Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Refactor] Remove OpenSSL #2352

Merged
merged 15 commits into from
May 12, 2021
Merged

[Refactor] Remove OpenSSL #2352

merged 15 commits into from
May 12, 2021

Conversation

Fuzzbawls
Copy link
Collaborator

The natural follow-up to #2278, #2286, and #2288. With these three PRs merged, there are only a few minor pieces of code that still rely on OpenSSL:

  • a call to RAND_bytes during the ::SLOW path of ProcRand
  • feeding output from our RNG back into OpenSSL via RAND_add during the ::SLOW and ::SLEEP paths.
  • an unused function in utilstrencodings.cpp (DecodeBase64Secure(), now removed)
  • some stale (un-needed/un-used) header includes
  • bip38 exclusive usages including the following:
    • using OpenSSL's AES for encryption, now switched to using ctaes
    • using OpenSSL to do HMAC_SHA256 hashing in crypto/scrypt.cpp, now switched to using our native HMAC_SHA256 header
    • an unused function in hash.h (std::string Hash(std::string input)), now removed
    • a SHA256 Hash function to compute a void pointer, switched to using template objects

Upstream PRs backported: bitcoin#17265, bitcoin#17515, and bitcoin#18825

The changes to bip38 were tested by doing two-way encryption/decryption between master and this PR

@Fuzzbawls Fuzzbawls added this to the 6.0.0 milestone Apr 29, 2021
@Fuzzbawls Fuzzbawls self-assigned this Apr 29, 2021
@Fuzzbawls Fuzzbawls force-pushed the 2021_remove-openssl branch from e327846 to c316548 Compare May 1, 2021 04:15
@random-zebra
Copy link

Gitian at c316548

71fb56953f6656ade0fefec6e6c7e5ab893c19cb0a38e71aeb82f999b7b98467  pivx-5.1.99-aarch64-linux-gnu-debug.tar.gz
be0ab4a42d772ef5d2038d6e08cf4521651a970d382051b9c36facb5257fe612  pivx-5.1.99-aarch64-linux-gnu.tar.gz
55887321917a4dce9dc8f9928cff4205d847edc6811a5e820993f1d9cdeb5f18  pivx-5.1.99-arm-linux-gnueabihf-debug.tar.gz
c50d7c3d201ef0c622c979ad319f9bc92b3fd275835cf256ec925f1fa49ec3f8  pivx-5.1.99-arm-linux-gnueabihf.tar.gz
71bfd398d6dee3e65d51793c0c33d95d5bb269923283f8f11831b6936d746a30  pivx-5.1.99-i686-pc-linux-gnu-debug.tar.gz
18bd104357e916661a7fbb7fdbbdc766b7ec9e29dd0806955ddc8b2e5cca9878  pivx-5.1.99-i686-pc-linux-gnu.tar.gz
743e2961048dcf2a464a928707cd42eb6f6b8d2465105e7265d7244b17e1bc83  pivx-5.1.99-x86_64-linux-gnu-debug.tar.gz
90c8efb4e824d4d9e173681af5b19a6d0f7e4288a8bbdcf0cc2f0909cd15adcd  pivx-5.1.99-x86_64-linux-gnu.tar.gz
a4b4ba24a594f12f5f0c09fee31d8452da8ee5506105a7a2f82694fe81deeb6f  src/pivx-5.1.99.tar.gz
086ece2c284e8cb5af5b601076b77bc7f8eaf4aebd4cc7396c323a95a03c2d09  pivx-linux-5.1-res.yml

73568933d279d27598a58abd97c4740c18752edccedea54216fc11bfe7444d03  pivx-5.1.99-win-unsigned.tar.gz
5ed6613a6d56e1594c9462ecf864f7fa6274ea98109fee3267abab5c2b71a298  pivx-5.1.99-win64-debug.zip
6e1bd384146926436b1a90a323849ad3cffa6640d5226a59d429e8e97f8a49b1  pivx-5.1.99-win64-setup-unsigned.exe
f2c1b0074aef3f078a8d1e91d3940fcdac9f161d58737f9e99eacdc747ccd4df  pivx-5.1.99-win64.zip
a4b4ba24a594f12f5f0c09fee31d8452da8ee5506105a7a2f82694fe81deeb6f  src/pivx-5.1.99.tar.gz
e5d65a180f9884969bb7a3bb933166d9995a5ea30ab261834c7b67dc3dfbd3cc  pivx-win-5.1-res.yml

81f86bdfeef5b3d927e41df9f11cb3f5f2eec0305f2ee6e368de3c7a723409d5  pivx-5.1.99-osx-unsigned.dmg
6bdb8275c7f1e35c1fe957bdabc9b634853325966b878edd26c5b0e0ae1e0e0f  pivx-5.1.99-osx-unsigned.tar.gz
565860287b9bce003052e6ea789fc6034904b68a654dbc0d0f4cce6f2e710911  pivx-5.1.99-osx64.tar.gz
a4b4ba24a594f12f5f0c09fee31d8452da8ee5506105a7a2f82694fe81deeb6f  src/pivx-5.1.99.tar.gz
41ba3945c4b760bff53ed8c359331308d5152a7d1c3d578ca67b210f263dc7aa  pivx-osx-5.1-res.yml

random-zebra
random-zebra previously approved these changes May 9, 2021
View reviewed changes
Copy link

@random-zebra random-zebra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great PR.
Tested BIP38/Scrypt changes with encryption/decryption between this and master.
Tested resync on mainnet and testnet, and builds (local/depends/gitian) on linux.
All good. Just a minor non-blocking nit, which can be ignored.
ACK c316548

Note: this is going to have conflicts with #2314

@random-zebra random-zebra mentioned this pull request May 9, 2021
Merged
fanquake and others added 15 commits May 10, 2021 17:01
@fanquake @Fuzzbawls
random: stop feeding RNG output back into OpenSSL
b1c8396 
On the ::SLOW or ::SLEEP paths, we would feed our RNG output back into
OpenSSL using RAND_add. This commit removes that functionality.

RAND_add(): https://www.openssl.org/docs/manmaster/man3/RAND_add.html

RAND_add() mixes the num bytes at buf into the internal state of the
random generator. This function will not normally be needed, as
mentioned above. The randomness argument is an estimate of how much
randomness is contained in buf, in bytes, and should be a number
between zero and num.
@fanquake @Fuzzbawls
random: stop retrieving random bytes from OpenSSL
602c0b2 
On the ::SLOW path we would use OpenSSL as an additional source of
random bytes. This commit removes that functionality. Note that this was
always only an additional source, and that we never checked the return
value

RAND_bytes(): https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html

RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf.
@fanquake @Fuzzbawls
random: Remove remaining OpenSSL calls and locking infrastructure
690c938
@Fuzzbawls
remove unused EncodeBase64Secure
ab830e5 
Also the hanging declaration of DecodeBase64Secure
@Fuzzbawls
Remove unused openssl includes
86c978a
@Fuzzbawls
Use ctaes instead of OpenSSL's AES in bip38 code
b687f8e
@Fuzzbawls
Use our own hmac_sha256 instead of OpenSSL's in scrypt.cpp
d531bf2
@Fuzzbawls
Stop using OpenSSL's sha hashing in bip38 code
5f30c2b
@fanquake @Fuzzbawls
build: remove OpenSSL detection and libs
53576bc
@Fuzzbawls
CMake: remove OpenSSL detection and libs
9a81d8e
@Fuzzbawls
depends: remove OpenSSL package
9b2e35d
@Fuzzbawls
doc: remove OpenSSL from build instructions and licensing info
9660aec 
also cleanup some stray comments
@Fuzzbawls
ci: remove OpenSSL installation
f669248
@Fuzzbawls
doc: Add OpenSSL removal to release notes
686bfad
@Fuzzbawls
Snap: remove openssl from nightly snapcraft build requirements
5563331
@Fuzzbawls Fuzzbawls force-pushed the 2021_remove-openssl branch from c316548 to 5563331 Compare May 11, 2021 01:49
@Fuzzbawls
Copy link
Collaborator Author

Rebased now that #2314 was merged and removed the redundant hasher object in scrypt.cpp

@random-zebra
Copy link

Gitian [Merge 5563331 into 44ddf8a]

63182f731897a004b53efe883062b6b9714bbc728a49a5df3341e31e633b3bc6  pivx-5.1.99-aarch64-linux-gnu-debug.tar.gz
daad4c5a3b8fdf6c1d8cf0f605ee0dc996ce854e43a59d6f8f73bff9e23d432a  pivx-5.1.99-aarch64-linux-gnu.tar.gz
3515ccd53d5c672ac2bf1c090930be9532da2bc62c7c42875db6e0b4721e727d  pivx-5.1.99-arm-linux-gnueabihf-debug.tar.gz
95be64efeb024a3db1b54dd548b473bb61683f83f17ec85d5f26a166c62facc3  pivx-5.1.99-arm-linux-gnueabihf.tar.gz
86a01775a302f325f36b3a353cce9ae28c55bb660adf5db466bd0b79ebea6d75  pivx-5.1.99-i686-pc-linux-gnu-debug.tar.gz
16a848a7225f9bb3b514888ade01a99c91dc24437157ef29cb13762ac3d2b896  pivx-5.1.99-i686-pc-linux-gnu.tar.gz
69739b443955c28d4f8204ab9af2faa3884452f7b56182fe27c14c684fb1666d  pivx-5.1.99-x86_64-linux-gnu-debug.tar.gz
c15683e4a450a16f73e241c9167eba155c6458f376ba99466f898594bbf23301  pivx-5.1.99-x86_64-linux-gnu.tar.gz
a7537235f3ef7c1eb6716c8e2a0e69f0c0075481ef4b97a66ca29da67fe696ad  src/pivx-5.1.99.tar.gz
d37cea840deb6b4384c7ce7de4c6ceab39bbe57561bf3b4cc3416b1b75baf638  pivx-linux-5.1-res.yml

e349a2ee151c9c398118fce66778dba2550d4783fcc3c07300802c2993c9408d  pivx-5.1.99-win-unsigned.tar.gz
0e305b6739dd567df29ea76666913e584c098d031b6d02a4851a5b4bef928b62  pivx-5.1.99-win64-debug.zip
7ece649ab42048d9cdf139cfeb2f9168c3711f3d533adb9fc1a5d8a6e6f24e89  pivx-5.1.99-win64-setup-unsigned.exe
c0fe98b2feb07dd9b9ef7dc814dbbeae0f033c8404e8a6590f7a26ab9484e102  pivx-5.1.99-win64.zip
a7537235f3ef7c1eb6716c8e2a0e69f0c0075481ef4b97a66ca29da67fe696ad  src/pivx-5.1.99.tar.gz
e99358fe9f2f059b18cb506c4b1f10688b07dd4b674993424847b55b5a8a8d87  pivx-win-5.1-res.yml

c6ddf78965136a91dbcb4447adf89539b48f55675c37a1fc3210f81b7b500210  pivx-5.1.99-osx-unsigned.dmg
fad3b0e67fd0df1a16531422572a4087470a7e250c022be2f07d58d0308b587d  pivx-5.1.99-osx-unsigned.tar.gz
d260c0850e00a85fe364c1ed09a736b89869b991fd7069f390604ee9299625a5  pivx-5.1.99-osx64.tar.gz
a7537235f3ef7c1eb6716c8e2a0e69f0c0075481ef4b97a66ca29da67fe696ad  src/pivx-5.1.99.tar.gz
8fbbf30c1512a995ec90ec1494d64f34a2f17acd39d42575a82d45664ba8a5c7  pivx-osx-5.1-res.yml

furszy
furszy reviewed May 11, 2021
View reviewed changes
Copy link

@furszy furszy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gitian here:

Linux:

945643f6a19fe942ddad9176fb2d618b00176835e26d5b24c2e87151eeca63a7  pivx-5.1.99-aarch64-linux-gnu-debug.tar.gz
9cb8733096290c73e5ff63ed321d68497e9f8e883e273c3a0d8139912ddccebb  pivx-5.1.99-aarch64-linux-gnu.tar.gz
16de180100dbe1d96e21c677921037ca7c6334a9ad2c58ae3d47d7209f4627ea  pivx-5.1.99-arm-linux-gnueabihf-debug.tar.gz
44ec7d4e506bfe2a74ec6f632462463313b5ace5b29b9740440a0f0d11667178  pivx-5.1.99-arm-linux-gnueabihf.tar.gz
f2a6711658c982281539b6cdb11b369b3f9e8d29f5da291a2871aa2600b47e35  pivx-5.1.99-i686-pc-linux-gnu-debug.tar.gz
08fdb40f785b2ec49968a96ad58f9427d16ed1be617046c78cb2ac91702c998a  pivx-5.1.99-i686-pc-linux-gnu.tar.gz
cb40140db46d73c07b9ab69d44595ebc8e0489db41c78a2c442eb01204d16845  pivx-5.1.99-x86_64-linux-gnu-debug.tar.gz
6ccfae0c11590ffa41e622794dc8ce3392096f6a9709034eaa84acac11be6c3d  pivx-5.1.99-x86_64-linux-gnu.tar.gz
b14f25d8519712de954f741075df482caae513083fbdd8a8c4ed55ff040df19a  src/pivx-5.1.99.tar.gz
501f92949acda149b01350d75f401ea5baa833a2576f7cbf821af1452e86e062  pivx-linux-6.0-res.yml

Windows:

7ab71bf03357bbe3a7d6a186fb675e71cb246bd8d756440c92ed795997e4ef39  pivx-5.1.99-win-unsigned.tar.gz
f18575bbcd1280b06af96526c35e22cfe276315ec023de7d799244a1e3d428b4  pivx-5.1.99-win64-debug.zip
0b1df2a8c7d7b50a066cf9a0f1adbfcecaafaec212b3c7ae2668e6df00b544bf  pivx-5.1.99-win64-setup-unsigned.exe
c767d07858190d4ad02f3b316570d2bc14400a3b74d275413adb50658b1c04e7  pivx-5.1.99-win64.zip
b14f25d8519712de954f741075df482caae513083fbdd8a8c4ed55ff040df19a  src/pivx-5.1.99.tar.gz
730d7980b5020b032682e918826fce7a3d3ad8bfa4fda4053174616e4a459d41  pivx-win-6.0-res.yml

@random-zebra
Copy link

@furszy I assume that we have different hashes because your gitian was done on top of 10319fd (and mine on top of 44ddf8a).

random-zebra
random-zebra approved these changes May 12, 2021
View reviewed changes
Copy link

@random-zebra random-zebra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 5563331

furszy
furszy approved these changes May 12, 2021
View reviewed changes
Copy link

@furszy furszy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

k, ACK 5563331 and merging..

@furszy furszy merged commit 086fc30 into PIVX-Project:master May 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@furszy furszy furszy approved these changes

@random-zebra random-zebra random-zebra approved these changes

Assignees

@Fuzzbawls Fuzzbawls

Labels
Build System Cleanup Refactoring Upstream Util / log / libs
Projects
None yet
Milestone
5.3.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Fuzzbawls @random-zebra @furszy @fanquake