Bitcoin Forum
December 11, 2024, 02:51:31 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: 0.12.0 and LibreSSL  (Read 746 times)
AliceWonderMiscreations (OP)
Full Member
***
Offline Offline

Activity: 182
Merit: 107


View Profile WWW
February 23, 2016, 11:57:30 AM
 #1

bitcoin-core 0.11.3 allows --with-libressl but that seems to be gone from 0.12.0.

Is there a patch somewhere to add it back in?

I hereby reserve the right to sometimes be wrong
AliceWonderMiscreations (OP)
Full Member
***
Offline Offline

Activity: 182
Merit: 107


View Profile WWW
February 23, 2016, 12:21:54 PM
 #2

This is the error I am getting when attempting to build 0.12.0 w/o any configure switches used

Code:
In file included from addrman.h:13:0,
                 from init.cpp:12:
init.cpp: In function 'bool AppInit2(boost::thread_group&, CScheduler&)':
init.cpp:1081:61: error: 'OPENSSL_VERSION' was not declared in this scope
     LogPrintf("Using OpenSSL version %s\n", OpenSSL_version(OPENSSL_VERSION));
                                                             ^
util.h:77:39: note: in definition of macro 'LogPrintf'
 #define LogPrintf(...) LogPrint(NULL, __VA_ARGS__)
                                       ^
init.cpp:1081:76: error: 'OpenSSL_version' was not declared in this scope
     LogPrintf("Using OpenSSL version %s\n", OpenSSL_version(OPENSSL_VERSION));

LibreSSL 2.3.2

I hereby reserve the right to sometimes be wrong
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 3570
Merit: 6927


Just writing some code


View Profile WWW
February 23, 2016, 12:37:17 PM
 #3

Allowing libressl was dropped several months ago. Read the commit message here: https://github.com/bitcoin/bitcoin/commit/59783884766d00866e190ba5ae761916e932df10 for the reasons why.

AliceWonderMiscreations (OP)
Full Member
***
Offline Offline

Activity: 182
Merit: 107


View Profile WWW
February 23, 2016, 12:40:40 PM
 #4

Allowing libressl was dropped several months ago. Read the commit message here: https://github.com/bitcoin/bitcoin/commit/59783884766d00866e190ba5ae761916e932df10 for the reasons why.

That removes the check for LibreSSL, and implies that the scariness of LibreSSL no longer applies, it won't cause the consensus issues some worried about. Which I doubt would have been any worse than different versions of OpenSSL but...

Anyway thus it seems that it *should* build with LibreSSL and this is a bug.

0.11.2 builds against same version of LibreSSL no problem.

I hereby reserve the right to sometimes be wrong
AliceWonderMiscreations (OP)
Full Member
***
Offline Offline

Activity: 182
Merit: 107


View Profile WWW
February 23, 2016, 01:01:13 PM
 #5

Okay it looks like maybe the fix for that OpenSSL issue might be what caused this break with LibreSSL.

I'm convinced it is.

-=-

https://github.com/bitcoin/bitcoin/issues/7580

I hereby reserve the right to sometimes be wrong
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
February 23, 2016, 02:23:28 PM
Merited by ABCbits (2)
 #6

That removes the check for LibreSSL, and implies that the scariness of LibreSSL no longer applies, it won't cause the consensus issues some worried about. Which I doubt would have been any worse than different versions of OpenSSL but...

And different version of OpenSSL also have a moratorium out on them in respect of Bitcoin (and I'm surprised you don't know this, seeing as the only Red Hat/.rpm repo that ever existed ran into exactly that issue: using a version of OpenSSL that was "better", but contained different ECDSA code that broke Bitcoin nodes using it).

It's not about "worse" or "better", it's about "produces the same bugs".Yes, LibreSSL is likely a "better" crypto library than OpenSSL for general use, but the Bitcoin blockchain has contained signatures verified with OpenSSL long before LibreSSL even existed.



With 0.12 though, the only functions still handled by OpenSSL are the internal PRNG and AES256 for the wallet encryption. So the previous LibreSSL issues essentially don't exist for 0.12+, although there's very little functionality left for LibreSSL to be called for.

Vires in numeris
AliceWonderMiscreations (OP)
Full Member
***
Offline Offline

Activity: 182
Merit: 107


View Profile WWW
February 23, 2016, 03:59:54 PM
 #7

That removes the check for LibreSSL, and implies that the scariness of LibreSSL no longer applies, it won't cause the consensus issues some worried about. Which I doubt would have been any worse than different versions of OpenSSL but...

And different version of OpenSSL also have a moratorium out on them in respect of Bitcoin (and I'm surprised you don't know this, seeing as the only Red Hat/.rpm repo that ever existed ran into exactly that issue: using a version of OpenSSL that was "better", but contained different ECDSA code that broke Bitcoin nodes using it).

It's not about "worse" or "better", it's about "produces the same bugs".Yes, LibreSSL is likely a "better" crypto library than OpenSSL for general use, but the Bitcoin blockchain has contained signatures verified with OpenSSL long before LibreSSL even existed.



With 0.12 though, the only functions still handled by OpenSSL are the internal PRNG and AES256 for the wallet encryption. So the previous LibreSSL issues essentially don't exist for 0.12+, although there's very little functionality left for LibreSSL to be called for.

The problem with the Fedora / Red Hat OpenSSL was related to the Red Hat legal team, Red Hat's OpenSSL only supports two or three ECDSA curves, they ripped a bunch out due to legal fears.

However this issue is resolved:

Code:
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)

Basically a fix for openssl 1.1 broke libressl because libressl uses a high OPENSSL_VERSION_NUMBER yet does not use the OpenSSL API from post fork.

I hereby reserve the right to sometimes be wrong
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!