CosmWasm · webmaster128 · Jan 31, 2024 · Jan 31, 2024 · Jan 31, 2024
diff --git a/contracts/burner/Cargo.lock b/contracts/burner/Cargo.lock
diff --git a/contracts/crypto-verify/Cargo.lock b/contracts/crypto-verify/Cargo.lock
diff --git a/contracts/cyberpunk/Cargo.lock b/contracts/cyberpunk/Cargo.lock
diff --git a/contracts/empty/Cargo.lock b/contracts/empty/Cargo.lock
diff --git a/contracts/floaty/Cargo.lock b/contracts/floaty/Cargo.lock
diff --git a/contracts/hackatom/Cargo.lock b/contracts/hackatom/Cargo.lock
diff --git a/contracts/ibc-reflect-send/Cargo.lock b/contracts/ibc-reflect-send/Cargo.lock
diff --git a/contracts/ibc-reflect/Cargo.lock b/contracts/ibc-reflect/Cargo.lock
diff --git a/contracts/queue/Cargo.lock b/contracts/queue/Cargo.lock
diff --git a/contracts/reflect/Cargo.lock b/contracts/reflect/Cargo.lock
diff --git a/contracts/staking/Cargo.lock b/contracts/staking/Cargo.lock
diff --git a/contracts/virus/Cargo.lock b/contracts/virus/Cargo.lock
diff --git a/packages/crypto/Cargo.toml b/packages/crypto/Cargo.toml
@@ -17,14 +17,14 @@ bench = false
 [dependencies]
 k256 = { version = "0.13.1", features = ["ecdsa"] }
 ed25519-zebra = "3"
-digest = "0.10"
 rand_core = { version = "0.6", features = ["getrandom"] }
 thiserror = "1.0.38"
 # Not used directly, but needed to bump transitive dependency, see: https://github.com/CosmWasm/cosmwasm/pull/1899 for details.
 ecdsa = "0.16.2"
 
 [dev-dependencies]
 criterion = "0.5.1"
+digest = "0.10"
 serde = { version = "1.0.103", default-features = false, features = ["derive", "alloc"] }
 serde_json = "1.0.40"
 sha2 = "0.10"

diff --git a/packages/crypto/src/identity_digest.rs b/packages/crypto/src/identity_digest.rs
diff --git a/packages/crypto/src/lib.rs b/packages/crypto/src/lib.rs
@@ -5,7 +5,6 @@
 mod backtrace;
 mod ed25519;
 mod errors;
-mod identity_digest;
 mod secp256k1;
 
 #[doc(hidden)]

diff --git a/packages/crypto/src/secp256k1.rs b/packages/crypto/src/secp256k1.rs
@@ -1,11 +1,9 @@
-use digest::{Digest, Update}; // trait
 use k256::{
-    ecdsa::signature::DigestVerifier,             // traits
+    ecdsa::signature::hazmat::PrehashVerifier,    // traits
     ecdsa::{RecoveryId, Signature, VerifyingKey}, // type aliases
 };
 
 use crate::errors::{CryptoError, CryptoResult};
-use crate::identity_digest::Identity256;
 
 /// Max length of a message hash for secp256k1 verification in bytes.
 /// This is typically a 32 byte output of e.g. SHA-256 or Keccak256. In theory shorter values
@@ -47,9 +45,6 @@ pub fn secp256k1_verify(
     let signature = read_signature(signature)?;
     check_pubkey(public_key)?;
 
-    // Already hashed, just build Digest container
-    let message_digest = Identity256::new().chain(message_hash);
-
     let mut signature = Signature::from_bytes(&signature.into())
         .map_err(|e| CryptoError::generic_err(e.to_string()))?;
 
@@ -63,7 +58,7 @@ pub fn secp256k1_verify(
     let public_key = VerifyingKey::from_sec1_bytes(public_key)
         .map_err(|e| CryptoError::generic_err(e.to_string()))?;
 
-    match public_key.verify_digest(message_digest, &signature) {
+    match public_key.verify_prehash(&message_hash, &signature) {
         Ok(()) => Ok(true),
         Err(_) => Ok(false),
     }
@@ -116,8 +111,7 @@ pub fn secp256k1_recover_pubkey(
         .map_err(|e| CryptoError::generic_err(e.to_string()))?;
 
     // Recover
-    let message_digest = Identity256::new().chain(message_hash);
-    let pubkey = VerifyingKey::recover_from_digest(message_digest, &signature, id)
+    let pubkey = VerifyingKey::recover_from_prehash(&message_hash, &signature, id)
         .map_err(|e| CryptoError::generic_err(e.to_string()))?;
     let encoded: Vec<u8> = pubkey.to_encoded_point(false).as_bytes().into();
     Ok(encoded)
@@ -177,6 +171,7 @@ fn check_pubkey(data: &[u8]) -> Result<(), InvalidSecp256k1PubkeyFormat> {
 mod tests {
     use super::*;
 
+    use digest::{Digest, Update}; // trait
     use hex_literal::hex;
     use k256::{
         ecdsa::signature::DigestSigner, // trait