public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

* [bitcoin-dev] What is OpenSSL still used for?
@ 2016-01-19  1:39 Andrew C
  2016-01-19  3:58 ` Ethan Heilman
  2016-01-21  7:42 ` Jonas Schnelli
  0 siblings, 2 replies; 5+ messages in thread
From: Andrew C @ 2016-01-19  1:39 UTC (permalink / raw)
  To: Bitcoin development mailing list

[-- Attachment #1: Type: text/plain, Size: 210 bytes --]

In the release notes for 0.12, it says that we have moved from using
OpenSSL to libsecp256k1 for signature validation. So what else is it being
used for that we need to keep it as a dependency?

Thanks,
Andrew

[-- Attachment #2: Type: text/html, Size: 266 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] What is OpenSSL still used for?
  2016-01-19  1:39 [bitcoin-dev] What is OpenSSL still used for? Andrew C
@ 2016-01-19  3:58 ` Ethan Heilman
  2016-01-21  2:57   ` Douglas Roark
  2016-01-21  7:42 ` Jonas Schnelli
  1 sibling, 1 reply; 5+ messages in thread
From: Ethan Heilman @ 2016-01-19  3:58 UTC (permalink / raw)
  To: Andrew C; +Cc: Bitcoin development mailing list

I believe libsecp256k1 just performs Elliptic Curve operations
required by Bitcoin. OpenSSL is used for all other crypto.

For instance the PRNG appears to be OpenSSL:
https://github.com/bitcoin/bitcoin/blob/master/src/random.h


On Mon, Jan 18, 2016 at 8:39 PM, Andrew C via bitcoin-dev
<bitcoin-dev@lists•linuxfoundation.org> wrote:
> In the release notes for 0.12, it says that we have moved from using OpenSSL
> to libsecp256k1 for signature validation. So what else is it being used for
> that we need to keep it as a dependency?
>
> Thanks,
> Andrew
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] What is OpenSSL still used for?
  2016-01-19  3:58 ` Ethan Heilman
@ 2016-01-21  2:57   ` Douglas Roark
  0 siblings, 0 replies; 5+ messages in thread
From: Douglas Roark @ 2016-01-21  2:57 UTC (permalink / raw)
  To: bitcoin-dev

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016/1/18 19:58, Ethan Heilman via bitcoin-dev wrote:
> I believe libsecp256k1 just performs Elliptic Curve operations 
> required by Bitcoin. OpenSSL is used for all other crypto.

The exact answer, as I understand it, is a bit more nuanced. In
particular, you referenced the PRNG. I believe libsecp256k1, as
currently written, relies on an implementation of RFC 6979 instead of
using a PRNG. I'm guessing this is done for portability reasons (no
need to hook into the OS's RNG).

Otherwise, yes, I believe this answer is basically correct. There are
still some crypto functions not covered by libsecp256k1, at least at
the API level. But, for consensus-critical functionality, I think 0.12
will be rid of OpenSSL.

- -- 
- ---
Douglas Roark
Cryptocurrency, network security, travel, and art.
https://onename.com/droark
joroark@vt•edu
PGP key ID: 26623924
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWoEkTAAoJEEOBHRomYjkkoR0QAKmvgmoOdCw7SLP9cFURltXw
Ro8mOfikjp04C6tsshtiKQ1+jq80wBhioVYIL7XiyNU7ZUNdAWSc/wGBCG+YkMeQ
6h02WJZQtTe0PvGVHIgUw6SiV4ZzXBuapXQX0BgEl0pInvQkRRqWtgrqDlWbqJVg
NKzm8Kh+c8JUHEKbhnC45Jgh2JYHpyXcByLHSyGYsPOprjHmsupCPC6qydrRnuaO
r7YHtObK2myOglJ1h6BXir//+XNbk6RiRNf5voONNAR9L+69BBV7hMVVO3eiDZ12
vrNaOIKhDjhDs1kmkFYi7ML/zKBQRXlb7iM8AEpfCUKl/zK9bSNeblP4ZBGPqjCm
9TGCqGjmKEbg7AYXjyMvmw+jZReediJMNYpCdxaSJi+XJZO6EC28pcKsb6pu/9gX
NCLf1T/f2NoyXxc57aTuHNo0SnVaee1z0+IlGSh+5foxhZGbFmPhxOy3WNIubuou
tm0guAXloCCERwVg0OhhQ3YyrlOWz7VnUrT8cteQC+yP353zdnxay7ZmQh9swcyR
VX7yu4xLcxgbQmBIhMyKs9iQnycOrdNhZEfGx4vQ2ZKAj1CPVqrgKxbtY3KuPfvb
YAzfs/iXaqBHH7FN9juLMRGqkzyVzJ9mIsFyLldADvSoc8RSa1IQiZtfPsIU1w1i
UKEl9Qasje80EojNZNz0
=glL2
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] What is OpenSSL still used for?
  2016-01-19  1:39 [bitcoin-dev] What is OpenSSL still used for? Andrew C
  2016-01-19  3:58 ` Ethan Heilman
@ 2016-01-21  7:42 ` Jonas Schnelli
  2016-01-25 11:58   ` Wladimir J. van der Laan
  1 sibling, 1 reply; 5+ messages in thread
From: Jonas Schnelli @ 2016-01-21  7:42 UTC (permalink / raw)
  To: bitcoin-dev, achow101

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Andrew

> In the release notes for 0.12, it says that we have moved from
> using OpenSSL to libsecp256k1 for signature validation. So what
> else is it being used for that we need to keep it as a dependency?

Openssl was dropped from the consensus layer (ECC) in 0.12, though, it
still used for...

1) ... getting random numbers (randomize the ECC signing context)
2) [wallet only] ... AES256 encryption of private keys
3) [GUI only] ... SSL/X.509 for BIP70 (payment protocol)

Openssl dependency for 1) and 2) could be removed. There are some –
outdated – relevant PRs:

Entropy: https://github.com/bitcoin/bitcoin/pull/5885
AES: https://github.com/bitcoin/bitcoin/pull/5949

I guess for point 3) [BIP70] it makes sense to keep openssl.

/jonas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWoIwAAAoJECnUvLZBb1PsWSMP/2VyURcUUmnFodX1UUkkTQSu
KmEMqRe3Ak1v4B5S+7raodYE+7ePONedHrciUgNfj0GBDu7/5Wl3LD0GnFb0//Nl
JEHPzNQB8xhRjhXux17rq+Kf60qjc+uybJQDDs9KfQQYS+hFTUKXX61s7wwY/QAy
6Vi5FxZRThzFUFWFZvG9KbRLWEbBVONnXLaA4pB0o7UnU2wAHkmPP5wyeCJLy3cW
uggeLYh3X6GBF/+IQ0ndO4yFJ09ROXBS7N1VisJy2Z4zTJr0y6rAVVG9XcPtlkMc
SvMULeiB34odvlZMRMFdCYLHCuff30jN2+aEJST/d+lr4IB2ai8veXwt69yya4p2
4UUL5ueOzKWfgcxVT/qDDcVkZJFqrhdHmMaEggelRakQCSdLly+4X7Mdo/Dx/RC2
PYUDQVGGFephTpzBTQ3fpRGtZu2JX45T2RKyF2qcVlzXrRW7SjqzwGWWuutwbbrS
V9cSMMVS7NU90mgCE4e3G2oqi40H8dOzg+opf5ynChEccgJwUlxrfjj4kJbQZRH1
X00tGeVs93MxQes+vacYq7VYX4pzM1kiU3EMNStyAvCzd8FbGxmiv3C1VKhRj3xK
Oo98Yg18OBL2jQCWHza3nOU5jN8AnjlkXNvrqsaGedjVNirlnR6a+qmklNIiY1lE
kBxMbfAhTLPY3ukqtaSh
=4GfM
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] What is OpenSSL still used for?
  2016-01-21  7:42 ` Jonas Schnelli
@ 2016-01-25 11:58   ` Wladimir J. van der Laan
  0 siblings, 0 replies; 5+ messages in thread
From: Wladimir J. van der Laan @ 2016-01-25 11:58 UTC (permalink / raw)
  To: Jonas Schnelli; +Cc: bitcoin-dev

> > In the release notes for 0.12, it says that we have moved from
> > using OpenSSL to libsecp256k1 for signature validation. So what
> > else is it being used for that we need to keep it as a dependency?
> 
> Openssl was dropped from the consensus layer (ECC) in 0.12, though, it
> still used for...
> 
> 1) ... getting random numbers (randomize the ECC signing context)
> 2) [wallet only] ... AES256 encryption of private keys
> 3) [GUI only] ... SSL/X.509 for BIP70 (payment protocol)
> 
> Openssl dependency for 1) and 2) could be removed. There are some –
> outdated – relevant PRs:
> 
> Entropy: https://github.com/bitcoin/bitcoin/pull/5885
> AES: https://github.com/bitcoin/bitcoin/pull/5949
> 
> I guess for point 3) [BIP70] it makes sense to keep openssl.

Exactly - the plan is that OpenSSL will, in due time, be a dependency only if the
GUI is enabled. Most of the work for that is already done but it has to be made
up to date and carefully tested and integrated.

Wladimir


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-01-25 11:58 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-19  1:39 [bitcoin-dev] What is OpenSSL still used for? Andrew C
2016-01-19  3:58 ` Ethan Heilman
2016-01-21  2:57   ` Douglas Roark
2016-01-21  7:42 ` Jonas Schnelli
2016-01-25 11:58   ` Wladimir J. van der Laan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox