Update direct libsecp256k1 dependencies (#2456)

## Proposed Changes * Remove direct dependencies on vulnerable `libsecp256k1 0.3.5` * Ignore the RUSTSEC issue until it is resolved in #2389
2026-03-02 16:21:42 +00:00 · 2021-07-14 05:24:10 +00:00
parent fc4c611476
commit 8fa6e463ca
6 changed files with 72 additions and 13 deletions
--- a/validator_client/Cargo.toml
+++ b/validator_client/Cargo.toml
@@ -57,7 +57,7 @@ warp_utils = { path = "../common/warp_utils" }
 warp = { git = "https://github.com/paulhauner/warp ", branch = "cors-wildcard" }
 hyper = "0.14.4"
 serde_utils = { path = "../consensus/serde_utils" }
-libsecp256k1 = "0.3.5"
+libsecp256k1 = "0.5.0"
 ring = "0.16.19"
 rand = "0.7.3"
 scrypt = { version = "0.5.0", default-features = false }
--- a/validator_client/src/http_api/api_secret.rs
+++ b/validator_client/src/http_api/api_secret.rs
@@ -1,7 +1,7 @@
 use eth2::lighthouse_vc::{PK_LEN, SECRET_PREFIX as PK_PREFIX};
+use libsecp256k1::{Message, PublicKey, SecretKey};
 use rand::thread_rng;
 use ring::digest::{digest, SHA256};
-use secp256k1::{Message, PublicKey, SecretKey};
 use std::fs;
 use std::path::Path;
 use warp::Filter;
@@ -173,11 +173,11 @@ impl ApiSecret {
    /// Returns a closure which produces a signature over some bytes using the secret key in
    /// `self`. The signature is a 32-byte hash formatted as a 0x-prefixed string.
    pub fn signer(&self) -> impl Fn(&[u8]) -> String + Clone {
-        let sk = self.sk.clone();
+        let sk = self.sk;
        move |input: &[u8]| -> String {
            let message =
                Message::parse_slice(digest(&SHA256, input).as_ref()).expect("sha256 is 32 bytes");
-            let (signature, _) = secp256k1::sign(&message, &sk);
+            let (signature, _) = libsecp256k1::sign(&message, &sk);
            serde_utils::hex::encode(signature.serialize_der().as_ref())
        }
    }