gnosis/lighthouse
1
0
Fork 0
mirror of https://github.com/sigp/lighthouse.git synced 2026-03-21 22:04:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update direct libsecp256k1 dependencies (#2456)

Browse Source 
## Proposed Changes

* Remove direct dependencies on vulnerable `libsecp256k1 0.3.5`
* Ignore the RUSTSEC issue until it is resolved in #2389
This commit is contained in:
Michael Sproul
2021-07-14 05:24:10 +00:00
parent fc4c611476
commit 8fa6e463ca
6 changed files with 72 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/eth2/src/lighthouse_vc/http_client.rs
View File

@@ -2,12 +2,12 @@ use super::{types::*, PK_LEN, SECRET_PREFIX};
use crate::Error;
use account_utils::ZeroizeString;
use bytes::Bytes;
use libsecp256k1::{Message, PublicKey, Signature};
use reqwest::{
header::{HeaderMap, HeaderValue},
IntoUrl,
};
use ring::digest::{digest, SHA256};
use secp256k1::{Message, PublicKey, Signature};
use sensitive_url::SensitiveUrl;
use serde::{de::DeserializeOwned, Serialize};
@@ -94,7 +94,7 @@ impl ValidatorClientHttpClient {
.ok()
.and_then(|bytes| {
let sig = Signature::parse_der(&bytes).ok()?;
Some(secp256k1::verify(&message, &sig, &self.server_pubkey))
Some(libsecp256k1::verify(&message, &sig, &self.server_pubkey))
})
.filter(|is_valid| *is_valid)
.ok_or(Error::InvalidSignatureHeader)?;