_id, connection }) =>
+				return Poll::Ready(NetworkBehaviourAction::CloseConnection { peer_id, connection }),
 		};
 
 		let outcome = match event {