Is feathercoin ready for the latest Openssl?
-
The team didn’t check that issue.
Do you have a link to the description available?
Feathercoin uses the openssl libraries as Bitcoin does, so there is a risk, that the same issues will occur.
If you have a static build of the feathercoin wallet, you should be safe, as the libraries are compiled into the program.
If you compiled the wallet to dynamically load the libraries at run time, the risk is given.
This is from 5 months ago: Openssl bump by theuni Â* Pull Request #5634 Â* bitcoin/bitcoin Â* GitHub
-
Keep with v1.0.1j if in doubt.
-
upgrade openssl-1.0.2c
cd /d/btc/dev cd openssl-1.0.2c ./config make CPPFLAGS="-I/D/BTC/Dev/miniupnpc \ -I/D/BTC/Dev/boost_1_55_0 \ -I/D/FTC/dev/db-5.1.29.NC/build_unix \ -I/D/BTC/Dev/openssl-1.0.2c/include \ -I/D/BTC/Dev \ -I/D/BTC/Dev/protobuf-2.5.0/src \ -I/D/BTC/Dev/libpng-1.6.12 \ -I/D/BTC/Dev/qrencode-3.4.4 \ -I/D/FTC/dev/ZebraCrossing-master/src/libsrc \ -DSTATICLIB " \ LDFLAGS="-L/D/BTC/Dev/boost_1_55_0/stage/lib \ -L/D/FTC/dev/db-5.1.29.NC/build_unix \ -L/D/BTC/Dev/openssl-1.0.2c \ -L/D/BTC/Dev/miniupnpc \ -L/D/BTC/Dev/protobuf-2.5.0/src/.libs \ -L/D/BTC/Dev/libpng-1.6.12/.libs \ -L/D/BTC/Dev/qrencode-3.4.4/.libs \ -L/D/FTC/dev/ZebraCrossing-master/build32/Release " \ ./configure \ --disable-upnp-default \ --disable-tests \ --with-qt-incdir=/D/BTC/Dev/QT/5.3.1/include \ --with-qt-libdir=/D/BTC/Dev/QT/5.3.1/lib \ --with-qt-bindir=/D/BTC/Dev/QT/5.3.1/bin \ --with-qt-plugindir=/D/BTC/Dev/QT/5.3.1/plugins \ --with-boost-system=mgw49-mt-s-1_55 \ --with-boost-filesystem=mgw49-mt-s-1_55 \ --with-boost-program-options=mgw49-mt-s-1_55 \ --with-boost-thread=mgw49-mt-s-1_55 \ --with-boost-chrono=mgw49-mt-s-1_55 \ --with-protoc-bindir=/D/BTC/Dev/protobuf-2.5.0/src \ --with-boost=/D/BTC/Dev/boost_1_55_0/stage \ --with-boost-libdir=/D/BTC/Dev/boost_1_55_0/stage/lib
-
ok so 102c is safe? or does it require changes to code?
-
I think so,safe. you don’t need change any code.
-
delete old code in key.cpp
if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) return false; return true;
add new code.New versions of OpenSSL will reject non-canonical DER signatures
bool CKey::Verify(uint256 hash, const std::vector& vchSig) { // -1 = error, 0 = bad sig, 1 = good if (vchSig.empty()) return false; // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. unsigned char *norm_der = NULL; ECDSA_SIG *norm_sig = ECDSA_SIG_new(); const unsigned char* sigptr = &vchSig[0]; assert(norm_sig); if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL) { /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on * error. But OpenSSL's own use of this function redundantly frees the * result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a * clear contract for the function behaving the same way is more * conservative. */ ECDSA_SIG_free(norm_sig); return false; } int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); ECDSA_SIG_free(norm_sig); if (derlen
-
so delete:
if(ECDSA_verify(…
…
return false
and add:
bool CKey::Verify(…
…
return ret
}
is that right?
-
-
yeah but we still a cleanup on isle 5. I imagine everything still points to ‘Bitcoin’ instead of ‘Feathercoin’. The UI updates are nice but as noticed, only the windows exe made it to .9.5, not the master branch. The master branch is still missing the UI changes. There is a lot of cleanup to do with bitcoin branding that was left behind with feathercoin master branch.What work Ive done, Ive lost with recent backup failures. I am in need of GitHub WRITE access. Furthermore we have a FREEDOM issue here that has recently been brought to my attention.
Although Debian and UBUNTU both use SSL, namely OPENSSL, it has one fatal flaw: current implementation is NON-FREE as distributed.
Fedora team have made changes to FREE it, however, these changes remove the code we need to function.(Elliptic curves)
Several Bitcoin-esque projects are affected, as they ALL use openSSL.
Noted HERE: http://forums.fedoraforum.org/showthread.php?p=1581297 and HERE: http://mikeminneman.com/2013/12/getting-dogecoind-to-run-on-centos/
The CentOS pactch doesnt seem to make any changes. However, it is noted that there is further work to be done on HARDENING as noted in this patch:
https://github.com/weex/bitcoind-centos/blob/master/makefile.new. Current version with Fedora is 1.0.1k (pull from 22, 21 sources are broken).
Ive noticed severe DATA LOSS occuring on Debian systems with Jessie. UBUNTU introduces bugs that shouldnt be. I cant use either as a result.Looks like Im rebuilding OPENSSL…EDIT: NO GO. EPIC FAIL. I dunno how to proceed now. Bitcoin team uses a static version of openssl included with thier app, so does litecoin. Perhaps we should follow suit.
ALSO:
Packages for Feathercoin for Fedora(and Im sure others) are missing the qt wallet client.This is a HUGE oversight. We need to include both the daemon AND the client.Please repack.
-
ALSO:
Packages for Feathercoin for Fedora(and Im sure others) are missing the qt wallet client.This is a HUGE oversight. We need to include both the daemon AND the client.Please repack.
I will tell this to Wellen, but he is at the sea right now.
-
yeah but we still a cleanup on isle 5. I imagine everything still points to ‘Bitcoin’ instead of ‘Feathercoin’. The UI updates are nice but as noticed, only the windows exe made it to .9.5, not the master branch. The master branch is still missing the UI changes. There is a lot of cleanup to do with bitcoin branding that was left behind with feathercoin master branch.What work Ive done, Ive lost with recent backup failures. I am in need of GitHub WRITE access. Furthermore we have a FREEDOM issue here that has recently been brought to my attention.
Although Debian and UBUNTU both use SSL, namely OPENSSL, it has one fatal flaw: current implementation is NON-FREE as distributed.
Fedora team have made changes to FREE it, however, these changes remove the code we need to function.(Elliptic curves)
Several Bitcoin-esque projects are affected, as they ALL use openSSL.
Noted HERE: http://forums.fedoraforum.org/showthread.php?p=1581297 and HERE: http://mikeminneman.com/2013/12/getting-dogecoind-to-run-on-centos/
The CentOS pactch doesnt seem to make any changes. However, it is noted that there is further work to be done on HARDENING as noted in this patch:
https://github.com/weex/bitcoind-centos/blob/master/makefile.new. Current version with Fedora is 1.0.1k (pull from 22, 21 sources are broken).
Ive noticed severe DATA LOSS occuring on Debian systems with Jessie. UBUNTU introduces bugs that shouldnt be. I cant use either as a result.Looks like Im rebuilding OPENSSL…EDIT: NO GO. EPIC FAIL. I dunno how to proceed now. Bitcoin team uses a static version of openssl included with thier app, so does litecoin. Perhaps we should follow suit.
ALSO:
Packages for Feathercoin for Fedora(and Im sure others) are missing the qt wallet client.This is a HUGE oversight. We need to include both the daemon AND the client.Please repack.
It’s not a license issue.
It’s a patent issue.
Use it.
And if Certicom does something nasty, start a riot.