Merge #556: Backport and bump secp256k1 0.23.5

70e8cbe Bump version to 0.23.5 (Tobin C. Harding) 989bf05 Add saftey docs for PreallocatedContext trait (Tobin C. Harding) 2b9a5b6 context: introduce unsafe `PreallocatedContext` trait (Andrew Poelstra) f2ba29f Remove deref on an immutable reference (Tobin C. Harding) Pull request description: Backport #548 and bump version ready for release. ### Note Patch one fixes a trivial clippy issue so we lint cleanly on every patch. ACKs for top commit: Kixunil: ACK 70e8cbe Tree-SHA512: 3551b798e89724ab06cfcc3be71689cd96f514faab2bbf2791ecd90fe5246321becb4aa141c95c9f086a190fd19197c5470f2ff765ef74a61d52ed6e3899cb02
rust-bitcoin · Dec 7, 2022 · d7306bb · d7306bb
2 parents 125211d + 70e8cbe
commit d7306bb
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+
+# 0.23.5 - 2022-12-05
+
+* Backport [fix soundness issue with `preallocated_gen_new`](https://github.com/rust-bitcoin/rust-secp256k1/pull/548)
+
 # 0.23.4 - 2022-07-14
 
 * [Disable automatic rerandomization of contexts under WASM](https://github.com/rust-bitcoin/rust-secp256k1/pull/474)

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "secp256k1"
-version = "0.23.4"
+version = "0.23.5"
 authors = [ "Dawid Ciężarkiewicz <dpc@ucore.info>",
             "Andrew Poelstra <apoelstra@wpsoftware.net>" ]
 license = "CC0-1.0"

diff --git a/src/context.rs b/src/context.rs
@@ -297,8 +297,22 @@ unsafe impl<'buf> Context for AllPreallocated<'buf> {
     }
 }
 
-impl<'buf, C: Context + 'buf> Secp256k1<C> {
-    /// Lets you create a context with preallocated buffer in a generic manner(sign/verify/all)
+/// Trait marking that a particular context object internally points to
+/// memory that must outlive `'a`
+///
+/// # Safety
+///
+/// This trait is used internally to gate which context markers can safely
+/// be used with the `preallocated_gen_new` function. Do not implement it
+/// on your own structures.
+pub unsafe trait PreallocatedContext<'a> {}
+
+unsafe impl<'buf> PreallocatedContext<'buf> for AllPreallocated<'buf> {}
+unsafe impl<'buf> PreallocatedContext<'buf> for SignOnlyPreallocated<'buf> {}
+unsafe impl<'buf> PreallocatedContext<'buf> for VerifyOnlyPreallocated<'buf> {}
+
+impl<'buf, C: Context + PreallocatedContext<'buf>> Secp256k1<C> {
+    /// Lets you create a context with a preallocated buffer in a generic manner (sign/verify/all).
     pub fn preallocated_gen_new(buf: &'buf mut [AlignedType]) -> Result<Secp256k1<C>, Error> {
         #[cfg(target_arch = "wasm32")]
         ffi::types::sanity_checks_for_wasm();

diff --git a/src/ecdsa/serialized_signature.rs b/src/ecdsa/serialized_signature.rs
@@ -45,7 +45,7 @@ impl PartialEq for SerializedSignature {
 impl AsRef<[u8]> for SerializedSignature {
     #[inline]
     fn as_ref(&self) -> &[u8] {
-        &*self
+        self
     }
 }