From 5624ab0b4f844dc7c17aeb1b009f002c33c38fb3 Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 08:15:43 -0400 Subject: [PATCH 1/8] random: stop feeding RNG output back into OpenSSL On the ::SLOW or ::SLEEP paths, we would feed our RNG output back into OpenSSL using RAND_add. This commit removes that functionality. RAND_add(): https://www.openssl.org/docs/manmaster/man3/RAND_add.html RAND_add() mixes the num bytes at buf into the internal state of the random generator. This function will not normally be needed, as mentioned above. The randomness argument is an estimate of how much randomness is contained in buf, in bytes, and should be a number between zero and num. --- src/random.cpp | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/random.cpp b/src/random.cpp index 3e6398f7b4..8bdf45ef67 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -586,14 +586,6 @@ static void ProcRand(unsigned char* out, int num, RNGLevel level) SeedStartup(startup_hasher, rng); rng.MixExtract(out, num, std::move(startup_hasher), true); } - - // For anything but the 'fast' level, feed the resulting RNG output (after an additional hashing step) back into OpenSSL. - if (level != RNGLevel::FAST) { - unsigned char buf[64]; - CSHA512().Write(out, num).Finalize(buf); - RAND_add(buf, sizeof(buf), num); - memory_cleanse(buf, 64); - } } void GetRandBytes(unsigned char* buf, int num) noexcept { ProcRand(buf, num, RNGLevel::FAST); } From 4fcfcc294e7cb17956e283d09050cb997093a35d Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 08:22:11 -0400 Subject: [PATCH 2/8] random: stop retrieving random bytes from OpenSSL On the ::SLOW path we would use OpenSSL as an additional source of random bytes. This commit removes that functionality. Note that this was always only an additional source, and that we never checked the return value RAND_bytes(): https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf. --- src/random.cpp | 4 ---- src/random.h | 1 - src/randomenv.cpp | 1 - 3 files changed, 6 deletions(-) diff --git a/src/random.cpp b/src/random.cpp index 8bdf45ef67..d418740813 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -495,10 +495,6 @@ static void SeedSlow(CSHA512& hasher) noexcept GetOSRand(buffer); hasher.Write(buffer, sizeof(buffer)); - // OpenSSL RNG (for now) - RAND_bytes(buffer, sizeof(buffer)); - hasher.Write(buffer, sizeof(buffer)); - // High-precision timestamp. // // Note that we also commit to a timestamp in the Fast seeder, so we indirectly commit to a diff --git a/src/random.h b/src/random.h index 7768f9d3c5..2d8ab085e3 100644 --- a/src/random.h +++ b/src/random.h @@ -35,7 +35,6 @@ * that fast seeding includes, but additionally: * - OS entropy (/dev/urandom, getrandom(), ...). The application will terminate if * this entropy source fails. - * - Bytes from OpenSSL's RNG (which itself may be seeded from various sources) * - Another high-precision timestamp (indirectly committing to a benchmark of all the * previous sources). * These entropy sources are slower, but designed to make sure the RNG state contains diff --git a/src/randomenv.cpp b/src/randomenv.cpp index 603c88eaab..ec42ddabc3 100644 --- a/src/randomenv.cpp +++ b/src/randomenv.cpp @@ -70,7 +70,6 @@ namespace { void RandAddSeedPerfmon(CSHA512& hasher) { #ifdef WIN32 - // Don't need this on Linux, OpenSSL automatically uses /dev/urandom // Seed with the entire set of perfmon data // This can take up to 2 seconds, so only do it every 10 minutes From b49b6b0f7090cc15860d815fb0ef306ddfc718ba Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 08:41:58 -0400 Subject: [PATCH 3/8] random: Remove remaining OpenSSL calls and locking infrastructure --- src/random.cpp | 35 ----------------------------------- 1 file changed, 35 deletions(-) diff --git a/src/random.cpp b/src/random.cpp index d418740813..47d76d8700 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -43,10 +43,6 @@ #include #endif -#include -#include -#include - [[noreturn]] static void RandFailure() { LogPrintf("Failed to read randomness, aborting\n"); @@ -347,8 +343,6 @@ void GetOSRand(unsigned char *ent32) #endif } -void LockingCallbackOpenSSL(int mode, int i, const char* file, int line); - namespace { class RNGState { @@ -364,31 +358,15 @@ class RNGState { unsigned char m_state[32] GUARDED_BY(m_mutex) = {0}; uint64_t m_counter GUARDED_BY(m_mutex) = 0; bool m_strongly_seeded GUARDED_BY(m_mutex) = false; - std::unique_ptr m_mutex_openssl; public: RNGState() noexcept { InitHardwareRand(); - - // Init OpenSSL library multithreading support - m_mutex_openssl.reset(new Mutex[CRYPTO_num_locks()]); - CRYPTO_set_locking_callback(LockingCallbackOpenSSL); - - // OpenSSL can optionally load a config file which lists optional loadable modules and engines. - // We don't use them so we don't require the config. However some of our libs may call functions - // which attempt to load the config file, possibly resulting in an exit() or crash if it is missing - // or corrupt. Explicitly tell OpenSSL not to try to load the file. The result for our libs will be - // that the config appears to have been loaded and there are no modules/engines available. - OPENSSL_no_config(); } ~RNGState() { - // Securely erase the memory used by the OpenSSL PRNG - RAND_cleanup(); - // Shutdown OpenSSL library multithreading support - CRYPTO_set_locking_callback(nullptr); } /** Extract up to 32 bytes of entropy from the RNG state, mixing in new entropy from hasher. @@ -424,8 +402,6 @@ public: memory_cleanse(buf, 64); return ret; } - - Mutex& GetOpenSSLMutex(int i) { return m_mutex_openssl[i]; } }; RNGState& GetRNGState() noexcept @@ -437,17 +413,6 @@ RNGState& GetRNGState() noexcept } } -void LockingCallbackOpenSSL(int mode, int i, const char* file, int line) NO_THREAD_SAFETY_ANALYSIS -{ - RNGState& rng = GetRNGState(); - - if (mode & CRYPTO_LOCK) { - rng.GetOpenSSLMutex(i).lock(); - } else { - rng.GetOpenSSLMutex(i).unlock(); - } -} - /* A note on the use of noexcept in the seeding functions below: * * None of the RNG code should ever throw any exception, with the sole exception From 8983ee3e6dd8ab658bd2caf97c326cc53ea50818 Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 09:09:25 -0400 Subject: [PATCH 4/8] build: remove OpenSSL detection and libs --- configure.ac | 9 --------- src/Makefile.am | 10 +++++----- src/Makefile.bench.include | 2 +- src/Makefile.qt.include | 1 - src/Makefile.qttest.include | 2 +- src/Makefile.test.include | 3 +-- 6 files changed, 8 insertions(+), 19 deletions(-) diff --git a/configure.ac b/configure.ac index 0f31bbaee5..2025037bd4 100644 --- a/configure.ac +++ b/configure.ac @@ -555,13 +555,8 @@ case $host in dnl It's safe to add these paths even if the functionality is disabled by dnl the user (--without-wallet or --without-gui for example). - openssl_prefix=`$BREW --prefix openssl 2>/dev/null` bdb_prefix=`$BREW --prefix berkeley-db4 2>/dev/null` qt5_prefix=`$BREW --prefix qt5 2>/dev/null` - if test x$openssl_prefix != x; then - PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH" - export PKG_CONFIG_PATH - fi if test x$bdb_prefix != x; then CPPFLAGS="$CPPFLAGS -I$bdb_prefix/include" LIBS="$LIBS -L$bdb_prefix/lib" @@ -1255,7 +1250,6 @@ if test x$use_pkgconfig = xyes; then m4_ifdef( [PKG_CHECK_MODULES], [ - PKG_CHECK_MODULES([CRYPTO], [libcrypto],,[AC_MSG_ERROR(libcrypto not found.)]) if test x$use_qr != xno; then BITCOIN_QT_CHECK([PKG_CHECK_MODULES([QR], [libqrencode], [have_qrencode=yes], [have_qrencode=no])]) fi @@ -1278,8 +1272,6 @@ if test x$use_pkgconfig = xyes; then ] ) else - AC_CHECK_HEADER([openssl/crypto.h],,AC_MSG_ERROR(libcrypto headers missing)) - AC_CHECK_LIB([crypto], [main],CRYPTO_LIBS=-lcrypto, AC_MSG_ERROR(libcrypto missing)) if test x$build_bitcoin_cli$build_bitcoind$bitcoin_enable_qt$use_tests != xnononono; then AC_CHECK_HEADER([event2/event.h],, AC_MSG_ERROR(libevent headers missing),) @@ -1599,7 +1591,6 @@ AC_SUBST(TESTDEFS) AC_SUBST(LEVELDB_TARGET_FLAGS) AC_SUBST(MINIUPNPC_CPPFLAGS) AC_SUBST(MINIUPNPC_LIBS) -AC_SUBST(CRYPTO_LIBS) AC_SUBST(EVENT_LIBS) AC_SUBST(EVENT_PTHREADS_LIBS) AC_SUBST(ZMQ_LIBS) diff --git a/src/Makefile.am b/src/Makefile.am index cbe5479956..ffb97f26d7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -19,7 +19,7 @@ else LIBUNIVALUE = $(UNIVALUE_LIBS) endif -BITCOIN_INCLUDES=-I$(builddir) $(BDB_CPPFLAGS) $(BOOST_CPPFLAGS) $(LEVELDB_CPPFLAGS) $(CRYPTO_CFLAGS) +BITCOIN_INCLUDES=-I$(builddir) $(BDB_CPPFLAGS) $(BOOST_CPPFLAGS) $(LEVELDB_CPPFLAGS) BITCOIN_INCLUDES += -I$(srcdir)/secp256k1/include BITCOIN_INCLUDES += $(UNIVALUE_CFLAGS) @@ -571,7 +571,7 @@ bitcoind_LDADD = \ $(LIBMEMENV) \ $(LIBSECP256K1) -bitcoind_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(ZMQ_LIBS) +bitcoind_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(ZMQ_LIBS) # bitcoin-cli binary # bitcoin_cli_SOURCES = bitcoin-cli.cpp @@ -589,7 +589,7 @@ bitcoin_cli_LDADD = \ $(LIBBITCOIN_UTIL) \ $(LIBBITCOIN_CRYPTO) -bitcoin_cli_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS) $(EVENT_LIBS) +bitcoin_cli_LDADD += $(BOOST_LIBS) $(EVENT_LIBS) # # bitcoin-tx binary # @@ -610,7 +610,7 @@ bitcoin_tx_LDADD = \ $(LIBBITCOIN_CRYPTO) \ $(LIBSECP256K1) -bitcoin_tx_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS) +bitcoin_tx_LDADD += $(BOOST_LIBS) # # bitcoin-wallet binary # @@ -637,7 +637,7 @@ bitcoin_wallet_LDADD = \ $(LIBSECP256K1) \ $(LIBUNIVALUE) -bitcoin_wallet_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(MINIUPNPC_LIBS) $(ZMQ_LIBS) +bitcoin_wallet_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(MINIUPNPC_LIBS) $(ZMQ_LIBS) # # bitcoinconsensus library # diff --git a/src/Makefile.bench.include b/src/Makefile.bench.include index c9e4fcc4bc..acd712c8a2 100644 --- a/src/Makefile.bench.include +++ b/src/Makefile.bench.include @@ -76,7 +76,7 @@ bench_bench_bitcoin_SOURCES += bench/coin_selection.cpp bench_bench_bitcoin_SOURCES += bench/wallet_balance.cpp endif -bench_bench_bitcoin_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(MINIUPNPC_LIBS) +bench_bench_bitcoin_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(MINIUPNPC_LIBS) bench_bench_bitcoin_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) CLEAN_BITCOIN_BENCH = bench/*.gcda bench/*.gcno $(GENERATED_BENCH_FILES) diff --git a/src/Makefile.qt.include b/src/Makefile.qt.include index 13b1470b58..93e60ff832 100644 --- a/src/Makefile.qt.include +++ b/src/Makefile.qt.include @@ -314,7 +314,6 @@ endif qt_bitcoin_qt_LDADD += $(LIBBITCOIN_CLI) $(LIBBITCOIN_COMMON) $(LIBBITCOIN_UTIL) $(LIBBITCOIN_CONSENSUS) $(LIBBITCOIN_CRYPTO) $(LIBUNIVALUE) $(LIBLEVELDB) $(LIBLEVELDB_SSE42) $(LIBMEMENV) \ $(BOOST_LIBS) $(QT_LIBS) $(QT_DBUS_LIBS) $(QR_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \ $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) -qt_bitcoin_qt_LDADD += $(CRYPTO_LIBS) qt_bitcoin_qt_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(QT_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) qt_bitcoin_qt_LIBTOOLFLAGS = $(AM_LIBTOOLFLAGS) --tag CXX diff --git a/src/Makefile.qttest.include b/src/Makefile.qttest.include index 562b393b22..37e1da2a78 100644 --- a/src/Makefile.qttest.include +++ b/src/Makefile.qttest.include @@ -63,7 +63,7 @@ qt_test_test_bitcoin_qt_LDADD += $(LIBBITCOIN_ZMQ) $(ZMQ_LIBS) endif qt_test_test_bitcoin_qt_LDADD += $(LIBBITCOIN_CLI) $(LIBBITCOIN_COMMON) $(LIBBITCOIN_UTIL) $(LIBBITCOIN_CONSENSUS) $(LIBBITCOIN_CRYPTO) $(LIBUNIVALUE) $(LIBLEVELDB) \ $(LIBLEVELDB_SSE42) $(LIBMEMENV) $(BOOST_LIBS) $(QT_DBUS_LIBS) $(QT_TEST_LIBS) $(QT_LIBS) \ - $(QR_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \ + $(QR_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \ $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) qt_test_test_bitcoin_qt_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(QT_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) qt_test_test_bitcoin_qt_CXXFLAGS = $(AM_CXXFLAGS) $(QT_PIE_FLAGS) diff --git a/src/Makefile.test.include b/src/Makefile.test.include index dd1ade5496..d2d897af2f 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -91,7 +91,6 @@ FUZZ_SUITE_LD_COMMON = \ $(LIBMEMENV) \ $(LIBSECP256K1) \ $(EVENT_LIBS) \ - $(CRYPTO_LIBS) \ $(EVENT_PTHREADS_LIBS) # test_bitcoin binary # @@ -207,7 +206,7 @@ test_test_bitcoin_LDADD += $(LIBBITCOIN_SERVER) $(LIBBITCOIN_CLI) $(LIBBITCOIN_C $(LIBLEVELDB) $(LIBLEVELDB_SSE42) $(LIBMEMENV) $(BOOST_LIBS) $(BOOST_UNIT_TEST_FRAMEWORK_LIB) $(LIBSECP256K1) $(EVENT_LIBS) $(EVENT_PTHREADS_LIBS) test_test_bitcoin_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) -test_test_bitcoin_LDADD += $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(RAPIDCHECK_LIBS) +test_test_bitcoin_LDADD += $(BDB_LIBS) $(MINIUPNPC_LIBS) $(RAPIDCHECK_LIBS) test_test_bitcoin_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) -static if ENABLE_ZMQ From 648b2e3c3288ee0b83d4089d27fa7f84a73d118e Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 09:09:50 -0400 Subject: [PATCH 5/8] depends: remove OpenSSL package --- depends/packages/openssl.mk | 88 ------------------- depends/packages/packages.mk | 2 +- ...dd-OpenSSL-termios-fix-for-musl-libc.patch | 17 ---- 3 files changed, 1 insertion(+), 106 deletions(-) delete mode 100644 depends/packages/openssl.mk delete mode 100644 depends/patches/openssl/0001-Add-OpenSSL-termios-fix-for-musl-libc.patch diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk deleted file mode 100644 index e3b3647dd9..0000000000 --- a/depends/packages/openssl.mk +++ /dev/null @@ -1,88 +0,0 @@ -package=openssl -$(package)_version=1.0.1k -$(package)_download_path=https://www.openssl.org/source -$(package)_file_name=$(package)-$($(package)_version).tar.gz -$(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c -$(package)_patches=0001-Add-OpenSSL-termios-fix-for-musl-libc.patch - -define $(package)_set_vars -$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" -$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl -$(package)_config_opts+=no-camellia -$(package)_config_opts+=no-capieng -$(package)_config_opts+=no-cast -$(package)_config_opts+=no-comp -$(package)_config_opts+=no-dso -$(package)_config_opts+=no-dtls1 -$(package)_config_opts+=no-ec_nistp_64_gcc_128 -$(package)_config_opts+=no-gost -$(package)_config_opts+=no-gmp -$(package)_config_opts+=no-heartbeats -$(package)_config_opts+=no-idea -$(package)_config_opts+=no-jpake -$(package)_config_opts+=no-krb5 -$(package)_config_opts+=no-libunbound -$(package)_config_opts+=no-md2 -$(package)_config_opts+=no-mdc2 -$(package)_config_opts+=no-rc4 -$(package)_config_opts+=no-rc5 -$(package)_config_opts+=no-rdrand -$(package)_config_opts+=no-rfc3779 -$(package)_config_opts+=no-rsax -$(package)_config_opts+=no-sctp -$(package)_config_opts+=no-seed -$(package)_config_opts+=no-sha0 -$(package)_config_opts+=no-shared -$(package)_config_opts+=no-ssl-trace -$(package)_config_opts+=no-ssl2 -$(package)_config_opts+=no-ssl3 -$(package)_config_opts+=no-static_engine -$(package)_config_opts+=no-store -$(package)_config_opts+=no-unit-test -$(package)_config_opts+=no-weak-ssl-ciphers -$(package)_config_opts+=no-whirlpool -$(package)_config_opts+=no-zlib -$(package)_config_opts+=no-zlib-dynamic -$(package)_config_opts+=$($(package)_cflags) $($(package)_cppflags) -$(package)_config_opts_linux=-fPIC -Wa,--noexecstack -$(package)_config_opts_x86_64_linux=linux-x86_64 -$(package)_config_opts_i686_linux=linux-generic32 -$(package)_config_opts_arm_linux=linux-generic32 -$(package)_config_opts_armv7l_linux=linux-generic32 -$(package)_config_opts_aarch64_linux=linux-generic64 -$(package)_config_opts_mipsel_linux=linux-generic32 -$(package)_config_opts_mips_linux=linux-generic32 -$(package)_config_opts_powerpc_linux=linux-generic32 -$(package)_config_opts_riscv32_linux=linux-generic32 -$(package)_config_opts_riscv64_linux=linux-generic64 -$(package)_config_opts_x86_64_darwin=darwin64-x86_64-cc -$(package)_config_opts_x86_64_mingw32=mingw64 -$(package)_config_opts_i686_mingw32=mingw -$(package)_config_opts_android=-fPIC -$(package)_config_opts_aarch64_android=linux-generic64 -$(package)_config_opts_x86_64_android=linux-generic64 -$(package)_config_opts_armv7a_android=linux-generic32 -$(package)_config_opts_i686_android=linux-generic32 -endef - -define $(package)_preprocess_cmds - patch -p1 < $($(package)_patch_dir)/0001-Add-OpenSSL-termios-fix-for-musl-libc.patch && \ - sed -i.old "/define DATE/d" util/mkbuildinf.pl && \ - sed -i.old "s|engines apps test|engines|" Makefile.org -endef - -define $(package)_config_cmds - ./Configure $($(package)_config_opts) -endef - -define $(package)_build_cmds - $(MAKE) -j1 build_crypto libcrypto.pc libssl.pc openssl.pc -endef - -define $(package)_stage_cmds - $(MAKE) INSTALL_PREFIX=$($(package)_staging_dir) -j1 install_sw -endef - -define $(package)_postprocess_cmds - rm -rf share bin etc -endef diff --git a/depends/packages/packages.mk b/depends/packages/packages.mk index 09734c7e6f..09f3187ac4 100644 --- a/depends/packages/packages.mk +++ b/depends/packages/packages.mk @@ -1,4 +1,4 @@ -packages:=boost openssl libevent +packages:=boost libevent qt_packages = qrencode zlib diff --git a/depends/patches/openssl/0001-Add-OpenSSL-termios-fix-for-musl-libc.patch b/depends/patches/openssl/0001-Add-OpenSSL-termios-fix-for-musl-libc.patch deleted file mode 100644 index 003099bdc2..0000000000 --- a/depends/patches/openssl/0001-Add-OpenSSL-termios-fix-for-musl-libc.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c -index a38c758..d99edc2 100644 ---- a/crypto/ui/ui_openssl.c -+++ b/crypto/ui/ui_openssl.c -@@ -190,9 +190,9 @@ - # undef SGTTY - #endif - --#if defined(linux) && !defined(TERMIO) --# undef TERMIOS --# define TERMIO -+#if defined(linux) -+# define TERMIOS -+# undef TERMIO - # undef SGTTY - #endif - From a4eb83961965347792e9ac75928aae359d5f7405 Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 09:14:14 -0400 Subject: [PATCH 6/8] doc: remove OpenSSL from build instructions and licensing info --- build_msvc/README.md | 3 +-- doc/README.md | 2 -- doc/build-freebsd.md | 2 +- doc/build-osx.md | 2 +- doc/build-unix.md | 2 +- doc/dependencies.md | 1 - doc/man/bitcoin-cli.1 | 4 ---- doc/man/bitcoin-qt.1 | 4 ---- doc/man/bitcoin-tx.1 | 4 ---- doc/man/bitcoin-wallet.1 | 4 ---- doc/man/bitcoind.1 | 4 ---- src/init.cpp | 4 +--- 12 files changed, 5 insertions(+), 31 deletions(-) diff --git a/build_msvc/README.md b/build_msvc/README.md index 59be5298ad..704470cac8 100644 --- a/build_msvc/README.md +++ b/build_msvc/README.md @@ -12,7 +12,7 @@ Quick Start The minimal steps required to build Bitcoin Core with the msbuild toolchain are below. More detailed instructions are contained in the following sections. ``` -vcpkg install --triplet x64-windows-static boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent openssl zeromq berkeleydb rapidcheck double-conversion +vcpkg install --triplet x64-windows-static boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent zeromq berkeleydb rapidcheck double-conversion py -3 build_msvc\msvc-autogen.py msbuild /m build_msvc\bitcoin.sln /p:Platform=x64 /p:Configuration=Release /t:build ``` @@ -33,7 +33,6 @@ The [external dependencies](https://github.com/bitcoin/bitcoin/blob/master/doc/d - Boost - DoubleConversion - libevent -- OpenSSL - Qt5 - RapidCheck - ZeroMQ diff --git a/doc/README.md b/doc/README.md index d3017de2ab..46b311b251 100644 --- a/doc/README.md +++ b/doc/README.md @@ -84,5 +84,3 @@ The Bitcoin repo's [root README](/README.md) contains relevant information on th License --------------------- Distributed under the [MIT software license](/COPYING). -This product includes software developed by the OpenSSL Project for use in the [OpenSSL Toolkit](https://www.openssl.org/). This product includes -cryptographic software written by Eric Young ([eay@cryptsoft.com](mailto:eay@cryptsoft.com)), and UPnP software written by Thomas Bernard. diff --git a/doc/build-freebsd.md b/doc/build-freebsd.md index d22b6e8383..4831623504 100644 --- a/doc/build-freebsd.md +++ b/doc/build-freebsd.md @@ -11,7 +11,7 @@ This guide does not contain instructions for building the GUI. You will need the following dependencies, which can be installed as root via pkg: ```shell -pkg install autoconf automake boost-libs git gmake libevent libtool openssl pkgconf +pkg install autoconf automake boost-libs git gmake libevent libtool pkgconf git clone https://github.com/bitcoin/bitcoin.git ``` diff --git a/doc/build-osx.md b/doc/build-osx.md index 9942449bf6..e435798e95 100644 --- a/doc/build-osx.md +++ b/doc/build-osx.md @@ -19,7 +19,7 @@ Then install [Homebrew](https://brew.sh). ## Dependencies ```shell -brew install automake berkeley-db4 libtool boost miniupnpc openssl pkg-config python qt libevent qrencode +brew install automake berkeley-db4 libtool boost miniupnpc pkg-config python qt libevent qrencode ``` See [dependencies.md](dependencies.md) for a complete overview. diff --git a/doc/build-unix.md b/doc/build-unix.md index d048bdeff5..10c557569c 100644 --- a/doc/build-unix.md +++ b/doc/build-unix.md @@ -127,7 +127,7 @@ built by default. Build requirements: - sudo dnf install gcc-c++ libtool make autoconf automake openssl-devel libevent-devel boost-devel libdb4-devel libdb4-cxx-devel python3 + sudo dnf install gcc-c++ libtool make autoconf automake libevent-devel boost-devel libdb4-devel libdb4-cxx-devel python3 Optional (see `--with-miniupnpc` and `--enable-upnp-default`): diff --git a/doc/dependencies.md b/doc/dependencies.md index dc88626761..bfb663866d 100644 --- a/doc/dependencies.md +++ b/doc/dependencies.md @@ -17,7 +17,6 @@ These are the dependencies currently used by Bitcoin Core. You can find instruct | libpng | | | | | [Yes](https://github.com/bitcoin/bitcoin/blob/master/depends/packages/qt.mk) | | librsvg | | | | | | | MiniUPnPc | [2.0.20180203](http://miniupnp.free.fr/files) | | No | | | -| OpenSSL | [1.0.1k](https://www.openssl.org/source) | | Yes | | | | PCRE | | | | | [Yes](https://github.com/bitcoin/bitcoin/blob/master/depends/packages/qt.mk) | | Python (tests) | | [3.5](https://www.python.org/downloads) | | | | | qrencode | [3.4.4](https://fukuchi.org/works/qrencode) | | No | | | diff --git a/doc/man/bitcoin-cli.1 b/doc/man/bitcoin-cli.1 index 95c1d24dff..129651d8e9 100644 --- a/doc/man/bitcoin-cli.1 +++ b/doc/man/bitcoin-cli.1 @@ -113,7 +113,3 @@ The source code is available from . This is experimental software. Distributed under the MIT software license, see the accompanying file COPYING or - -This product includes software developed by the OpenSSL Project for use in the -OpenSSL Toolkit and cryptographic software written by -Eric Young and UPnP software written by Thomas Bernard. diff --git a/doc/man/bitcoin-qt.1 b/doc/man/bitcoin-qt.1 index 1957fb736e..f68be21e8d 100644 --- a/doc/man/bitcoin-qt.1 +++ b/doc/man/bitcoin-qt.1 @@ -608,7 +608,3 @@ The source code is available from . This is experimental software. Distributed under the MIT software license, see the accompanying file COPYING or - -This product includes software developed by the OpenSSL Project for use in the -OpenSSL Toolkit and cryptographic software written by -Eric Young and UPnP software written by Thomas Bernard. diff --git a/doc/man/bitcoin-tx.1 b/doc/man/bitcoin-tx.1 index 6b6071d9b7..b4c7698896 100644 --- a/doc/man/bitcoin-tx.1 +++ b/doc/man/bitcoin-tx.1 @@ -114,7 +114,3 @@ The source code is available from . This is experimental software. Distributed under the MIT software license, see the accompanying file COPYING or - -This product includes software developed by the OpenSSL Project for use in the -OpenSSL Toolkit and cryptographic software written by -Eric Young and UPnP software written by Thomas Bernard. diff --git a/doc/man/bitcoin-wallet.1 b/doc/man/bitcoin-wallet.1 index 1cb8cdebcd..aadea09a2b 100644 --- a/doc/man/bitcoin-wallet.1 +++ b/doc/man/bitcoin-wallet.1 @@ -61,7 +61,3 @@ The source code is available from . This is experimental software. Distributed under the MIT software license, see the accompanying file COPYING or - -This product includes software developed by the OpenSSL Project for use in the -OpenSSL Toolkit and cryptographic software written by -Eric Young and UPnP software written by Thomas Bernard. diff --git a/doc/man/bitcoind.1 b/doc/man/bitcoind.1 index b0aff99ca2..211ba10285 100644 --- a/doc/man/bitcoind.1 +++ b/doc/man/bitcoind.1 @@ -581,7 +581,3 @@ The source code is available from . This is experimental software. Distributed under the MIT software license, see the accompanying file COPYING or - -This product includes software developed by the OpenSSL Project for use in the -OpenSSL Toolkit and cryptographic software written by -Eric Young and UPnP software written by Thomas Bernard. diff --git a/src/init.cpp b/src/init.cpp index 2abdf7dbc4..421768441e 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -563,9 +563,7 @@ std::string LicenseInfo() "\n" + "\n" + _("This is experimental software.").translated + "\n" + - strprintf(_("Distributed under the MIT software license, see the accompanying file %s or %s").translated, "COPYING", "") + "\n" + - "\n" + - strprintf(_("This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit %s and cryptographic software written by Eric Young and UPnP software written by Thomas Bernard.").translated, "") + + strprintf(_("Distributed under the MIT software license, see the accompanying file %s or %s").translated, "COPYING", "") + "\n"; } From 397dbae070dca9a635ff3d1d61add09db004661e Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 26 Oct 2019 09:16:55 -0400 Subject: [PATCH 7/8] ci: remove OpenSSL installation --- .cirrus.yml | 2 +- build_msvc/vcpkg-packages.txt | 2 +- ci/test/04_install.sh | 2 -- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 517cd93585..f4a3878ed8 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -16,7 +16,7 @@ task: ccache_cache: folder: "/tmp/ccache_dir" install_script: - - pkg install -y autoconf automake boost-libs git gmake libevent libtool openssl pkgconf python3 ccache + - pkg install -y autoconf automake boost-libs git gmake libevent libtool pkgconf python3 ccache - ./contrib/install_db4.sh $(pwd) - ccache --max-size=${CCACHE_SIZE} configure_script: diff --git a/build_msvc/vcpkg-packages.txt b/build_msvc/vcpkg-packages.txt index 082a13f1cf..d63636259d 100644 --- a/build_msvc/vcpkg-packages.txt +++ b/build_msvc/vcpkg-packages.txt @@ -1 +1 @@ -berkeleydb boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent openssl rapidcheck zeromq double-conversion \ No newline at end of file +berkeleydb boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent rapidcheck zeromq double-conversion \ No newline at end of file diff --git a/ci/test/04_install.sh b/ci/test/04_install.sh index 271ae82e5c..e70a8a9ea9 100755 --- a/ci/test/04_install.sh +++ b/ci/test/04_install.sh @@ -25,8 +25,6 @@ if [ "$TRAVIS_OS_NAME" == "osx" ]; then done export PATH="/usr/local/opt/ccache/libexec:$PATH" - OPENSSL_PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig" - export PKG_CONFIG_PATH=$OPENSSL_PKG_CONFIG_PATH:$PKG_CONFIG_PATH ${CI_RETRY_EXE} pip3 install $PIP_PACKAGES From e5a0bece6e84402fcb1fe4f25fd24da1d21ec077 Mon Sep 17 00:00:00 2001 From: fanquake Date: Mon, 18 Nov 2019 09:19:04 -0500 Subject: [PATCH 8/8] doc: add OpenSSL removal to release-notes.md --- doc/release-notes.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/release-notes.md b/doc/release-notes.md index a47c8802b0..33a127e0d0 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -63,6 +63,12 @@ distribution provides binaries for the RISC-V platform. Notable changes =============== +Build System +------------ + +- OpenSSL is no longer used by Bitcoin Core. The last usage of the library +was removed in #17265. + New RPCs --------