RUSTSEC-2021-0076 bump libsecp256k1 #9391
Conversation
bkchr
added
B0-silent
|
@sorpaas please check if that is the right way. I remember that you said something about some migration. |
primitives/core/src/ecdsa.rs
Outdated
| Ok(( | ||
| secp256k1::Signature::parse_slice(&x.0[0..64]).expect("hardcoded to 64 bytes; qed"), | ||
| secp256k1::RecoveryId::parse(x.0[64]).map_err(|_| ())?, | ||
| libsecp256k1::Signature::parse_standard_slice(&x.0[0..64]).expect("hardcoded to 64 bytes; qed"), |
There was a problem hiding this comment.
| libsecp256k1::Signature::parse_standard_slice(&x.0[0..64]).expect("hardcoded to 64 bytes; qed"), | |
| libsecp256k1::Signature::parse_overflowing_slice(&x.0[0..64]).expect("hardcoded to 64 bytes; qed"), |
We still need this as parse_overflowing_slice for now, then move to parse_standard_slice through a migration.
There was a problem hiding this comment.
What's the reasoning behind this? (just for my own education)
There was a problem hiding this comment.
Actually, I see. Some preexisting Signatures may be overflowing so we need to parse them with that
There was a problem hiding this comment.
It would otherwise be an actual security advisory for Substrate.
Parsing overflowing slice is not dangerous and by itself is safe. The security advisory arises if there are multiple clients being maintained and all of them need to conform to a standard way.
If we change this to parse_standard_slice in Substrate now we need to mark it as a critical security upgrade for Substrate and ask everyone to upgrade, and during this period an attacker can split the chain. On the other hand, if we do it via a migration then it's completely safe, and we can do the migration in our own pace without any security concerns.
The drawback for the later, of course, is that parse_overflowing_slice will exist in Substrate at least for years to come (until when old blocks no longer need to be re-processed by anyone). However, given that the method is actually safe, but just non-standard, it shouldn't be of any problems.
There was a problem hiding this comment.
What you mean by a migration?
Isn't the problem only the old runtimes? So we should introduce a new host function?
|
@sorpaas shouldn't we directly introduce the new host function? Host functions support versioning and we already use this versioning for a similar problem with schnorrkel. |
|
@bkchr Yeah we should do it. |
|
@trevor-crypto check this out https://github.com/paritytech/substrate/blob/master/primitives/io/src/lib.rs#L599-L600 @trevor-crypto We would need to do something similar here and use |
|
@bkchr thanks! Found my way there already by furiously grepping for 'host functions". I'm wondering how something like this will work with the Edit: might be better to just remove the |
|
@trevor-crypto basically you need to revert c653284 because everything from now need to use the new function. Only the old host function needs to use the old function. |
|
Added version 2 for |
trevor-crypto
force-pushed
the
libsecp-rustsec
branch
2 times, most recently
from
1c6d9a5
to
82fc9da
Compare
|
@sorpaas please also check another time. |
primitives/core/src/ecdsa.rs
Outdated
| } | ||
|
|
||
| #[cfg(feature = "full_crypto")] | ||
| fn parse_signature( |
There was a problem hiding this comment.
Can we rename this to parse_standard_signature and parse_overflowing_signature and similarly for all the above verify_ public functions? The priority here should be make sure that all library users get to deliberately choose whether they want standard or overflowing, so we shouldn't be using the same old name.
There was a problem hiding this comment.
Can't change the trait fn names, but I changed verify_deprecated to verify_overflowing
There was a problem hiding this comment.
That doesn't do much unfortunately. If you can't change the other name for standard then I suggest putting the overflowing one back to deprecated.
I don't have huge problems keeping it as is, but we do need to be slightly careful here since misusing overflowing vs standard may be a source of trouble.
Alternatively, we can create a separate structure for the OverflowingSignature and rename the current one to StandardSignature. That would be the best for clarity, but just that it may be a lot of work -- so I guess it's optional.
There was a problem hiding this comment.
@sorpaas ok thanks. I will leave it as verify_deprecated, since it also coincides with the names of the other versioned host functions in primitives/io/src/lib.rs.
trevor-crypto
force-pushed
the
libsecp-rustsec
branch
from
421aedf
to
5a169e0
Compare
|
Rebased with |
trevor-crypto
force-pushed
the
libsecp-rustsec
branch
from
5a169e0
to
093131b
Compare
|
I wanted to jump in because I see that substrate/primitives/io/src/lib.rs Line 750 in 7dcc77b secp256k1::Signature::parse_slice. Is there a reason why it does not need to get this change?
|
|
Thanks @girazoki I guess I missed other places as well like bumping |
|
bot merge |
|
Waiting for commit status. |
|
@bkchr Thanks for applying those fixes! |
|
Merge aborted: Checks failed for 00e976a |
|
bot merge force |
|
Trying merge. |
ghost
merged commit 
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 * Add version2 for ecdsa pubkey recovery * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 * Add version2 for ecdsa pubkey recovery * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
* RUSTSEC-2021-0076 bump libsecp256k1 (#9391) * RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> * Use coherent prost crate versions (#9676) * Bump node-browser-testing deps on prost Co-authored-by: Trevor Arjeski <72849114+trevor-crypto@users.noreply.github.com> Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> Co-authored-by: Andreas Doerr <adoerr@users.noreply.github.com>
* RUSTSEC-2021-0076 bump libsecp256k1 (#9391) * RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> * Use coherent prost crate versions (#9676) * Bump node-browser-testing deps on prost Co-authored-by: Trevor Arjeski <72849114+trevor-crypto@users.noreply.github.com> Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> Co-authored-by: Andreas Doerr <adoerr@users.noreply.github.com>
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
libsecp256k1 allows overflowing signatures
https://rustsec.org/advisories/RUSTSEC-2021-0076
Changes were made to conform to libsecp256k1 version differences.
Closes #9356