Gate libsecp256k1 update (backport #18656) (#18701)

* hijack secp256k1 enablement feature plumbing for libsecp256k1 upgrade * bump libsecp256k1 to v0.5.0 * gate libsecp256k1 upgrade to v0.5.0 * ci: allow clippy::inconsistent_struct_constructor Co-authored-by: Trent Nelson <trent@solana.com>
2021-07-16 07:38:45 +00:00
parent 9b7fba69f4
commit c7c650fccc
21 changed files with 147 additions and 241 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1782,17 +1782,6 @@ dependencies = [
 "digest 0.9.0",
 ]

-[[package]]
-name = "hmac-drbg"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6e570451493f10f6581b48cdd530413b63ea9e780f544bfd3bdcaa0d89d1a7b"
-dependencies = [
- "digest 0.8.1",
- "generic-array 0.12.3",
- "hmac 0.7.1",
-]
-
 [[package]]
 name = "hmac-drbg"
 version = "0.3.0"
@ -2299,22 +2288,6 @@ dependencies = [
 "libc",
 ]

-[[package]]
-name = "libsecp256k1"
-version = "0.3.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fc1e2c808481a63dc6da2074752fdd4336a3c8fcc68b83db6f1fd5224ae7962"
-dependencies = [
- "arrayref",
- "crunchy",
- "digest 0.8.1",
- "hmac-drbg 0.2.0",
- "rand 0.7.3",
- "sha2 0.8.2",
- "subtle 2.2.2",
- "typenum",
-]
-
 [[package]]
 name = "libsecp256k1"
 version = "0.5.0"
@ -2324,7 +2297,7 @@ dependencies = [
 "arrayref",
 "base64 0.12.3",
 "digest 0.9.0",
- "hmac-drbg 0.3.0",
+ "hmac-drbg",
 "libsecp256k1-core",
 "libsecp256k1-gen-ecmult",
 "libsecp256k1-gen-genmult",
@ -4286,7 +4259,7 @@ version = "1.7.5"
 dependencies = [
 "bincode",
 "byteorder",
- "libsecp256k1 0.5.0",
+ "libsecp256k1",
 "log 0.4.11",
 "num-derive",
 "num-traits",
@ -5198,7 +5171,7 @@ dependencies = [
 "hex",
 "itertools 0.9.0",
 "lazy_static",
- "libsecp256k1 0.5.0",
+ "libsecp256k1",
 "log 0.4.11",
 "num-derive",
 "num-traits",
@ -5397,7 +5370,7 @@ dependencies = [
 "hmac 0.10.1",
 "itertools 0.9.0",
 "lazy_static",
- "libsecp256k1 0.3.5",
+ "libsecp256k1",
 "log 0.4.11",
 "memmap2",
 "num-derive",
@ -5455,7 +5428,7 @@ name = "solana-secp256k1-program"
 version = "1.7.5"
 dependencies = [
 "bincode",
- "libsecp256k1 0.3.5",
+ "libsecp256k1",
 "rand 0.7.3",
 "solana-logger 1.7.5",
 "solana-sdk",
--- a/banks-server/src/banks_server.rs
+++ b/banks-server/src/banks_server.rs
@ -131,10 +131,13 @@ impl BanksServer {
    }
 }

-fn verify_transaction(transaction: &Transaction) -> transaction::Result<()> {
+fn verify_transaction(
+    transaction: &Transaction,
+    libsecp256k1_0_5_upgrade_enabled: bool,
+) -> transaction::Result<()> {
    if let Err(err) = transaction.verify() {
        Err(err)
-    } else if let Err(err) = transaction.verify_precompiles() {
+    } else if let Err(err) = transaction.verify_precompiles(libsecp256k1_0_5_upgrade_enabled) {
        Err(err)
    } else {
        Ok(())
@ -215,7 +218,10 @@ impl Banks for BanksServer {
        transaction: Transaction,
        commitment: CommitmentLevel,
    ) -> Option<transaction::Result<()>> {
-        if let Err(err) = verify_transaction(&transaction) {
+        if let Err(err) = verify_transaction(
+            &transaction,
+            self.bank(commitment).libsecp256k1_0_5_upgrade_enabled(),
+        ) {
            return Some(Err(err));
        }

--- a/ci/test-checks.sh
+++ b/ci/test-checks.sh
@ -67,7 +67,8 @@ _ ci/order-crates-for-publishing.py

 # -Z... is needed because of clippy bug: https://github.com/rust-lang/rust-clippy/issues/4612
 # run nightly clippy for `sdk/` as there's a moderate amount of nightly-only code there
-_ "$cargo" nightly clippy -Zunstable-options --workspace --all-targets -- --deny=warnings --deny=clippy::integer_arithmetic
+_ "$cargo" nightly clippy -Zunstable-options --workspace --all-targets -- \
+  --deny=warnings --deny=clippy::integer_arithmetic --allow=clippy::inconsistent_struct_constructor

 _ "$cargo" stable fmt --all -- --check

--- a/core/src/banking_stage.rs
+++ b/core/src/banking_stage.rs
@ -976,16 +976,15 @@ impl BankingStage {
    fn transactions_from_packets(
        msgs: &Packets,
        transaction_indexes: &[usize],
-        secp256k1_program_enabled: bool,
+        libsecp256k1_0_5_upgrade_enabled: bool,
    ) -> (Vec<HashedTransaction<'static>>, Vec<usize>) {
        transaction_indexes
            .iter()
            .filter_map(|tx_index| {
                let p = &msgs.packets[*tx_index];
                let tx: Transaction = limited_deserialize(&p.data[0..p.meta.size]).ok()?;
-                if secp256k1_program_enabled {
-                    tx.verify_precompiles().ok()?;
-                }
+                tx.verify_precompiles(libsecp256k1_0_5_upgrade_enabled)
+                    .ok()?;
                let message_bytes = Self::packet_message(p)?;
                let message_hash = Message::hash_raw_message(message_bytes);
                Some((
@ -1049,7 +1048,7 @@ impl BankingStage {
        let (transactions, transaction_to_packet_indexes) = Self::transactions_from_packets(
            msgs,
            &packet_indexes,
-            bank.secp256k1_program_enabled(),
+            bank.libsecp256k1_0_5_upgrade_enabled(),
        );
        packet_conversion_time.stop();

@ -1120,7 +1119,7 @@ impl BankingStage {
        let (transactions, transaction_to_packet_indexes) = Self::transactions_from_packets(
            msgs,
            &transaction_indexes,
-            bank.secp256k1_program_enabled(),
+            bank.libsecp256k1_0_5_upgrade_enabled(),
        );

        let tx_count = transaction_to_packet_indexes.len();
--- a/ledger-tool/src/main.rs
+++ b/ledger-tool/src/main.rs
@ -2321,13 +2321,13 @@ fn main() {
                            let mut store_failed_count = 0;
                            if force_enabled_count >= 1 {
                                if base_bank
-                                    .get_account(&feature_set::secp256k1_program_enabled::id())
+                                    .get_account(&feature_set::spl_token_v2_multisig_fix::id())
                                    .is_some()
                                {
                                    // steal some lamports from the pretty old feature not to affect
                                    // capitalizaion, which doesn't affect inflation behavior!
                                    base_bank.store_account(
-                                        &feature_set::secp256k1_program_enabled::id(),
+                                        &feature_set::spl_token_v2_multisig_fix::id(),
                                        &AccountSharedData::default(),
                                    );
                                    force_enabled_count -= 1;
--- a/ledger/src/blockstore_processor.rs
+++ b/ledger/src/blockstore_processor.rs
@ -793,7 +793,7 @@ pub fn confirm_slot(
    let check_start = Instant::now();
    let check_result = entries.verify_and_hash_transactions(
        skip_verification,
-        bank.secp256k1_program_enabled(),
+        bank.libsecp256k1_0_5_upgrade_enabled(),
        bank.verify_tx_signatures_len_enabled(),
    );
    if check_result.is_none() {
--- a/ledger/src/entry.rs
+++ b/ledger/src/entry.rs
@ -359,7 +359,7 @@ pub trait EntrySlice {
    fn verify_and_hash_transactions(
        &self,
        skip_verification: bool,
-        secp256k1_program_enabled: bool,
+        libsecp256k1_0_5_upgrade_enabled: bool,
        verify_tx_signatures_len: bool,
    ) -> Option<Vec<EntryType<'_>>>;
 }
@ -515,7 +515,7 @@ impl EntrySlice for [Entry] {
    fn verify_and_hash_transactions<'a>(
        &'a self,
        skip_verification: bool,
-        secp256k1_program_enabled: bool,
+        libsecp256k1_0_5_upgrade_enabled: bool,
        verify_tx_signatures_len: bool,
    ) -> Option<Vec<EntryType<'a>>> {
        let verify_and_hash = |tx: &'a Transaction| -> Option<HashedTransaction<'a>> {
@ -524,10 +524,8 @@ impl EntrySlice for [Entry] {
                if size > PACKET_DATA_SIZE as u64 {
                    return None;
                }
-                if secp256k1_program_enabled {
-                    // Verify tx precompiles if secp256k1 program is enabled.
-                    tx.verify_precompiles().ok()?;
-                }
+                tx.verify_precompiles(libsecp256k1_0_5_upgrade_enabled)
+                    .ok()?;
                if verify_tx_signatures_len && !tx.verify_signatures_len() {
                    return None;
                }
--- a/programs/bpf/Cargo.lock
+++ b/programs/bpf/Cargo.lock
@ -661,16 +661,6 @@ version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"

-[[package]]
-name = "crypto-mac"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5"
-dependencies = [
- "generic-array 0.12.3",
- "subtle 1.0.0",
-]
-
 [[package]]
 name = "crypto-mac"
 version = "0.8.0"
@ -678,7 +668,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab"
 dependencies = [
 "generic-array 0.14.3",
- "subtle 2.2.2",
+ "subtle",
 ]

 [[package]]
@ -688,7 +678,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "58bcd97a54c7ca5ce2f6eb16f6bede5b0ab5f0055fedc17d2f0b4466e21671ca"
 dependencies = [
 "generic-array 0.14.3",
- "subtle 2.2.2",
+ "subtle",
 ]

 [[package]]
@ -698,7 +688,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4857fd85a0c34b3c3297875b747c1e02e06b6a0ea32dd892d8192b9ce0813ea6"
 dependencies = [
 "generic-array 0.14.3",
- "subtle 2.2.2",
+ "subtle",
 ]

 [[package]]
@ -710,7 +700,7 @@ dependencies = [
 "byteorder 1.3.4",
 "digest 0.8.1",
 "rand_core 0.5.1",
- "subtle 2.2.2",
+ "subtle",
 "zeroize",
 ]

@ -723,7 +713,7 @@ dependencies = [
 "byteorder 1.3.4",
 "digest 0.9.0",
 "rand_core 0.5.1",
- "subtle 2.2.2",
+ "subtle",
 "zeroize",
 ]

@ -844,7 +834,7 @@ dependencies = [
 "rand 0.7.3",
 "serde",
 "serde_bytes",
- "sha2 0.9.2",
+ "sha2",
 "zeroize",
 ]

@ -858,7 +848,7 @@ dependencies = [
 "ed25519-dalek",
 "failure",
 "hmac 0.9.0",
- "sha2 0.9.2",
+ "sha2",
 ]

 [[package]]
@ -1273,16 +1263,6 @@ dependencies = [
 "pkg-config",
 ]

-[[package]]
-name = "hmac"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5dcb5e64cda4c23119ab41ba960d1e170a774c8e4b9d9e6a9bc18aabf5e59695"
-dependencies = [
- "crypto-mac 0.7.0",
- "digest 0.8.1",
-]
-
 [[package]]
 name = "hmac"
 version = "0.8.1"
@ -1313,17 +1293,6 @@ dependencies = [
 "digest 0.9.0",
 ]

-[[package]]
-name = "hmac-drbg"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6e570451493f10f6581b48cdd530413b63ea9e780f544bfd3bdcaa0d89d1a7b"
-dependencies = [
- "digest 0.8.1",
- "generic-array 0.12.3",
- "hmac 0.7.1",
-]
-
 [[package]]
 name = "hmac-drbg"
 version = "0.3.0"
@ -1574,22 +1543,6 @@ dependencies = [
 "winapi 0.3.8",
 ]

-[[package]]
-name = "libsecp256k1"
-version = "0.3.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fc1e2c808481a63dc6da2074752fdd4336a3c8fcc68b83db6f1fd5224ae7962"
-dependencies = [
- "arrayref",
- "crunchy",
- "digest 0.8.1",
- "hmac-drbg 0.2.0",
- "rand 0.7.3",
- "sha2 0.8.2",
- "subtle 2.2.2",
- "typenum",
-]
-
 [[package]]
 name = "libsecp256k1"
 version = "0.5.0"
@ -1599,13 +1552,13 @@ dependencies = [
 "arrayref",
 "base64 0.12.3",
 "digest 0.9.0",
- "hmac-drbg 0.3.0",
+ "hmac-drbg",
 "libsecp256k1-core",
 "libsecp256k1-gen-ecmult",
 "libsecp256k1-gen-genmult",
 "rand 0.7.3",
 "serde",
- "sha2 0.9.2",
+ "sha2",
 "typenum",
 ]

@ -1617,7 +1570,7 @@ checksum = "4ee11012b293ea30093c129173cac4335513064094619f4639a25b310fd33c11"
 dependencies = [
 "crunchy",
 "digest 0.9.0",
- "subtle 2.2.2",
+ "subtle",
 ]

 [[package]]
@ -2735,18 +2688,6 @@ dependencies = [
 "opaque-debug 0.2.3",
 ]

-[[package]]
-name = "sha2"
-version = "0.8.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a256f46ea78a0c0d9ff00077504903ac881a1dafdc20da66545699e7776b3e69"
-dependencies = [
- "block-buffer 0.7.3",
- "digest 0.8.1",
- "fake-simd",
- "opaque-debug 0.2.3",
-]
-
 [[package]]
 name = "sha2"
 version = "0.9.2"
@ -2892,7 +2833,7 @@ version = "1.7.5"
 dependencies = [
 "bincode",
 "byteorder 1.3.4",
- "libsecp256k1 0.5.0",
+ "libsecp256k1",
 "log",
 "num-derive 0.3.0",
 "num-traits",
@ -3361,7 +3302,7 @@ dependencies = [
 "rustc_version",
 "serde",
 "serde_derive",
- "sha2 0.9.2",
+ "sha2",
 "solana-frozen-abi-macro 1.7.1",
 "solana-logger 1.7.1",
 "thiserror",
@ -3379,7 +3320,7 @@ dependencies = [
 "rustc_version",
 "serde",
 "serde_derive",
- "sha2 0.9.2",
+ "sha2",
 "solana-frozen-abi-macro 1.7.5",
 "solana-logger 1.7.5",
 "thiserror",
@ -3493,7 +3434,7 @@ dependencies = [
 "serde",
 "serde_bytes",
 "serde_derive",
- "sha2 0.9.2",
+ "sha2",
 "sha3",
 "solana-frozen-abi 1.7.1",
 "solana-frozen-abi-macro 1.7.1",
@ -3516,7 +3457,7 @@ dependencies = [
 "hex",
 "itertools 0.9.0",
 "lazy_static",
- "libsecp256k1 0.5.0",
+ "libsecp256k1",
 "log",
 "num-derive 0.3.0",
 "num-traits",
@ -3526,7 +3467,7 @@ dependencies = [
 "serde",
 "serde_bytes",
 "serde_derive",
- "sha2 0.9.2",
+ "sha2",
 "sha3",
 "solana-frozen-abi 1.7.5",
 "solana-frozen-abi-macro 1.7.5",
@ -3654,7 +3595,7 @@ dependencies = [
 "hmac 0.10.1",
 "itertools 0.9.0",
 "lazy_static",
- "libsecp256k1 0.3.5",
+ "libsecp256k1",
 "log",
 "memmap2",
 "num-derive 0.3.0",
@ -3670,7 +3611,7 @@ dependencies = [
 "serde_bytes",
 "serde_derive",
 "serde_json",
- "sha2 0.9.2",
+ "sha2",
 "sha3",
 "solana-crate-features",
 "solana-frozen-abi 1.7.5",
@ -3864,12 +3805,6 @@ version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"

-[[package]]
-name = "subtle"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee"
-
 [[package]]
 name = "subtle"
 version = "2.2.2"
@ -4053,7 +3988,7 @@ dependencies = [
 "pbkdf2 0.4.0",
 "rand 0.7.3",
 "rustc-hash",
- "sha2 0.9.2",
+ "sha2",
 "thiserror",
 "unicode-normalization",
 "zeroize",
--- a/programs/bpf_loader/src/syscalls.rs
+++ b/programs/bpf_loader/src/syscalls.rs
@ -19,9 +19,9 @@ use solana_sdk::{
    entrypoint::{MAX_PERMITTED_DATA_INCREASE, SUCCESS},
    epoch_schedule::EpochSchedule,
    feature_set::{
-        cpi_data_cost, enforce_aligned_host_addrs, keccak256_syscall_enabled, memory_ops_syscalls,
-        secp256k1_recover_syscall_enabled, set_upgrade_authority_via_cpi_enabled,
-        sysvar_via_syscall, update_data_on_realloc,
+        cpi_data_cost, enforce_aligned_host_addrs, keccak256_syscall_enabled,
+        libsecp256k1_0_5_upgrade_enabled, memory_ops_syscalls, secp256k1_recover_syscall_enabled,
+        set_upgrade_authority_via_cpi_enabled, sysvar_via_syscall, update_data_on_realloc,
    },
    hash::{Hasher, HASH_BYTES},
    ic_msg,
@ -332,6 +332,8 @@ pub fn bind_syscall_context_objects<'a>(
            cost: bpf_compute_budget.secp256k1_recover_cost,
            compute_meter: invoke_context.get_compute_meter(),
            loader_id,
+            libsecp256k1_0_5_upgrade_enabled: invoke_context
+                .is_feature_active(&libsecp256k1_0_5_upgrade_enabled::id()),
        }),
    );

@ -1352,6 +1354,7 @@ pub struct SyscallSecp256k1Recover<'a> {
    cost: u64,
    compute_meter: Rc<RefCell<dyn ComputeMeter>>,
    loader_id: &'a Pubkey,
+    libsecp256k1_0_5_upgrade_enabled: bool,
 }

 impl<'a> SyscallObject<BpfError> for SyscallSecp256k1Recover<'a> {
@ -1412,7 +1415,13 @@ impl<'a> SyscallObject<BpfError> for SyscallSecp256k1Recover<'a> {
                return;
            }
        };
-        let signature = match libsecp256k1::Signature::parse_standard_slice(signature) {
+        let sig_parse_result = if self.libsecp256k1_0_5_upgrade_enabled {
+            libsecp256k1::Signature::parse_standard_slice(signature)
+        } else {
+            libsecp256k1::Signature::parse_overflowing_slice(signature)
+        };
+
+        let signature = match sig_parse_result {
            Ok(sig) => sig,
            Err(_) => {
                *result = Ok(Secp256k1RecoverError::InvalidSignature.into());
--- a/programs/secp256k1/Cargo.toml
+++ b/programs/secp256k1/Cargo.toml
@ -14,7 +14,7 @@ solana-sdk = { path = "../../sdk", version = "=1.7.5" }

 [dev-dependencies]
 bincode = "1.3.1"
-libsecp256k1 = "0.3.5"
+libsecp256k1 = "0.5.0"
 rand = "0.7.0"
 solana-logger = { path = "../../logger", version = "=1.7.5" }

--- a/programs/secp256k1/src/lib.rs
+++ b/programs/secp256k1/src/lib.rs
@ -32,7 +32,7 @@ pub mod test {
            SIGNATURE_OFFSETS_SERIALIZED_SIZE
        );

-        let secp_privkey = secp256k1::SecretKey::random(&mut thread_rng());
+        let secp_privkey = libsecp256k1::SecretKey::random(&mut thread_rng());
        let message_arr = b"hello";
        let mut secp_instruction = new_secp256k1_instruction(&secp_privkey, message_arr);
        let mint_keypair = Keypair::new();
@ -44,7 +44,7 @@ pub mod test {
            Hash::default(),
        );

-        assert!(tx.verify_precompiles().is_ok());
+        assert!(tx.verify_precompiles(false).is_ok());

        let index = thread_rng().gen_range(0, secp_instruction.data.len());
        secp_instruction.data[index] = secp_instruction.data[index].wrapping_add(12);
@ -54,6 +54,6 @@ pub mod test {
            &[&mint_keypair],
            Hash::default(),
        );
-        assert!(tx.verify_precompiles().is_err());
+        assert!(tx.verify_precompiles(false).is_err());
    }
 }
--- a/rpc/src/rpc.rs
+++ b/rpc/src/rpc.rs
@ -1891,12 +1891,15 @@ impl JsonRpcRequestProcessor {
    }
 }

-fn verify_transaction(transaction: &Transaction) -> Result<()> {
+fn verify_transaction(
+    transaction: &Transaction,
+    libsecp256k1_0_5_upgrade_enabled: bool,
+) -> Result<()> {
    if transaction.verify().is_err() {
        return Err(RpcCustomError::TransactionSignatureVerificationFailure.into());
    }

-    if let Err(e) = transaction.verify_precompiles() {
+    if let Err(e) = transaction.verify_precompiles(libsecp256k1_0_5_upgrade_enabled) {
        return Err(RpcCustomError::TransactionPrecompileVerificationFailure(e).into());
    }

@ -2992,7 +2995,10 @@ pub mod rpc_full {
            }

            if !config.skip_preflight {
-                if let Err(e) = verify_transaction(&transaction) {
+                if let Err(e) = verify_transaction(
+                    &transaction,
+                    preflight_bank.libsecp256k1_0_5_upgrade_enabled(),
+                ) {
                    return Err(e);
                }

@ -3055,6 +3061,7 @@ pub mod rpc_full {
            let encoding = config.encoding.unwrap_or(UiTransactionEncoding::Base58);
            let (_, mut transaction) = deserialize_transaction(data, encoding)?;

+            let bank = &*meta.bank(config.commitment);
            if config.sig_verify {
                if config.replace_recent_blockhash {
                    return Err(Error::invalid_params(
@ -3062,11 +3069,12 @@ pub mod rpc_full {
                    ));
                }

-                if let Err(e) = verify_transaction(&transaction) {
+                if let Err(e) =
+                    verify_transaction(&transaction, bank.libsecp256k1_0_5_upgrade_enabled())
+                {
                    return Err(e);
                }
            }
-            let bank = &*meta.bank(config.commitment);
            if config.replace_recent_blockhash {
                transaction.message.recent_blockhash = bank.last_blockhash();
            }
--- a/runtime/src/accounts.rs
+++ b/runtime/src/accounts.rs
@ -25,7 +25,7 @@ use solana_sdk::{
    bpf_loader_upgradeable::{self, UpgradeableLoaderState},
    clock::{BankId, Slot, INITIAL_RENT_EPOCH},
    feature_set::{self, FeatureSet},
-    fee_calculator::{FeeCalculator, FeeConfig},
+    fee_calculator::FeeCalculator,
    genesis_config::ClusterType,
    hash::Hash,
    message::{Message, MessageProgramIdsCache},
@ -425,10 +425,6 @@ impl Accounts {
        rent_collector: &RentCollector,
        feature_set: &FeatureSet,
    ) -> Vec<TransactionLoadResult> {
-        let fee_config = FeeConfig {
-            secp256k1_program_enabled: feature_set
-                .is_active(&feature_set::secp256k1_program_enabled::id()),
-        };
        txs.zip(lock_results)
            .map(|etx| match etx {
                (tx, (Ok(()), nonce_rollback)) => {
@ -441,7 +437,7 @@ impl Accounts {
                                .cloned()
                        });
                    let fee = if let Some(fee_calculator) = fee_calculator {
-                        fee_calculator.calculate_fee_with_config(tx.message(), &fee_config)
+                        fee_calculator.calculate_fee(tx.message())
                    } else {
                        return (Err(TransactionError::BlockhashNotFound), None);
                    };
--- a/runtime/src/bank.rs
+++ b/runtime/src/bank.rs
@ -81,7 +81,7 @@ use solana_sdk::{
    epoch_schedule::EpochSchedule,
    feature,
    feature_set::{self, FeatureSet},
-    fee_calculator::{FeeCalculator, FeeConfig, FeeRateGovernor},
+    fee_calculator::{FeeCalculator, FeeRateGovernor},
    genesis_config::{ClusterType, GenesisConfig},
    hard_forks::HardForks,
    hash::{extend_and_hash, hashv, Hash},
@ -3374,10 +3374,6 @@ impl Bank {
        let hash_queue = self.blockhash_queue.read().unwrap();
        let mut fees = 0;

-        let fee_config = FeeConfig {
-            secp256k1_program_enabled: self.secp256k1_program_enabled(),
-        };
-
        let results = txs
            .zip(executed)
            .map(|(tx, (res, nonce_rollback))| {
@ -3395,7 +3391,7 @@ impl Bank {
                    });
                let fee_calculator = fee_calculator.ok_or(TransactionError::BlockhashNotFound)?;

-                let fee = fee_calculator.calculate_fee_with_config(tx.message(), &fee_config);
+                let fee = fee_calculator.calculate_fee(tx.message());

                let message = tx.message();
                match *res {
@ -5095,11 +5091,6 @@ impl Bank {
        self.rc.accounts.accounts_db.shrink_candidate_slots()
    }

-    pub fn secp256k1_program_enabled(&self) -> bool {
-        self.feature_set
-            .is_active(&feature_set::secp256k1_program_enabled::id())
-    }
-
    pub fn no_overflow_rent_distribution_enabled(&self) -> bool {
        self.feature_set
            .is_active(&feature_set::no_overflow_rent_distribution::id())
@ -5120,6 +5111,11 @@ impl Bank {
            .is_active(&feature_set::verify_tx_signatures_len::id())
    }

+    pub fn libsecp256k1_0_5_upgrade_enabled(&self) -> bool {
+        self.feature_set
+            .is_active(&feature_set::libsecp256k1_0_5_upgrade_enabled::id())
+    }
+
    // Check if the wallclock time from bank creation to now has exceeded the allotted
    // time for transaction processing
    pub fn should_bank_still_be_processing_txs(
@ -5722,7 +5718,7 @@ pub(crate) mod tests {
            cluster_type: ClusterType::MainnetBeta,
            ..GenesisConfig::default()
        }));
-        let sysvar_and_native_proram_delta0 = 10;
+        let sysvar_and_native_proram_delta0 = 11;
        assert_eq!(
            bank0.capitalization(),
            42 * 42 + sysvar_and_native_proram_delta0
@ -7424,10 +7420,10 @@ pub(crate) mod tests {
        // not being eagerly-collected for exact rewards calculation
        bank0.restore_old_behavior_for_fragile_tests();

-        let sysvar_and_native_proram_delta0 = 10;
+        let sysvar_and_native_program_delta0 = 11;
        assert_eq!(
            bank0.capitalization(),
-            42 * 1_000_000_000 + sysvar_and_native_proram_delta0
+            42 * 1_000_000_000 + sysvar_and_native_program_delta0
        );
        assert!(bank0.rewards.read().unwrap().is_empty());

@ -7547,7 +7543,7 @@ pub(crate) mod tests {
        // not being eagerly-collected for exact rewards calculation
        bank.restore_old_behavior_for_fragile_tests();

-        let sysvar_and_native_proram_delta = 10;
+        let sysvar_and_native_proram_delta = 11;
        assert_eq!(
            bank.capitalization(),
            42 * 1_000_000_000 + sysvar_and_native_proram_delta
@ -10783,25 +10779,25 @@ pub(crate) mod tests {
            if bank.slot == 0 {
                assert_eq!(
                    bank.hash().to_string(),
-                    "Cn7Wmi7w1n9NbK7RGnTQ4LpbJ2LtoJoc1sufiTwb57Ya"
+                    "BfvaoHkrQwrkQo7T1mW6jmJXveRy11rut8bva2H1Rt5H"
                );
            }
            if bank.slot == 32 {
                assert_eq!(
                    bank.hash().to_string(),
-                    "BXupB8XsZukMTnDbKshJ8qPCydWnc8BKtSj7YTJ6gAH"
+                    "JBGPApnSMPKZaYiR16v46XSSGcKxy8kCbVtN1CG1XDxW"
                );
            }
            if bank.slot == 64 {
                assert_eq!(
                    bank.hash().to_string(),
-                    "EDkKefgSMSV1NhxnGnJP7R5AGZ2JZD6oxnoZtGuEGBCU"
+                    "BDCt9cGPfxpgJXzp8Tq1nX1zSqpbs8xrkAFyRhmXKiuX"
                );
            }
            if bank.slot == 128 {
                assert_eq!(
                    bank.hash().to_string(),
-                    "AtWu4tubU9zGFChfHtQghQx3RVWtMQu6Rj49rQymFc4z"
+                    "4zUpK4VUhKLaPUgeMMSeDR2w827goriRL5NndJxGDVmz"
                );
                break;
            }
@ -10951,7 +10947,7 @@ pub(crate) mod tests {
        // No more slots should be shrunk
        assert_eq!(bank2.shrink_candidate_slots(), 0);
        // alive_counts represents the count of alive accounts in the three slots 0,1,2
-        assert_eq!(alive_counts, vec![9, 1, 7]);
+        assert_eq!(alive_counts, vec![10, 1, 7]);
    }

    #[test]
@ -10999,7 +10995,7 @@ pub(crate) mod tests {
            .map(|_| bank.process_stale_slot_with_budget(0, force_to_return_alive_account))
            .sum();
        // consumed_budgets represents the count of alive accounts in the three slots 0,1,2
-        assert_eq!(consumed_budgets, 10);
+        assert_eq!(consumed_budgets, 11);
    }

    #[test]
--- a/runtime/src/builtins.rs
+++ b/runtime/src/builtins.rs
@ -3,7 +3,6 @@ use crate::{
    system_instruction_processor,
 };
 use solana_sdk::{
-    feature_set,
    instruction::InstructionError,
    process_instruction::{stable_log, InvokeContext, ProcessInstructionWithContext},
    pubkey::Pubkey,
@ -64,6 +63,11 @@ fn genesis_builtins() -> Vec<Builtin> {
            solana_config_program::id(),
            with_program_logging!(solana_config_program::config_processor::process_instruction),
        ),
+        Builtin::new(
+            "secp256k1_program",
+            solana_sdk::secp256k1_program::id(),
+            solana_secp256k1_program::process_instruction,
+        ),
    ]
 }

@ -82,15 +86,7 @@ pub enum ActivationType {
 /// normal child Bank creation.
 /// https://github.com/solana-labs/solana/blob/84b139cc94b5be7c9e0c18c2ad91743231b85a0d/runtime/src/bank.rs#L1723
 fn feature_builtins() -> Vec<(Builtin, Pubkey, ActivationType)> {
-    vec![(
-        Builtin::new(
-            "secp256k1_program",
-            solana_sdk::secp256k1_program::id(),
-            solana_secp256k1_program::process_instruction,
-        ),
-        feature_set::secp256k1_program_enabled::id(),
-        ActivationType::NewProgram,
-    )]
+    vec![]
 }

 pub(crate) fn get() -> Builtins {
--- a/runtime/src/non_circulating_supply.rs
+++ b/runtime/src/non_circulating_supply.rs
@ -254,7 +254,7 @@ mod tests {
            ..GenesisConfig::default()
        };
        let mut bank = Arc::new(Bank::new(&genesis_config));
-        let sysvar_and_native_program_delta = 10;
+        let sysvar_and_native_program_delta = 11;
        assert_eq!(
            bank.capitalization(),
            (num_genesis_accounts + num_non_circulating_accounts + num_stake_accounts) * balance
--- a/sdk/Cargo.toml
+++ b/sdk/Cargo.toml
@ -54,7 +54,7 @@ hex = "0.4.2"
 hmac = "0.10.1"
 itertools =  "0.9.0"
 lazy_static = "1.4.0"
-libsecp256k1 = { version = "0.3.5", optional = true }
+libsecp256k1 = { version = "0.5.0", optional = true }
 log = "0.4.11"
 memmap2 = { version = "0.1.0", optional = true }
 num-derive = "0.3"
--- a/sdk/program/src/fee_calculator.rs
+++ b/sdk/program/src/fee_calculator.rs
@ -20,18 +20,6 @@ impl Default for FeeCalculator {
    }
 }

-pub struct FeeConfig {
-    pub secp256k1_program_enabled: bool,
-}
-
-impl Default for FeeConfig {
-    fn default() -> Self {
-        Self {
-            secp256k1_program_enabled: true,
-        }
-    }
-}
-
 impl FeeCalculator {
    pub fn new(lamports_per_signature: u64) -> Self {
        Self {
@ -40,20 +28,14 @@ impl FeeCalculator {
    }

    pub fn calculate_fee(&self, message: &Message) -> u64 {
-        self.calculate_fee_with_config(message, &FeeConfig::default())
-    }
-
-    pub fn calculate_fee_with_config(&self, message: &Message, fee_config: &FeeConfig) -> u64 {
        let mut num_secp256k1_signatures: u64 = 0;
-        if fee_config.secp256k1_program_enabled {
-            for instruction in &message.instructions {
-                let program_index = instruction.program_id_index as usize;
-                // Transaction may not be sanitized here
-                if program_index < message.account_keys.len() {
-                    let id = message.account_keys[program_index];
-                    if secp256k1_program::check_id(&id) && !instruction.data.is_empty() {
-                        num_secp256k1_signatures += instruction.data[0] as u64;
-                    }
+        for instruction in &message.instructions {
+            let program_index = instruction.program_id_index as usize;
+            // Transaction may not be sanitized here
+            if program_index < message.account_keys.len() {
+                let id = message.account_keys[program_index];
+                if secp256k1_program::check_id(&id) && !instruction.data.is_empty() {
+                    num_secp256k1_signatures += instruction.data[0] as u64;
                }
            }
        }
@ -259,15 +241,6 @@ mod tests {
            Some(&pubkey0),
        );
        assert_eq!(FeeCalculator::new(1).calculate_fee(&message), 2);
-        assert_eq!(
-            FeeCalculator::new(1).calculate_fee_with_config(
-                &message,
-                &FeeConfig {
-                    secp256k1_program_enabled: false
-                }
-            ),
-            1
-        );

        secp_instruction.data = vec![0];
        secp_instruction2.data = vec![10];
--- a/sdk/src/feature_set.rs
+++ b/sdk/src/feature_set.rs
@ -10,10 +10,6 @@ pub mod instructions_sysvar_enabled {
    solana_sdk::declare_id!("EnvhHCLvg55P7PDtbvR1NwuTuAeodqpusV3MR5QEK8gs");
 }

-pub mod secp256k1_program_enabled {
-    solana_sdk::declare_id!("E3PHP7w8kB7np3CTQ1qQ2tW3KCtjRSXBQgW9vM2mWv2Y");
-}
-
 pub mod consistent_recent_blockhashes_sysvar {
    solana_sdk::declare_id!("3h1BQWPDS5veRsq6mDBWruEpgPxRJkfwGexg5iiQ9mYg");
 }
@ -167,11 +163,14 @@ pub mod rent_for_sysvars {
    solana_sdk::declare_id!("BKCPBQQBZqggVnFso5nQ8rQ4RwwogYwjuUt9biBjxwNF");
 }

+pub mod libsecp256k1_0_5_upgrade_enabled {
+    solana_sdk::declare_id!("DhsYfRjxfnh2g7HKJYSzT79r74Afa1wbHkAgHndrA1oy");
+}
+
 lazy_static! {
    /// Map of feature identifiers to user-visible description
    pub static ref FEATURE_NAMES: HashMap<Pubkey, &'static str> = [
        (instructions_sysvar_enabled::id(), "instructions sysvar"),
-        (secp256k1_program_enabled::id(), "secp256k1 program"),
        (consistent_recent_blockhashes_sysvar::id(), "consistent recentblockhashes sysvar"),
        (deprecate_rewards_sysvar::id(), "deprecate unused rewards sysvar"),
        (pico_inflation::id(), "pico inflation"),
@ -208,6 +207,7 @@ lazy_static! {
        (updated_verify_policy::id(), "Update verify policy"),
        (neon_evm_compute_budget::id(), "bump neon_evm's compute budget"),
        (rent_for_sysvars::id(), "collect rent from accounts owned by sysvars"),
+        (libsecp256k1_0_5_upgrade_enabled::id(), "upgrade libsecp256k1 to v0.5.0"),
        /*************** ADD NEW FEATURES HERE ***************/
    ]
    .iter()
--- a/sdk/src/secp256k1_instruction.rs
+++ b/sdk/src/secp256k1_instruction.rs
@ -29,18 +29,18 @@ pub struct SecpSignatureOffsets {
 }

 pub fn new_secp256k1_instruction(
-    priv_key: &secp256k1::SecretKey,
+    priv_key: &libsecp256k1::SecretKey,
    message_arr: &[u8],
 ) -> Instruction {
-    let secp_pubkey = secp256k1::PublicKey::from_secret_key(priv_key);
+    let secp_pubkey = libsecp256k1::PublicKey::from_secret_key(priv_key);
    let eth_pubkey = construct_eth_pubkey(&secp_pubkey);
    let mut hasher = sha3::Keccak256::new();
    hasher.update(&message_arr);
    let message_hash = hasher.finalize();
    let mut message_hash_arr = [0u8; 32];
    message_hash_arr.copy_from_slice(&message_hash.as_slice());
-    let message = secp256k1::Message::parse(&message_hash_arr);
-    let (signature, recovery_id) = secp256k1::sign(&message, priv_key);
+    let message = libsecp256k1::Message::parse(&message_hash_arr);
+    let (signature, recovery_id) = libsecp256k1::sign(&message, priv_key);
    let signature_arr = signature.serialize();
    assert_eq!(signature_arr.len(), SIGNATURE_SERIALIZED_SIZE);

@ -90,7 +90,9 @@ pub fn new_secp256k1_instruction(
    }
 }

-pub fn construct_eth_pubkey(pubkey: &secp256k1::PublicKey) -> [u8; HASHED_PUBKEY_SERIALIZED_SIZE] {
+pub fn construct_eth_pubkey(
+    pubkey: &libsecp256k1::PublicKey,
+) -> [u8; HASHED_PUBKEY_SERIALIZED_SIZE] {
    let mut addr = [0u8; HASHED_PUBKEY_SERIALIZED_SIZE];
    addr.copy_from_slice(&sha3::Keccak256::digest(&pubkey.serialize()[1..])[12..]);
    assert_eq!(addr.len(), HASHED_PUBKEY_SERIALIZED_SIZE);
@ -100,6 +102,7 @@ pub fn construct_eth_pubkey(pubkey: &secp256k1::PublicKey) -> [u8; HASHED_PUBKEY
 pub fn verify_eth_addresses(
    data: &[u8],
    instruction_datas: &[&[u8]],
+    libsecp256k1_0_5_upgrade_enabled: bool,
 ) -> Result<(), Secp256k1Error> {
    if data.is_empty() {
        return Err(Secp256k1Error::InvalidInstructionDataSize);
@ -131,11 +134,20 @@ pub fn verify_eth_addresses(
        if sig_end >= signature_instruction.len() {
            return Err(Secp256k1Error::InvalidSignature);
        }
-        let signature =
-            secp256k1::Signature::parse_slice(&signature_instruction[sig_start..sig_end])
-                .map_err(|_| Secp256k1Error::InvalidSignature)?;

-        let recovery_id = secp256k1::RecoveryId::parse(signature_instruction[sig_end])
+        let sig_parse_result = if libsecp256k1_0_5_upgrade_enabled {
+            libsecp256k1::Signature::parse_standard_slice(
+                &signature_instruction[sig_start..sig_end],
+            )
+        } else {
+            libsecp256k1::Signature::parse_overflowing_slice(
+                &signature_instruction[sig_start..sig_end],
+            )
+        };
+
+        let signature = sig_parse_result.map_err(|_| Secp256k1Error::InvalidSignature)?;
+
+        let recovery_id = libsecp256k1::RecoveryId::parse(signature_instruction[sig_end])
            .map_err(|_| Secp256k1Error::InvalidRecoveryId)?;

        // Parse out pubkey
@ -158,8 +170,8 @@ pub fn verify_eth_addresses(
        hasher.update(message_slice);
        let message_hash = hasher.finalize();

-        let pubkey = secp256k1::recover(
-            &secp256k1::Message::parse_slice(&message_hash).unwrap(),
+        let pubkey = libsecp256k1::recover(
+            &libsecp256k1::Message::parse_slice(&message_hash).unwrap(),
            &signature,
            &recovery_id,
        )
@ -203,7 +215,7 @@ pub mod test {
        let writer = std::io::Cursor::new(&mut instruction_data[1..]);
        bincode::serialize_into(writer, &offsets).unwrap();

-        verify_eth_addresses(&instruction_data, &[&[0u8; 100]])
+        verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false)
    }

    #[test]
@ -218,7 +230,7 @@ pub mod test {
        instruction_data.truncate(instruction_data.len() - 1);

        assert_eq!(
-            verify_eth_addresses(&instruction_data, &[&[0u8; 100]]),
+            verify_eth_addresses(&instruction_data, &[&[0u8; 100]], false),
            Err(Secp256k1Error::InvalidInstructionDataSize)
        );

--- a/sdk/src/transaction.rs
+++ b/sdk/src/transaction.rs
@ -392,7 +392,7 @@ impl Transaction {
            .collect()
    }

-    pub fn verify_precompiles(&self) -> Result<()> {
+    pub fn verify_precompiles(&self, libsecp256k1_0_5_upgrade_enabled: bool) -> Result<()> {
        for instruction in &self.message().instructions {
            // The Transaction may not be sanitized at this point
            if instruction.program_id_index as usize >= self.message().account_keys.len() {
@ -407,7 +407,11 @@ impl Transaction {
                    .map(|instruction| instruction.data.as_ref())
                    .collect();
                let data = &instruction.data;
-                let e = verify_eth_addresses(data, &instruction_datas);
+                let e = verify_eth_addresses(
+                    data,
+                    &instruction_datas,
+                    libsecp256k1_0_5_upgrade_enabled,
+                );
                e.map_err(|_| TransactionError::InvalidAccountIndex)?;
            }
        }