Difference between revisions of "OpenSSL and EC Libraries"
(Create page, ask for comments on IRC..) |
(Clarify bitcoin's non-use of restricted algos, don't be dismissive of heartbleed) |
||
| Line 1: | Line 1: | ||
== OpenSSL Without Elliptic Curve Support == | == OpenSSL Without Elliptic Curve Support == | ||
| − | Some algorithms in OpenSSL library may be restricted by patent law. Due to strong coupling between the elliptic curve support Bitcoin requires and these nominally non-free algorithms, some Linux distributions (most notably Fedora) ship OpenSSL libraries with elliptic curve support disabled. Since Bitcoin depends on elliptic curve cryptography, it cannot be used with such libraries. | + | Some algorithms in OpenSSL library may be restricted by patent law. Due to strong coupling between the elliptic curve support Bitcoin requires and these nominally non-free algorithms, some Linux distributions (most notably Fedora) ship OpenSSL libraries with elliptic curve support disabled. Since Bitcoin depends on elliptic curve cryptography (although ''not'' on any restricted algorithms), it cannot be used with such libraries. |
== Fixes / Workarounds == | == Fixes / Workarounds == | ||
| Line 8: | Line 8: | ||
* Compile your own OpenSSL and use this rather than the distribution package manager's library. | * Compile your own OpenSSL and use this rather than the distribution package manager's library. | ||
| − | * Use the RPMs provided by gmaxwell [https://people.xiph.org/~greg/openssl/] rather than the distribution package manager's library. (Warning: as of May 2014, these libraries are still vulnerable to the Heartbleed exploit, which | + | * Use the RPMs provided by gmaxwell [https://people.xiph.org/~greg/openssl/] rather than the distribution package manager's library. (Warning: as of May 2014, these libraries are still vulnerable to the Heartbleed exploit, which affects Bitcoin through the RPC interface and payment protocol; it may also expose other applications on your system which use OpenSSL). |
Revision as of 04:00, 3 June 2014
OpenSSL Without Elliptic Curve Support
Some algorithms in OpenSSL library may be restricted by patent law. Due to strong coupling between the elliptic curve support Bitcoin requires and these nominally non-free algorithms, some Linux distributions (most notably Fedora) ship OpenSSL libraries with elliptic curve support disabled. Since Bitcoin depends on elliptic curve cryptography (although not on any restricted algorithms), it cannot be used with such libraries.
Fixes / Workarounds
Some fixes are
- Compile your own OpenSSL and use this rather than the distribution package manager's library.
- Use the RPMs provided by gmaxwell [1] rather than the distribution package manager's library. (Warning: as of May 2014, these libraries are still vulnerable to the Heartbleed exploit, which affects Bitcoin through the RPC interface and payment protocol; it may also expose other applications on your system which use OpenSSL).
