Published on: 2016-01-25T11:58:29+00:00
In version 0.12 of Bitcoin, the dependency on OpenSSL for signature validation has been replaced with libsecp256k1. However, OpenSSL is still being used for various other purposes such as random number generation and AES256 encryption of private keys. There are outdated pull requests to remove the OpenSSL dependency for these purposes. It is suggested that OpenSSL be kept as a dependency for SSL/X.509 in the BIP70 payment protocol. The plan is to make OpenSSL a dependency only if the GUI is enabled in the future, with most of the work already done but requiring careful testing and integration.In response to a question from Andrew about why OpenSSL is still being used, the author explains that while OpenSSL has been dropped for ECC signature validation, it is still being used for other crypto functions. Specifically, it is used for getting random numbers to randomize the ECC signing context, AES256 encryption of private keys for wallets, and SSL/X.509 for the BIP70 payment protocol for the GUI. The author suggests that the OpenSSL dependency could be removed for the first two purposes but makes sense to keep it for the BIP70 payment protocol. The author provides links to relevant pull requests related to entropy and AES. The message ends with a PGP signature.In another post on the Bitcoin-dev mailing list, Ethan Heilman asks whether libsecp256k1 is used for all cryptographic functions in Bitcoin. Douglas Roark replies that while libsecp256k1 performs the required elliptic curve operations, OpenSSL is still used for other crypto functions. Roark mentions that libsecp256k1 currently relies on an implementation of RFC 6979 instead of a PRNG, possibly for portability reasons. However, there are still some crypto functions not covered by libsecp256k1 at the API level, and for consensus-critical functionality, OpenSSL will be replaced with libsecp256k1 in the upcoming version 0.12 of Bitcoin.A discussion on the use of libsecp256k1 and OpenSSL in Bitcoin is taking place on the bitcoin-dev mailing list. It is noted that libsecp256k1 is only used for elliptic curve operations required by Bitcoin, while OpenSSL is used for all other cryptography. The use of OpenSSL's PRNG can be seen in the random.h file in the Bitcoin source code. The question arises regarding what other purposes OpenSSL serves if signature validation has been moved to libsecp256k1 in the 0.12 release notes. However, it is not clear from the given context whether a response was provided or not.
Updated on: 2023-08-01T17:35:36.978170+00:00