From c99d43d74b8e00dfc9002c8af90a587ced6ec37b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastian=20K=C3=B6cher?= <info@kchr.de>
Date: Sun, 18 Dec 2022 20:27:12 +0100
Subject: [PATCH 1/3] ed25519: Don't panic for invalid signature

We should not panic for an invalid signature when the `UseDalekExt` is given.
---
 Cargo.lock               |  5 +++--
 primitives/io/Cargo.toml |  4 ++++
 primitives/io/src/lib.rs | 26 ++++++++++++++++++++++----
 3 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index b840cadce3e5c..a6d8c7ee45587 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1570,9 +1570,9 @@ dependencies = [
 
 [[package]]
 name = "ed25519"
-version = "1.0.3"
+version = "1.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37c66a534cbb46ab4ea03477eae19d5c22c01da8258030280b7bd9d8433fb6ef"
+checksum = "1e9c280362032ea4203659fc489832d0204ef09f247a0506f170dafcac08c369"
 dependencies = [
  "signature",
 ]
@@ -9245,6 +9245,7 @@ name = "sp-io"
 version = "7.0.0"
 dependencies = [
  "bytes",
+ "ed25519",
  "ed25519-dalek",
  "futures",
  "hash-db",
diff --git a/primitives/io/Cargo.toml b/primitives/io/Cargo.toml
index cd900b8f158ef..83b778252372a 100644
--- a/primitives/io/Cargo.toml
+++ b/primitives/io/Cargo.toml
@@ -34,7 +34,11 @@ parking_lot = { version = "0.12.1", optional = true }
 secp256k1 = { version = "0.24.0", features = ["recovery", "global-context"], optional = true }
 tracing = { version = "0.1.29", default-features = false }
 tracing-core = { version = "0.1.28", default-features = false}
+
+# Required for backwards compatibility reason, but only used for verifying when `UseDalekExt` is set.
 ed25519-dalek = { version = "1.0.1", default-features = false, optional = true }
+# Force the usage of ed25519, this is being used in `ed25519-dalek`.
+ed25519 = "1.5.2"
 
 [features]
 default = ["std"]
diff --git a/primitives/io/src/lib.rs b/primitives/io/src/lib.rs
index 600d76b3b4300..bb06c00ee2c6f 100644
--- a/primitives/io/src/lib.rs
+++ b/primitives/io/src/lib.rs
@@ -783,13 +783,13 @@ pub trait Crypto {
 		{
 			use ed25519_dalek::Verifier;
 
-			let public_key = if let Ok(vk) = ed25519_dalek::PublicKey::from_bytes(&pub_key.0) {
-				vk
-			} else {
+			let Ok(public_key) = ed25519_dalek::PublicKey::from_bytes(&pub_key.0) else {
 				return false
 			};
 
-			let sig = ed25519_dalek::Signature::from(sig.0);
+			let Ok(sig) = ed25519_dalek::Signature::from_bytes(&sig.0) else {
+				return false
+			};
 
 			public_key.verify(msg, &sig).is_ok()
 		} else {
@@ -1946,4 +1946,22 @@ mod tests {
 			assert!(crypto::ed25519_verify(&zero_ed_sig(), &Vec::new(), &zero_ed_pub()));
 		})
 	}
+
+	#[test]
+	fn dalek_should_not_panic_on_invalid_signature() {
+		let mut ext = BasicExternalities::default();
+		ext.register_extension(UseDalekExt::default());
+
+		ext.execute_with(|| {
+			let mut bytes = [0u8; 64];
+			// Make it invalid
+			bytes[63] = 0b1110_0000;
+
+			assert!(!crypto::ed25519_verify(
+				&ed25519::Signature::from_raw(bytes),
+				&Vec::new(),
+				&zero_ed_pub()
+			));
+		});
+	}
 }

From 95a9a9813a3d5ece94b42e8cf672ca3d130fd1ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastian=20K=C3=B6cher?= <git@kchr.de>
Date: Sun, 18 Dec 2022 21:09:01 +0100
Subject: [PATCH 2/3] Update Cargo.toml

---
 primitives/io/Cargo.toml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/primitives/io/Cargo.toml b/primitives/io/Cargo.toml
index 83b778252372a..bde6bd88270a2 100644
--- a/primitives/io/Cargo.toml
+++ b/primitives/io/Cargo.toml
@@ -38,7 +38,7 @@ tracing-core = { version = "0.1.28", default-features = false}
 # Required for backwards compatibility reason, but only used for verifying when `UseDalekExt` is set.
 ed25519-dalek = { version = "1.0.1", default-features = false, optional = true }
 # Force the usage of ed25519, this is being used in `ed25519-dalek`.
-ed25519 = "1.5.2"
+ed25519 = { version = "1.5.2", optional = true }
 
 [features]
 default = ["std"]
@@ -63,6 +63,8 @@ std = [
 	"futures",
 	"parking_lot",
 	"ed25519-dalek",
+	"ed25519",
+
 ]
 
 with-tracing = [

From 16f5904a3b1e7567b347abcc009108384e9f4c0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastian=20K=C3=B6cher?= <git@kchr.de>
Date: Sun, 18 Dec 2022 21:09:30 +0100
Subject: [PATCH 3/3] Update primitives/io/Cargo.toml

---
 primitives/io/Cargo.toml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/primitives/io/Cargo.toml b/primitives/io/Cargo.toml
index bde6bd88270a2..cbb9cf2949d2c 100644
--- a/primitives/io/Cargo.toml
+++ b/primitives/io/Cargo.toml
@@ -64,7 +64,6 @@ std = [
 	"parking_lot",
 	"ed25519-dalek",
 	"ed25519",
-
 ]
 
 with-tracing = [