From b1c8396bd7381d6f1e140d5f4c29911156e56c7d Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 08:15:43 -0400 Subject: [PATCH 01/15] random: stop feeding RNG output back into OpenSSL On the ::SLOW or ::SLEEP paths, we would feed our RNG output back into OpenSSL using RAND_add. This commit removes that functionality. RAND_add(): https://www.openssl.org/docs/manmaster/man3/RAND_add.html RAND_add() mixes the num bytes at buf into the internal state of the random generator. This function will not normally be needed, as mentioned above. The randomness argument is an estimate of how much randomness is contained in buf, in bytes, and should be a number between zero and num. --- src/random.cpp | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/random.cpp b/src/random.cpp index c033403df272..05cc0f8e7321 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -615,14 +615,6 @@ static void ProcRand(unsigned char* out, int num, RNGLevel level) noexcept SeedStartup(startup_hasher, rng); rng.MixExtract(out, num, std::move(startup_hasher), true); } - - // For anything but the 'fast' level, feed the resulting RNG output (after an additional hashing step) back into OpenSSL. - if (level != RNGLevel::FAST) { - unsigned char buf[64]; - CSHA512().Write(out, num).Finalize(buf); - RAND_add(buf, sizeof(buf), num); - memory_cleanse(buf, 64); - } } void GetRandBytes(unsigned char* buf, int num) noexcept { ProcRand(buf, num, RNGLevel::FAST); } From 602c0b26da940f5a77ca0cbc400f25d9aabf1671 Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 05:22:11 -0700 Subject: [PATCH 02/15] random: stop retrieving random bytes from OpenSSL On the ::SLOW path we would use OpenSSL as an additional source of random bytes. This commit removes that functionality. Note that this was always only an additional source, and that we never checked the return value RAND_bytes(): https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf. --- src/random.cpp | 4 ---- src/random.h | 1 - src/randomenv.cpp | 1 - 3 files changed, 6 deletions(-) diff --git a/src/random.cpp b/src/random.cpp index 05cc0f8e7321..57177279c041 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -522,10 +522,6 @@ static void SeedSlow(CSHA512& hasher, RNGState& rng) noexcept GetOSRand(buffer); hasher.Write(buffer, sizeof(buffer)); - // OpenSSL RNG (for now) - RAND_bytes(buffer, sizeof(buffer)); - hasher.Write(buffer, sizeof(buffer)); - // Add the events hasher into the mix rng.SeedEvents(hasher); diff --git a/src/random.h b/src/random.h index 632221bdae68..a594e98ed40c 100644 --- a/src/random.h +++ b/src/random.h @@ -35,7 +35,6 @@ * that fast seeding includes, but additionally: * - OS entropy (/dev/urandom, getrandom(), ...). The application will terminate if * this entropy source fails. - * - Bytes from OpenSSL's RNG (which itself may be seeded from various sources) * - Another high-precision timestamp (indirectly committing to a benchmark of all the * previous sources). * These entropy sources are slower, but designed to make sure the RNG state contains diff --git a/src/randomenv.cpp b/src/randomenv.cpp index 3a204f119179..f1c4dcd91687 100644 --- a/src/randomenv.cpp +++ b/src/randomenv.cpp @@ -70,7 +70,6 @@ namespace { void RandAddSeedPerfmon(CSHA512& hasher) { #ifdef WIN32 - // Don't need this on Linux, OpenSSL automatically uses /dev/urandom // Seed with the entire set of perfmon data // This can take up to 2 seconds, so only do it every 10 minutes From 690c938d4c0a585a844d8765f1a7f649071466bd Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 05:41:58 -0700 Subject: [PATCH 03/15] random: Remove remaining OpenSSL calls and locking infrastructure --- src/random.cpp | 37 ------------------------------------- 1 file changed, 37 deletions(-) diff --git a/src/random.cpp b/src/random.cpp index 57177279c041..fbabb90f250c 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -46,12 +46,6 @@ #include #endif -#include - -#include -#include -#include - [[noreturn]] static void RandFailure() { LogPrintf("Failed to read randomness, aborting\n"); @@ -352,8 +346,6 @@ void GetOSRand(unsigned char *ent32) #endif } -void LockingCallbackOpenSSL(int mode, int i, const char* file, int line); - namespace { class RNGState { @@ -369,7 +361,6 @@ class RNGState { unsigned char m_state[32] GUARDED_BY(m_mutex) = {0}; uint64_t m_counter GUARDED_BY(m_mutex) = 0; bool m_strongly_seeded GUARDED_BY(m_mutex) = false; - std::unique_ptr m_mutex_openssl; Mutex m_events_mutex; CSHA256 m_events_hasher GUARDED_BY(m_events_mutex); @@ -378,25 +369,10 @@ class RNGState { RNGState() noexcept { InitHardwareRand(); - - // Init OpenSSL library multithreading support - m_mutex_openssl.reset(new Mutex[CRYPTO_num_locks()]); - CRYPTO_set_locking_callback(LockingCallbackOpenSSL); - - // OpenSSL can optionally load a config file which lists optional loadable modules and engines. - // We don't use them so we don't require the config. However some of our libs may call functions - // which attempt to load the config file, possibly resulting in an exit() or crash if it is missing - // or corrupt. Explicitly tell OpenSSL not to try to load the file. The result for our libs will be - // that the config appears to have been loaded and there are no modules/engines available. - OPENSSL_no_config(); } ~RNGState() { - // Securely erase the memory used by the OpenSSL PRNG - RAND_cleanup(); - // Shutdown OpenSSL library multithreading support - CRYPTO_set_locking_callback(nullptr); } void AddEvent(uint32_t event_info) noexcept @@ -461,8 +437,6 @@ class RNGState { memory_cleanse(buf, 64); return ret; } - - Mutex& GetOpenSSLMutex(int i) { return m_mutex_openssl[i]; } }; RNGState& GetRNGState() noexcept @@ -474,17 +448,6 @@ RNGState& GetRNGState() noexcept } } -void LockingCallbackOpenSSL(int mode, int i, const char* file, int line) NO_THREAD_SAFETY_ANALYSIS -{ - RNGState& rng = GetRNGState(); - - if (mode & CRYPTO_LOCK) { - rng.GetOpenSSLMutex(i).lock(); - } else { - rng.GetOpenSSLMutex(i).unlock(); - } -} - /* A note on the use of noexcept in the seeding functions below: * * None of the RNG code should ever throw any exception. From ab830e5d0124d97942bda88c0a050699f0bfe0e8 Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 19:54:56 -0700 Subject: [PATCH 04/15] remove unused EncodeBase64Secure Also the hanging declaration of DecodeBase64Secure --- src/utilstrencodings.cpp | 27 --------------------------- src/utilstrencodings.h | 2 -- 2 files changed, 29 deletions(-) diff --git a/src/utilstrencodings.cpp b/src/utilstrencodings.cpp index 4a8f6adb5d4b..755faad48574 100644 --- a/src/utilstrencodings.cpp +++ b/src/utilstrencodings.cpp @@ -193,33 +193,6 @@ std::string DecodeBase64(const std::string& str) return (vchRet.size() == 0) ? std::string() : std::string((const char*)&vchRet[0], vchRet.size()); } -// Base64 encoding with secure memory allocation -SecureString EncodeBase64Secure(const SecureString& input) -{ - // Init openssl BIO with base64 filter and memory output - BIO *b64, *mem; - b64 = BIO_new(BIO_f_base64()); - BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); // No newlines in output - mem = BIO_new(BIO_s_mem()); - BIO_push(b64, mem); - - // Decode the string - BIO_write(b64, &input[0], input.size()); - (void)BIO_flush(b64); - - // Create output variable from buffer mem ptr - BUF_MEM* bptr; - BIO_get_mem_ptr(b64, &bptr); - SecureString output(bptr->data, bptr->length); - - // Cleanse secure data buffer from memory - memory_cleanse((void*)bptr->data, bptr->length); - - // Free memory - BIO_free_all(b64); - return output; -} - std::string EncodeBase32(const unsigned char* pch, size_t len) { static const char *pbase32 = "abcdefghijklmnopqrstuvwxyz234567"; diff --git a/src/utilstrencodings.h b/src/utilstrencodings.h index dc4fca797af9..3a84b68f36e6 100644 --- a/src/utilstrencodings.h +++ b/src/utilstrencodings.h @@ -56,8 +56,6 @@ std::vector DecodeBase64(const char* p, bool* pfInvalid = NULL); std::string DecodeBase64(const std::string& str); std::string EncodeBase64(const unsigned char* pch, size_t len); std::string EncodeBase64(const std::string& str); -SecureString DecodeBase64Secure(const SecureString& input); -SecureString EncodeBase64Secure(const SecureString& input); std::vector DecodeBase32(const char* p, bool* pfInvalid = NULL); std::string DecodeBase32(const std::string& str); std::string EncodeBase32(const unsigned char* pch, size_t len); From 86c978a99d140e8bbb1eed85f7c89ab88f21d964 Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 19:55:36 -0700 Subject: [PATCH 05/15] Remove unused openssl includes --- src/qt/pivx/settings/settingsconsolewidget.cpp | 2 -- src/sapling/crypter_sapling.cpp | 2 -- src/utilstrencodings.cpp | 4 +--- 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/src/qt/pivx/settings/settingsconsolewidget.cpp b/src/qt/pivx/settings/settingsconsolewidget.cpp index 0999724ad245..7eb08cb4c7bb 100644 --- a/src/qt/pivx/settings/settingsconsolewidget.cpp +++ b/src/qt/pivx/settings/settingsconsolewidget.cpp @@ -20,8 +20,6 @@ #include "wallet/wallet.h" #endif // ENABLE_WALLET -#include - #include #ifdef ENABLE_WALLET diff --git a/src/sapling/crypter_sapling.cpp b/src/sapling/crypter_sapling.cpp index b2adb669adfe..2921ca1d99c7 100644 --- a/src/sapling/crypter_sapling.cpp +++ b/src/sapling/crypter_sapling.cpp @@ -10,8 +10,6 @@ #include "util.h" #include "uint256.h" -#include -#include #include "wallet/wallet.h" bool CCryptoKeyStore::AddCryptedSaplingSpendingKey( diff --git a/src/utilstrencodings.cpp b/src/utilstrencodings.cpp index 755faad48574..ae0f5c5d5606 100644 --- a/src/utilstrencodings.cpp +++ b/src/utilstrencodings.cpp @@ -14,9 +14,7 @@ #include #include -#include -#include -#include + static const std::string CHARS_ALPHA_NUM = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; From b687f8e9e8729394a0599a266b272fa57d6048b0 Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 20:00:14 -0700 Subject: [PATCH 06/15] Use ctaes instead of OpenSSL's AES in bip38 code --- src/bip38.cpp | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/bip38.cpp b/src/bip38.cpp index 6a14e235e7d8..70388c855627 100644 --- a/src/bip38.cpp +++ b/src/bip38.cpp @@ -3,14 +3,15 @@ // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include "bip38.h" + #include "base58.h" +#include "crypto/aes.h" #include "hash.h" #include "pubkey.h" #include "util.h" #include "utilstrencodings.h" #include "random.h" -#include #include #include @@ -26,9 +27,7 @@ void DecryptAES(uint256 encryptedIn, uint256 decryptionKey, uint256& output) { - AES_KEY key; - AES_set_decrypt_key(decryptionKey.begin(), 256, &key); - AES_decrypt(encryptedIn.begin(), output.begin(), &key); + AES256Decrypt(decryptionKey.begin()).Decrypt(output.begin(), encryptedIn.begin()); } void ComputePreFactor(std::string strPassphrase, std::string strSalt, uint256& prefactor) @@ -118,9 +117,8 @@ std::string BIP38_Encrypt(std::string strAddress, std::string strPassphrase, uin //encrypt part 1 arith_uint512 encrypted1; - AES_KEY key; - AES_set_encrypt_key(derivedHalf2.begin(), 256, &key); - AES_encrypt(block1.begin(), encrypted1.begin(), &key); + AES256Encrypt enc(derivedHalf2.begin()); + enc.Encrypt(encrypted1.begin(), block1.begin()); //block2 = (pointb[17...32] xor derivedhalf1[16...31] arith_uint256 p2 = UintToArith256(privKey) >> 128; @@ -129,7 +127,7 @@ std::string BIP38_Encrypt(std::string strAddress, std::string strPassphrase, uin //encrypt part 2 arith_uint512 encrypted2; - AES_encrypt(block2.begin(), encrypted2.begin(), &key); + enc.Encrypt(encrypted2.begin(), block2.begin()); std::string strPrefix = "0142"; strPrefix += (fCompressed ? "E0" : "C0"); From d531bf2d94d32af7276138bdf318f49079e3b0fd Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 20:01:37 -0700 Subject: [PATCH 07/15] Use our own hmac_sha256 instead of OpenSSL's in scrypt.cpp --- src/crypto/scrypt.cpp | 86 ++++--------------------------------------- 1 file changed, 7 insertions(+), 79 deletions(-) diff --git a/src/crypto/scrypt.cpp b/src/crypto/scrypt.cpp index 42be66bb5b42..8e91927b990a 100644 --- a/src/crypto/scrypt.cpp +++ b/src/crypto/scrypt.cpp @@ -28,9 +28,12 @@ */ #include "crypto/scrypt.h" + +#include "crypto/hmac_sha256.h" +#include "crypto/sha256.h" #include "uint256.h" #include "utilstrencodings.h" -#include + #include #include @@ -47,73 +50,6 @@ static inline void be32enc(void *pp, uint32_t x) } #endif -typedef struct HMAC_SHA256Context { - SHA256_CTX ictx; - SHA256_CTX octx; -} HMAC_SHA256_CTX; - -/* Initialize an HMAC-SHA256 operation with the given key. */ -static void -HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, const void *_K, size_t Klen) -{ - unsigned char pad[64]; - unsigned char khash[32]; - const unsigned char *K = (const unsigned char *)_K; - size_t i; - - /* If Klen > 64, the key is really SHA256(K). */ - if (Klen > 64) { - SHA256_Init(&ctx->ictx); - SHA256_Update(&ctx->ictx, K, Klen); - SHA256_Final(khash, &ctx->ictx); - K = khash; - Klen = 32; - } - - /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */ - SHA256_Init(&ctx->ictx); - memset(pad, 0x36, 64); - for (i = 0; i < Klen; i++) - pad[i] ^= K[i]; - SHA256_Update(&ctx->ictx, pad, 64); - - /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */ - SHA256_Init(&ctx->octx); - memset(pad, 0x5c, 64); - for (i = 0; i < Klen; i++) - pad[i] ^= K[i]; - SHA256_Update(&ctx->octx, pad, 64); - - /* Clean the stack. */ - memset(khash, 0, 32); -} - -/* Add bytes to the HMAC-SHA256 operation. */ -static void -HMAC_SHA256_Update(HMAC_SHA256_CTX *ctx, const void *in, size_t len) -{ - /* Feed data to the inner SHA256 operation. */ - SHA256_Update(&ctx->ictx, in, len); -} - -/* Finish an HMAC-SHA256 operation. */ -static void -HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX *ctx) -{ - unsigned char ihash[32]; - - /* Finish the inner SHA256 operation. */ - SHA256_Final(ihash, &ctx->ictx); - - /* Feed the inner hash to the outer SHA256 operation. */ - SHA256_Update(&ctx->octx, ihash, 32); - - /* Finish the outer SHA256 operation. */ - SHA256_Final(digest, &ctx->octx); - - /* Clean the stack. */ - memset(ihash, 0, 32); -} /** * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): @@ -124,7 +60,6 @@ void PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt, size_t saltlen, uint64_t c, uint8_t *buf, size_t dkLen) { - HMAC_SHA256_CTX PShctx, hctx; size_t i; uint8_t ivec[4]; uint8_t U[32]; @@ -134,8 +69,7 @@ PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt, size_t clen; /* Compute HMAC state after processing P and S. */ - HMAC_SHA256_Init(&PShctx, passwd, passwdlen); - HMAC_SHA256_Update(&PShctx, salt, saltlen); + CHMAC_SHA256 PShctx = CHMAC_SHA256(passwd, passwdlen).Write(salt, saltlen); /* Iterate through the blocks. */ for (i = 0; i * 32 < dkLen; i++) { @@ -143,18 +77,14 @@ PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt, be32enc(ivec, (uint32_t)(i + 1)); /* Compute U_1 = PRF(P, S || INT(i)). */ - memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX)); - HMAC_SHA256_Update(&hctx, ivec, 4); - HMAC_SHA256_Final(U, &hctx); + CHMAC_SHA256(PShctx).Write(ivec, 4).Finalize(U); /* T_i = U_1 ... */ memcpy(T, U, 32); for (j = 2; j <= c; j++) { /* Compute U_j. */ - HMAC_SHA256_Init(&hctx, passwd, passwdlen); - HMAC_SHA256_Update(&hctx, U, 32); - HMAC_SHA256_Final(U, &hctx); + CHMAC_SHA256(passwd, passwdlen).Write(U, 32).Finalize(U); /* ... xor U_j ... */ for (k = 0; k < 32; k++) @@ -168,8 +98,6 @@ PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt, memcpy(&buf[i * 32], T, clen); } - /* Clean PShctx, since we never called _Final on it. */ - memset(&PShctx, 0, sizeof(HMAC_SHA256_CTX)); } static inline uint32_t From 5f30c2bb6efa7688664843f11fdf38327b78303e Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 20:02:07 -0700 Subject: [PATCH 08/15] Stop using OpenSSL's sha hashing in bip38 code --- src/bip38.cpp | 12 ++++-------- src/bip38.h | 2 +- src/hash.h | 25 ------------------------- test/functional/rpc_bip38.py | 1 + 4 files changed, 6 insertions(+), 34 deletions(-) diff --git a/src/bip38.cpp b/src/bip38.cpp index 70388c855627..fa4516cf98c9 100644 --- a/src/bip38.cpp +++ b/src/bip38.cpp @@ -41,8 +41,7 @@ void ComputePassfactor(std::string ownersalt, uint256 prefactor, uint256& passfa { //concat prefactor and ownersalt uint512 temp = uint512S(ReverseEndianString(HexStr(prefactor) + ownersalt)); - Hash(temp.begin(), 40, passfactor.begin()); //40 bytes is the length of prefactor + salt - Hash(passfactor.begin(), 32, passfactor.begin()); + Hash(temp.begin(), temp.end(), passfactor.begin(), passfactor.end()); } bool ComputePasspoint(uint256 passfactor, CPubKey& passpoint) @@ -88,15 +87,12 @@ void ComputeSeedBPass(CPubKey passpoint, std::string strAddressHash, std::string void ComputeFactorB(uint256 seedB, uint256& factorB) { //factorB - a double sha256 hash of seedb - Hash(seedB.begin(), 24, factorB.begin()); //seedB is only 24 bytes - Hash(factorB.begin(), 32, factorB.begin()); + Hash(seedB.begin(), seedB.end(), factorB.begin(), factorB.end()); } -std::string AddressToBip38Hash(std::string address) +std::string AddressToBip38Hash(const std::string& address) { - uint256 addrCheck; - Hash((void*)address.c_str(), address.size(), addrCheck.begin()); - Hash(addrCheck.begin(), 32, addrCheck.begin()); + uint256 addrCheck = Hash(address.begin(), address.end()); return HexStr(addrCheck).substr(0, 8); } diff --git a/src/bip38.h b/src/bip38.h index c1ffd48afeec..89d3c35ce968 100644 --- a/src/bip38.h +++ b/src/bip38.h @@ -35,6 +35,6 @@ void ComputeFactorB(uint256 seedB, uint256& factorB); std::string BIP38_Encrypt(std::string strAddress, std::string strPassphrase, uint256 privKey, bool fCompressed); bool BIP38_Decrypt(std::string strPassphrase, std::string strEncryptedKey, uint256& privKey, bool& fCompressed); -std::string AddressToBip38Hash(std::string address); +std::string AddressToBip38Hash(const std::string& address); #endif // BIP38_H diff --git a/src/hash.h b/src/hash.h index d8a375b9a5fd..172f019470ee 100644 --- a/src/hash.h +++ b/src/hash.h @@ -25,7 +25,6 @@ #include "crypto/sha512.h" #include -#include #include #include @@ -151,30 +150,6 @@ class CHash160 } }; -/** Compute the 256-bit hash of a std::string */ -inline std::string Hash(std::string input) -{ - unsigned char hash[SHA256_DIGEST_LENGTH]; - SHA256_CTX sha256; - SHA256_Init(&sha256); - SHA256_Update(&sha256, input.c_str(), input.size()); - SHA256_Final(hash, &sha256); - std::stringstream ss; - for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) { - ss << std::hex << std::setw(2) << std::setfill('0') << (int)hash[i]; - } - return ss.str(); -} - -/** Compute the 256-bit hash of a void pointer */ -inline void Hash(void* in, unsigned int len, unsigned char* out) -{ - SHA256_CTX sha256; - SHA256_Init(&sha256); - SHA256_Update(&sha256, in, len); - SHA256_Final(out, &sha256); -} - /** Compute the 512-bit hash of an object. */ template inline uint512 Hash512(const T1 pbegin, const T1 pend) diff --git a/test/functional/rpc_bip38.py b/test/functional/rpc_bip38.py index ef47b2c590e9..19c8f6ba491d 100755 --- a/test/functional/rpc_bip38.py +++ b/test/functional/rpc_bip38.py @@ -22,6 +22,7 @@ def run_test(self): self.log.info('decrypt bip38 key %s' % (bip38key)) assert_equal(self.nodes[1].bip38decrypt(bip38key, password)['Address'], address) + assert_equal(self.nodes[1].dumpprivkey(address), privkey) if __name__ == '__main__': Bip38Test().main() From 53576bc740c2761ba8af7d7a80934b48232d2420 Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 06:09:25 -0700 Subject: [PATCH 09/15] build: remove OpenSSL detection and libs --- configure.ac | 9 --------- src/Makefile.am | 8 ++++---- src/Makefile.bench.include | 2 +- src/Makefile.qt.include | 2 +- src/Makefile.qttest.include | 2 +- src/Makefile.test.include | 2 +- 6 files changed, 8 insertions(+), 17 deletions(-) diff --git a/configure.ac b/configure.ac index fb799895982d..6bba0543d3ce 100644 --- a/configure.ac +++ b/configure.ac @@ -558,13 +558,8 @@ case $host in dnl It's safe to add these paths even if the functionality is disabled by dnl the user (--without-wallet or --without-gui for example). - openssl_prefix=`$BREW --prefix openssl 2>/dev/null` bdb_prefix=`$BREW --prefix berkeley-db4 2>/dev/null` qt5_prefix=`$BREW --prefix qt5 2>/dev/null` - if test x$openssl_prefix != x; then - PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH" - export PKG_CONFIG_PATH - fi if test x$bdb_prefix != x; then CPPFLAGS="$CPPFLAGS -I$bdb_prefix/include" LIBS="$LIBS -L$bdb_prefix/lib" @@ -1118,7 +1113,6 @@ if test x$use_pkgconfig = xyes; then m4_ifdef( [PKG_CHECK_MODULES], [ - PKG_CHECK_MODULES([CRYPTO], [libcrypto],,[AC_MSG_ERROR(libcrypto not found.)]) BITCOIN_QT_CHECK([PKG_CHECK_MODULES([QR], [libqrencode],,[BITCOIN_QT_FAIL(libqrencode not found)])]) if test x$use_qtcharts != xno; then BITCOIN_QT_CHECK([PKG_CHECK_MODULES([CHARTS], [Qt5Charts],[have_qtcharts=yes], [have_qtcharts=no])]) @@ -1144,8 +1138,6 @@ if test x$use_pkgconfig = xyes; then ] ) else - AC_CHECK_HEADER([openssl/crypto.h],,AC_MSG_ERROR(libcrypto headers missing)) - AC_CHECK_LIB([crypto], [main],CRYPTO_LIBS=-lcrypto, AC_MSG_ERROR(libcrypto missing)) if test x$build_bitcoin_utils$build_bitcoind$bitcoin_enable_qt$use_tests != xnononono; then AC_CHECK_HEADER([event2/event.h],, AC_MSG_ERROR(libevent headers missing),) @@ -1481,7 +1473,6 @@ AC_SUBST(BOOST_LIBS) AC_SUBST(TESTDEFS) AC_SUBST(MINIUPNPC_CPPFLAGS) AC_SUBST(MINIUPNPC_LIBS) -AC_SUBST(CRYPTO_LIBS) AC_SUBST(EVENT_LIBS) AC_SUBST(EVENT_PTHREADS_LIBS) AC_SUBST(SODIUM_LIBS) diff --git a/src/Makefile.am b/src/Makefile.am index 28a316231f64..75a59b125d0d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -20,7 +20,7 @@ LIBUNIVALUE = $(UNIVALUE_LIBS) endif BITCOIN_CONFIG_INCLUDES=-I$(builddir)/config -BITCOIN_INCLUDES=-I$(builddir) -I$(builddir)/obj $(BDB_CPPFLAGS) $(BOOST_CPPFLAGS) $(LEVELDB_CPPFLAGS) $(CRYPTO_CFLAGS) +BITCOIN_INCLUDES=-I$(builddir) -I$(builddir)/obj $(BDB_CPPFLAGS) $(BOOST_CPPFLAGS) $(LEVELDB_CPPFLAGS) BITCOIN_INCLUDES += -I$(srcdir)/rust/include BITCOIN_INCLUDES += -I$(srcdir)/secp256k1/include @@ -621,7 +621,7 @@ pivxd_LDADD = \ $(LIBRUSTZCASH) \ $(LIBZCASH_LIBS) -pivxd_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(ZMQ_LIBS) +pivxd_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(ZMQ_LIBS) # pivx-cli binary # pivx_cli_SOURCES = pivx-cli.cpp @@ -642,7 +642,7 @@ pivx_cli_LDADD = \ $(LIBRUSTZCASH) \ $(LIBZCASH_LIBS) -pivx_cli_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS) $(EVENT_LIBS) +pivx_cli_LDADD += $(BOOST_LIBS) $(EVENT_LIBS) # # pivx-tx binary # @@ -666,7 +666,7 @@ pivx_tx_LDADD = \ $(LIBRUSTZCASH) \ $(LIBZCASH_LIBS) -pivx_tx_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS) +pivx_tx_LDADD += $(BOOST_LIBS) # # bitcoinconsensus library # diff --git a/src/Makefile.bench.include b/src/Makefile.bench.include index 05385d36742f..80c81c30276b 100644 --- a/src/Makefile.bench.include +++ b/src/Makefile.bench.include @@ -47,7 +47,7 @@ if ENABLE_ZMQ bench_bench_pivx_LDADD += $(LIBBITCOIN_ZMQ) $(ZMQ_LIBS) endif -bench_bench_pivx_LDADD += $(LIBBITCOIN_CONSENSUS) $(BOOST_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) +bench_bench_pivx_LDADD += $(LIBBITCOIN_CONSENSUS) $(BOOST_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) bench_bench_pivx_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) # !TODO: .raw.h generated test files are not removed with make clean diff --git a/src/Makefile.qt.include b/src/Makefile.qt.include index 0496d05993cd..0c0e91983ae3 100644 --- a/src/Makefile.qt.include +++ b/src/Makefile.qt.include @@ -646,7 +646,7 @@ if ENABLE_ZMQ qt_pivx_qt_LDADD += $(LIBBITCOIN_ZMQ) $(ZMQ_LIBS) endif qt_pivx_qt_LDADD += $(LIBBITCOIN_CLI) $(LIBBITCOIN_COMMON) $(LIBBITCOIN_UTIL) $(LIBBITCOIN_CRYPTO) $(LIBUNIVALUE) $(LIBBITCOIN_ZEROCOIN) $(LIBSAPLING) $(LIBRUSTZCASH) $(LIBZCASH_LIBS) $(LIBLEVELDB) $(LIBLEVELDB_SSE42) $(LIBMEMENV) \ - $(BOOST_LIBS) $(QT_LIBS) $(QT_DBUS_LIBS) $(QR_LIBS) $(SVG_LIBS) $(CHARTS_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \ + $(BOOST_LIBS) $(QT_LIBS) $(QT_DBUS_LIBS) $(QR_LIBS) $(SVG_LIBS) $(CHARTS_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \ $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) qt_pivx_qt_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(QT_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) qt_pivx_qt_LIBTOOLFLAGS = $(AM_LIBTOOLFLAGS) --tag CXX diff --git a/src/Makefile.qttest.include b/src/Makefile.qttest.include index ac5b0345418c..b80ec1fa5e6a 100644 --- a/src/Makefile.qttest.include +++ b/src/Makefile.qttest.include @@ -28,7 +28,7 @@ qt_test_test_pivx_qt_LDADD += $(LIBBITCOIN_ZMQ) $(ZMQ_LIBS) endif qt_test_test_pivx_qt_LDADD += $(LIBBITCOIN_CLI) $(LIBBITCOIN_COMMON) $(LIBBITCOIN_UTIL) $(LIBBITCOIN_CRYPTO) $(LIBUNIVALUE) $(LIBBITCOIN_ZEROCOIN) $(LIBLEVELDB) $(LIBSAPLING) $(LIBRUSTZCASH) $(LIBZCASH_LIBS) \ $(LIBLEVELDB_SSE42) $(LIBMEMENV) $(BOOST_LIBS) $(QT_DBUS_LIBS) $(QT_TEST_LIBS) $(QT_LIBS) \ - $(QR_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \ + $(QR_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \ $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) qt_test_test_pivx_qt_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(QT_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) qt_test_test_pivx_qt_CXXFLAGS = $(AM_CXXFLAGS) $(QT_PIE_FLAGS) diff --git a/src/Makefile.test.include b/src/Makefile.test.include index bb3222c55298..9c47b8287945 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -143,7 +143,7 @@ endif test_test_pivx_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) -test_test_pivx_LDADD += $(LIBRUSTZCASH) $(LIBBITCOIN_CONSENSUS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(LIBZCASH_LIBS) +test_test_pivx_LDADD += $(LIBRUSTZCASH) $(LIBBITCOIN_CONSENSUS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(LIBZCASH_LIBS) test_test_pivx_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) -static if ENABLE_ZMQ From 9a81d8e7791afbe133d42e705e6eb29296af09a3 Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 20:34:21 -0700 Subject: [PATCH 10/15] CMake: remove OpenSSL detection and libs --- CMakeLists.txt | 32 ++++++++------------------------ src/qt/CMakeLists.txt | 3 +-- src/test/CMakeLists.txt | 2 +- 3 files changed, 10 insertions(+), 27 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 36f60e8c577e..eaaa854c4f7e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -38,7 +38,6 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") set(ENV{target} "Mac") add_definitions("-DMAC_OSX") list(APPEND CMAKE_PREFIX_PATH /usr/local/opt/qt5) - list(APPEND CMAKE_PREFIX_PATH /usr/local/opt/openssl@1.1) list(APPEND CMAKE_PREFIX_PATH /usr/local/Cellar/berkeley-db@4) set(BerkeleyDB_ROOT_DIR "/usr/local/Cellar/berkeley-db@4/${BDB_VER}/") set(Boost_USE_MULTITHREADED ON) @@ -74,15 +73,6 @@ if(BerkeleyDB_FOUND) endif() endif() -find_package(OpenSSL COMPONENTS Crypto REQUIRED) -if(OPENSSL_FOUND) - message(STATUS "Found OpenSSL (${OPENSSL_VERSION}): ${OPENSSL_LIBRARIES}") - if(OPENSSL_VERSION VERSION_GREATER_EQUAL 1.1) - message(STATUS "Found unsupported OpenSSL version!") - set(SSL_CONFIGURE_FLAGS "--with-unsupported-ssl") - endif() -endif() - find_package(LibEvent REQUIRED) find_package(GMP REQUIRED) @@ -105,7 +95,7 @@ endif() if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/src/config/pivx-config.h") else() execute_process( - COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/configure ${CONFIGSITE} ${BDB_CONFIGURE_FLAGS} ${BIGNUM_CONFIGURE_FLAGS} ${SSL_CONFIGURE_FLAGS} + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/configure ${CONFIGSITE} ${BDB_CONFIGURE_FLAGS} ${BIGNUM_CONFIGURE_FLAGS} WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} ) endif() @@ -245,7 +235,7 @@ target_include_directories(SERVER_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR}/src/leveldb/include ${CMAKE_CURRENT_SOURCE_DIR}/src/leveldb/helpers/memenv ${CMAKE_CURRENT_SOURCE_DIR}/src/rust/include - ${ZMQ_INCLUDE_DIR} ${LIBEVENT_INCLUDE_DIR} ${OPENSSL_INCLUDE_DIR} ${BerkeleyDB_INCLUDE_DIRS} + ${ZMQ_INCLUDE_DIR} ${LIBEVENT_INCLUDE_DIR} ${BerkeleyDB_INCLUDE_DIRS} ) if(ZMQ_FOUND) @@ -255,7 +245,7 @@ if(ZMQ_FOUND) ./src/zmq/zmqpublishnotifier.cpp ) add_library(ZMQ_A STATIC ${BitcoinHeaders} ${ZMQ_SOURCES} ${ZMQ_LIB}) - target_include_directories(ZMQ_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src ${ZMQ_INCLUDE_DIR} ${OPENSSL_INCLUDE_DIR}) + target_include_directories(ZMQ_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src ${ZMQ_INCLUDE_DIR}) target_compile_definitions(ZMQ_A PUBLIC "-DZMQ_STATIC") endif() @@ -297,7 +287,6 @@ target_include_directories(WALLET_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR}/src/secp256k1/include ${CMAKE_CURRENT_SOURCE_DIR}/src/univalue/include ${CMAKE_CURRENT_SOURCE_DIR}/src/leveldb/include - ${OPENSSL_INCLUDE_DIR} ${BerkeleyDB_INCLUDE_DIRS} ) @@ -338,7 +327,7 @@ set(BITCOIN_CRYPTO_SOURCES ./src/crypto/sph_types.h ) add_library(BITCOIN_CRYPTO_A STATIC ${BITCOIN_CRYPTO_SOURCES}) -target_include_directories(BITCOIN_CRYPTO_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src ${OPENSSL_INCLUDE_DIR}) +target_include_directories(BITCOIN_CRYPTO_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src) set(ZEROCOIN_SOURCES ./src/libzerocoin/bignum.h @@ -360,9 +349,7 @@ set(ZEROCOIN_SOURCES ./src/libzerocoin/Params.cpp ) add_library(ZEROCOIN_A STATIC ${ZEROCOIN_SOURCES}) -target_include_directories(ZEROCOIN_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src - ${OPENSSL_INCLUDE_DIR} - ) +target_include_directories(ZEROCOIN_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src) set(COMMON_SOURCES ./src/base58.cpp @@ -410,7 +397,6 @@ target_include_directories(COMMON_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR}/src/secp256k1/include ${CMAKE_CURRENT_SOURCE_DIR}/src/leveldb/include ${CMAKE_CURRENT_SOURCE_DIR}/src/univalue/include - ${OPENSSL_INCLUDE_DIR} ${BerkeleyDB_INCLUDE_DIRS} ) @@ -441,7 +427,6 @@ add_library(UTIL_A STATIC ${BitcoinHeaders} ${UTIL_SOURCES}) target_include_directories(UTIL_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR}/src/univalue/include ${CMAKE_CURRENT_SOURCE_DIR}/src/rust/include - ${OPENSSL_INCLUDE_DIR} ) set(CLI_A_SOURCES ./src/rpc/client.cpp) @@ -474,7 +459,6 @@ target_include_directories(SAPLING_A PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR}/src/sapling ${CMAKE_CURRENT_SOURCE_DIR}/src/rust/include ${CMAKE_CURRENT_SOURCE_DIR}/src/univalue/include - ${OPENSSL_INCLUDE_DIR} ${BerkeleyDB_INCLUDE_DIRS} ) @@ -499,7 +483,7 @@ target_link_libraries(pivx-cli BITCOIN_CRYPTO_A SAPLING_A rustzcash - ${Boost_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY} ${LIBEVENT_LIB} ${sodium_LIBRARY_RELEASE} -ldl pthread + ${Boost_LIBRARIES} ${LIBEVENT_LIB} ${sodium_LIBRARY_RELEASE} -ldl pthread ) if($ENV{target} MATCHES "Windows") target_link_libraries(pivx-cli ${WINDOWS_LDADD}) @@ -523,7 +507,7 @@ target_link_libraries(pivx-tx secp256k1 SAPLING_A rustzcash - ${Boost_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY} ${LIBEVENT_LIB} ${sodium_LIBRARY_RELEASE} ${GMP_LIBRARY} -ldl pthread + ${Boost_LIBRARIES} ${LIBEVENT_LIB} ${sodium_LIBRARY_RELEASE} ${GMP_LIBRARY} -ldl pthread ) if($ENV{target} MATCHES "Windows") target_link_libraries(pivx-tx ${WINDOWS_LDADD}) @@ -558,7 +542,7 @@ target_link_libraries(pivxd crc32c secp256k1 rustzcash - ${BerkeleyDB_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY} ${Boost_LIBRARIES} ${LIBEVENT_LIB} ${GMP_LIBRARY} pthread + ${BerkeleyDB_LIBRARIES} ${Boost_LIBRARIES} ${LIBEVENT_LIB} ${GMP_LIBRARY} pthread ) if($ENV{target} MATCHES "Windows") set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wstack-protector -fstack-protector-all -fPIE -pipe -O2 -pthread -Wl,--dynamicbase -Wl,--nxcompat -Wl,--high-entropy-va -pie --static") diff --git a/src/qt/CMakeLists.txt b/src/qt/CMakeLists.txt index be80498154a3..fd4131b419e9 100644 --- a/src/qt/CMakeLists.txt +++ b/src/qt/CMakeLists.txt @@ -180,7 +180,6 @@ target_include_directories(qt_stuff PUBLIC ${CMAKE_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/pivx ${CMAKE_CURRENT_SOURCE_DIR}/pivx/settings - ${OPENSSL_INCLUDE_DIR} ${BerkeleyDB_INCLUDE_DIRS} ) set_property(TARGET qt_stuff PROPERTY CXX_STANDARD 14) @@ -204,7 +203,7 @@ target_link_libraries(pivx-qt univalue SERVER_A WALLET_A COMMON_A ZEROCOIN_A UTIL_A SAPLING_A BITCOIN_CRYPTO_A CLI_A leveldb crc32c secp256k1 rustzcash - ${BerkeleyDB_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY} ${Boost_LIBRARIES} ${LIBEVENT_LIB} + ${BerkeleyDB_LIBRARIES} ${Boost_LIBRARIES} ${LIBEVENT_LIB} ${sodium_LIBRARY_RELEASE} ${GMP_LIBRARY} -ldl pthread ) diff --git a/src/test/CMakeLists.txt b/src/test/CMakeLists.txt index 5bbf14877082..7d6403774ccd 100644 --- a/src/test/CMakeLists.txt +++ b/src/test/CMakeLists.txt @@ -167,7 +167,7 @@ target_link_libraries(test_pivx PRIVATE crc32c secp256k1 rustzcash - ${BerkeleyDB_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARY} ${Boost_LIBRARIES} ${Boost_UNIT_TEST_FRAMEWORK_LIBRARY} ${LIBEVENT_LIB} ${GMP_LIBRARY} pthread + ${BerkeleyDB_LIBRARIES} ${Boost_LIBRARIES} ${Boost_UNIT_TEST_FRAMEWORK_LIBRARY} ${LIBEVENT_LIB} ${GMP_LIBRARY} pthread ) if(ZMQ_FOUND) target_link_libraries(test_pivx PRIVATE ZMQ_A ${ZMQ_LIB}) From 9b2e35d5385cbbcdeb33ccffe30ec7a5661ba41d Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 20:38:35 -0700 Subject: [PATCH 11/15] depends: remove OpenSSL package --- depends/packages/openssl.mk | 86 ------------------------------------ depends/packages/packages.mk | 2 +- 2 files changed, 1 insertion(+), 87 deletions(-) delete mode 100644 depends/packages/openssl.mk diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk deleted file mode 100644 index eb97ec53e092..000000000000 --- a/depends/packages/openssl.mk +++ /dev/null @@ -1,86 +0,0 @@ -package=openssl -$(package)_version=1.0.1k -$(package)_download_path=https://www.openssl.org/source/old/1.0.1 -$(package)_file_name=$(package)-$($(package)_version).tar.gz -$(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c - -define $(package)_set_vars -$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" -$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl -$(package)_config_opts+=no-camellia -$(package)_config_opts+=no-capieng -$(package)_config_opts+=no-cast -$(package)_config_opts+=no-comp -$(package)_config_opts+=no-dso -$(package)_config_opts+=no-dtls1 -$(package)_config_opts+=no-ec_nistp_64_gcc_128 -$(package)_config_opts+=no-gost -$(package)_config_opts+=no-gmp -$(package)_config_opts+=no-heartbeats -$(package)_config_opts+=no-idea -$(package)_config_opts+=no-jpake -$(package)_config_opts+=no-krb5 -$(package)_config_opts+=no-libunbound -$(package)_config_opts+=no-md2 -$(package)_config_opts+=no-mdc2 -$(package)_config_opts+=no-rc4 -$(package)_config_opts+=no-rc5 -$(package)_config_opts+=no-rdrand -$(package)_config_opts+=no-rfc3779 -$(package)_config_opts+=no-rsax -$(package)_config_opts+=no-sctp -$(package)_config_opts+=no-seed -$(package)_config_opts+=no-sha0 -$(package)_config_opts+=no-shared -$(package)_config_opts+=no-ssl-trace -$(package)_config_opts+=no-ssl2 -$(package)_config_opts+=no-ssl3 -$(package)_config_opts+=no-static_engine -$(package)_config_opts+=no-store -$(package)_config_opts+=no-unit-test -$(package)_config_opts+=no-weak-ssl-ciphers -$(package)_config_opts+=no-whirlpool -$(package)_config_opts+=no-zlib -$(package)_config_opts+=no-zlib-dynamic -$(package)_config_opts+=$($(package)_cflags) $($(package)_cppflags) -$(package)_config_opts_linux=-fPIC -Wa,--noexecstack -$(package)_config_opts_x86_64_linux=linux-x86_64 -$(package)_config_opts_i686_linux=linux-generic32 -$(package)_config_opts_arm_linux=linux-generic32 -$(package)_config_opts_armv7l_linux=linux-generic32 -$(package)_config_opts_aarch64_linux=linux-generic64 -$(package)_config_opts_mipsel_linux=linux-generic32 -$(package)_config_opts_mips_linux=linux-generic32 -$(package)_config_opts_powerpc_linux=linux-generic32 -$(package)_config_opts_riscv32_linux=linux-generic32 -$(package)_config_opts_riscv64_linux=linux-generic64 -$(package)_config_opts_powerpc64le_linux=linux-generic64 -$(package)_config_opts_sparc64_linux=linux-generic64 -$(package)_config_opts_s390x_linux=linux-generic64 -$(package)_config_opts_alpha_linux=linux-generic64 -$(package)_config_opts_m68k_linux=linux-generic32 -$(package)_config_opts_x86_64_darwin=darwin64-x86_64-cc -$(package)_config_opts_x86_64_mingw32=mingw64 -$(package)_config_opts_i686_mingw32=mingw -endef - -define $(package)_preprocess_cmds - sed -i.old "/define DATE/d" util/mkbuildinf.pl && \ - sed -i.old "s|engines apps test|engines|" Makefile.org -endef - -define $(package)_config_cmds - ./Configure $($(package)_config_opts) -endef - -define $(package)_build_cmds - $(MAKE) -j1 build_crypto libcrypto.pc libssl.pc openssl.pc -endef - -define $(package)_stage_cmds - $(MAKE) INSTALL_PREFIX=$($(package)_staging_dir) -j1 install_sw -endef - -define $(package)_postprocess_cmds - rm -rf share bin etc -endef diff --git a/depends/packages/packages.mk b/depends/packages/packages.mk index 3305f806c597..85bb81960708 100644 --- a/depends/packages/packages.mk +++ b/depends/packages/packages.mk @@ -72,7 +72,7 @@ rust_crates := \ crate_zcash_proofs rust_packages := rust $(rust_crates) -packages:=boost openssl libevent gmp $(zcash_packages) libsodium +packages:=boost libevent gmp $(zcash_packages) libsodium qt_packages = qrencode zlib From 9660aecfda3765a47a0c9ff2173d706bdb548900 Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 20:55:27 -0700 Subject: [PATCH 12/15] doc: remove OpenSSL from build instructions and licensing info also cleanup some stray comments --- doc/build-osx.md | 2 +- doc/build-unix.md | 5 ++--- doc/dependencies.md | 1 - libbitcoinconsensus.pc.in | 1 - src/init.cpp | 2 +- src/key.h | 4 ++-- src/libzerocoin/bignum.cpp | 2 +- src/test/sanity_tests.cpp | 2 +- 8 files changed, 8 insertions(+), 11 deletions(-) diff --git a/doc/build-osx.md b/doc/build-osx.md index a768dadf5e25..465ef08e6618 100644 --- a/doc/build-osx.md +++ b/doc/build-osx.md @@ -16,7 +16,7 @@ Then install [Homebrew](https://brew.sh). Dependencies ---------------------- - brew install autoconf automake berkeley-db4 libtool boost miniupnpc openssl pkg-config python3 qt5 zmq libevent qrencode gmp libsodium rust + brew install autoconf automake berkeley-db4 libtool boost miniupnpc pkg-config python3 qt5 zmq libevent qrencode gmp libsodium rust See [dependencies.md](dependencies.md) for a complete overview. diff --git a/doc/build-unix.md b/doc/build-unix.md index 7097a04ca7ed..6d07dd7c2edc 100644 --- a/doc/build-unix.md +++ b/doc/build-unix.md @@ -31,7 +31,6 @@ These dependencies are required: Library | Purpose | Description ------------|--------------------|---------------------- - libssl | Crypto | Random Number Generation, Elliptic Curve Cryptography libboost | Utility | Library for threading, data structures, etc libevent | Networking | OS independent asynchronous networking libgmp | Bignum Arithmetic | Precision arithmetic @@ -72,7 +71,7 @@ Build requirements: Now, you can either build from self-compiled [depends](/depends/README.md) or install the required dependencies: - sudo apt-get install libssl-dev libgmp-dev libevent-dev libboost-all-dev libsodium-dev cargo + sudo apt-get install libgmp-dev libevent-dev libboost-all-dev libsodium-dev cargo BerkeleyDB is required for the wallet. @@ -124,7 +123,7 @@ built by default. Build requirements: - sudo dnf install which gcc-c++ libtool make autoconf automake compat-openssl10-devel libevent-devel boost-devel libdb4-devel libdb4-cxx-devel gmp-devel libsodium-devel cargo python3 + sudo dnf install which gcc-c++ libtool make autoconf automake libevent-devel boost-devel libdb4-devel libdb4-cxx-devel gmp-devel libsodium-devel cargo python3 Optional: diff --git a/doc/dependencies.md b/doc/dependencies.md index ad5764f1e78b..9ff685e6885a 100644 --- a/doc/dependencies.md +++ b/doc/dependencies.md @@ -19,7 +19,6 @@ These are the dependencies currently used by PIVX Core. You can find instruction | libpng | | | | | [Yes](https://github.com/pivx-project/pivx/blob/master/depends/packages/qt.mk#L64) | | librsvg | | | | | | | MiniUPnPc | [2.2.2](https://miniupnp.tuxfamily.org/files) | | No | | | -| OpenSSL | [1.0.1k](https://www.openssl.org/source) | | Yes | | | | GMP | [6.1.2](https://gmplib.org/) | | No | | | | PCRE | | | | | [Yes](https://github.com/pivx-project/pivx/blob/master/depends/packages/qt.mk#L66) | | Python (tests) | | [3.5](https://www.python.org/downloads) | | | | diff --git a/libbitcoinconsensus.pc.in b/libbitcoinconsensus.pc.in index eb920c47eb52..1ceab280bb11 100644 --- a/libbitcoinconsensus.pc.in +++ b/libbitcoinconsensus.pc.in @@ -8,4 +8,3 @@ Description: Library for the Bitcoin consensus protocol. Version: @PACKAGE_VERSION@ Libs: -L${libdir} -lbitcoinconsensus Cflags: -I${includedir} -Requires.private: libcrypto diff --git a/src/init.cpp b/src/init.cpp index 6032017d0e6a..616efff73cc3 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -629,7 +629,7 @@ std::string LicenseInfo() "\n" + FormatParagraph(_("Distributed under the MIT software license, see the accompanying file COPYING or .")) + "\n" + "\n" + - FormatParagraph(_("This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit and cryptographic software written by Eric Young and UPnP software written by Thomas Bernard.")) + + FormatParagraph(_("This product includes UPnP software written by Thomas Bernard.")) + "\n"; } diff --git a/src/key.h b/src/key.h index d7e9dda3f116..9ee98a159704 100644 --- a/src/key.h +++ b/src/key.h @@ -97,7 +97,7 @@ class CKey //! Check whether the public key corresponding to this private key is (to be) compressed. bool IsCompressed() const { return fCompressed; } - //! Initialize from a CPrivKey (serialized OpenSSL private key data). + //! Initialize from a CPrivKey (serialized secp256k1 private key data). bool SetPrivKey(const CPrivKey& vchPrivKey, bool fCompressed); //! Generate a new private key using a cryptographic PRNG. @@ -106,7 +106,7 @@ class CKey uint256 GetPrivKey_256(); /** - * Convert the private key to a CPrivKey (serialized OpenSSL private key data). + * Convert the private key to a CPrivKey (serialized secp256k1 private key data). * This is expensive. */ CPrivKey GetPrivKey() const; diff --git a/src/libzerocoin/bignum.cpp b/src/libzerocoin/bignum.cpp index 3a05b2a9fd27..5c784150e1cf 100644 --- a/src/libzerocoin/bignum.cpp +++ b/src/libzerocoin/bignum.cpp @@ -48,7 +48,7 @@ CBigNum::CBigNum(const std::vector& vch) setvch(vch); } -/** PRNGs use OpenSSL for consistency with seed initialization **/ +/** PRNGs use GMP for consistency with seed initialization **/ /** Generates a cryptographically secure random number between zero and range-1 (inclusive) * i.e. 0 <= returned number < range diff --git a/src/test/sanity_tests.cpp b/src/test/sanity_tests.cpp index 55d7f89c0dc4..5a268d2f3229 100644 --- a/src/test/sanity_tests.cpp +++ b/src/test/sanity_tests.cpp @@ -14,7 +14,7 @@ BOOST_AUTO_TEST_CASE(basic_sanity) { BOOST_CHECK_MESSAGE(glibc_sanity_test() == true, "libc sanity test"); BOOST_CHECK_MESSAGE(glibcxx_sanity_test() == true, "stdlib sanity test"); - BOOST_CHECK_MESSAGE(ECC_InitSanityCheck() == true, "openssl ECC test"); + BOOST_CHECK_MESSAGE(ECC_InitSanityCheck() == true, "secp256k1 sanity test"); } BOOST_AUTO_TEST_SUITE_END() From f6692486b5e44b52ff9891074bd22e889216f170 Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 20:58:49 -0700 Subject: [PATCH 13/15] ci: remove OpenSSL installation --- .github/workflows/build-and-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index f9e5a9d53d4d..1b3a30f23816 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -73,7 +73,7 @@ jobs: config: - name: Linux os: ubuntu-16.04 - packages: python3-zmq qtbase5-dev qttools5-dev-tools libqt5svg5-dev libssl-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-test-dev libboost-thread-dev libdb5.3++-dev libminiupnpc-dev libzmq3-dev libqrencode-dev libgmp-dev libsodium-dev cargo + packages: python3-zmq qtbase5-dev qttools5-dev-tools libqt5svg5-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-test-dev libboost-thread-dev libdb5.3++-dev libminiupnpc-dev libzmq3-dev libqrencode-dev libgmp-dev libsodium-dev cargo cc: gcc cxx: g++ @@ -299,7 +299,7 @@ jobs: - name: x86_64 Linux [GOAL:install] [xenial] [no depends only system libs] os: ubuntu-16.04 host: x86_64-unknown-linux-gnu - apt_get: python3-zmq qtbase5-dev qttools5-dev-tools libqt5svg5-dev libssl-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-test-dev libboost-thread-dev libdb5.3++-dev libminiupnpc-dev libzmq3-dev libqrencode-dev libgmp-dev libsodium-dev cargo + apt_get: python3-zmq qtbase5-dev qttools5-dev-tools libqt5svg5-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-test-dev libboost-thread-dev libdb5.3++-dev libminiupnpc-dev libzmq3-dev libqrencode-dev libgmp-dev libsodium-dev cargo unit_tests: true functional_tests: true no_depends: 1 @@ -310,7 +310,7 @@ jobs: - name: x86_64 Linux [GOAL:install] [bionic] [no depends only system libs] os: ubuntu-18.04 host: x86_64-unknown-linux-gnu - apt_get: python3-zmq qtbase5-dev qttools5-dev-tools libqt5svg5-dev libqt5charts5-dev libssl1.0-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-test-dev libboost-thread-dev libdb5.3++-dev libminiupnpc-dev libzmq3-dev libqrencode-dev libgmp-dev libsodium-dev cargo + apt_get: python3-zmq qtbase5-dev qttools5-dev-tools libqt5svg5-dev libqt5charts5-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-test-dev libboost-thread-dev libdb5.3++-dev libminiupnpc-dev libzmq3-dev libqrencode-dev libgmp-dev libsodium-dev cargo unit_tests: true no_depends: 1 goal: install From 686bfad4fcf9f9344571927e1d7ce164c146e356 Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 21:05:02 -0700 Subject: [PATCH 14/15] doc: Add OpenSSL removal to release notes --- doc/release-notes.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/release-notes.md b/doc/release-notes.md index 55297cc21908..935f044c7bc5 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -93,6 +93,11 @@ The `autocombine` RPC command has been replaced with specific set/get commands ( The minimum supported miniUPnPc API version is set to 10. This keeps compatibility with Ubuntu 16.04 LTS and Debian 8 `libminiupnpc-dev` packages. Please note, on Debian this package is still vulnerable to [CVE-2017-8798](https://security-tracker.debian.org/tracker/CVE-2017-8798) (in jessie only) and [CVE-2017-1000494](https://security-tracker.debian.org/tracker/CVE-2017-1000494) (both in jessie and in stretch). +#### Build System + +OpenSSL is no longer used by PIVX Core + + #### Disable PoW mining RPC Commands A new configure flag has been introduced to allow more granular control over weather or not the PoW mining RPC commands are compiled into the wallet. By default they are not. This behavior can be overridden by passing `--enable-mining-rpc` to the `configure` script. From 556333129e77876d0339834bf12845c106fae371 Mon Sep 17 00:00:00 2001 From: Fuzzbawls Date: Mon, 26 Apr 2021 21:15:51 -0700 Subject: [PATCH 15/15] Snap: remove openssl from nightly snapcraft build requirements --- build-aux/snap/snapcraft.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/build-aux/snap/snapcraft.yaml b/build-aux/snap/snapcraft.yaml index 62c9c77d93bb..187fbc1187a3 100644 --- a/build-aux/snap/snapcraft.yaml +++ b/build-aux/snap/snapcraft.yaml @@ -311,7 +311,6 @@ parts: - python3 - help2man - doxygen - - libssl-dev - libgmp-dev - libevent-dev - libboost-all-dev