kevacoin/src/key.cpp

// Copyright (c) 2009-2014 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include "key.h"

#include "arith_uint256.h"
#include "crypto/hmac_sha512.h"
#include "crypto/rfc6979_hmac_sha256.h"
#include "eccryptoverify.h"
#include "pubkey.h"
#include "random.h"

#include <secp256k1.h>
#include "ecwrapper.h"

//! anonymous namespace
namespace {

class CSecp256k1Init {
public:
    CSecp256k1Init() {
        secp256k1_start(SECP256K1_START_SIGN);
    }
    ~CSecp256k1Init() {
        secp256k1_stop();
    }
};
static CSecp256k1Init instance_of_csecp256k1;

} // anon namespace

bool CKey::Check(const unsigned char *vch) {
    return eccrypto::Check(vch);
}

void CKey::MakeNewKey(bool fCompressedIn) {
    RandAddSeedPerfmon();
    do {
        GetRandBytes(vch, sizeof(vch));
    } while (!Check(vch));
    fValid = true;
    fCompressed = fCompressedIn;
}

bool CKey::SetPrivKey(const CPrivKey &privkey, bool fCompressedIn) {
    if (!secp256k1_ec_privkey_import((unsigned char*)begin(), &privkey[0], privkey.size()))
        return false;
    fCompressed = fCompressedIn;
    fValid = true;
    return true;
}

CPrivKey CKey::GetPrivKey() const {
    assert(fValid);
    CPrivKey privkey;
    int privkeylen, ret;
    privkey.resize(279);
    privkeylen = 279;
    ret = secp256k1_ec_privkey_export(begin(), (unsigned char*)&privkey[0], &privkeylen, fCompressed);
    assert(ret);
    privkey.resize(privkeylen);
    return privkey;
}

CPubKey CKey::GetPubKey() const {
    assert(fValid);
    CPubKey result;
    int clen = 65;
    int ret = secp256k1_ec_pubkey_create((unsigned char*)result.begin(), &clen, begin(), fCompressed);
    assert((int)result.size() == clen);
    assert(ret);
    assert(result.IsValid());
    return result;
}

bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case) const {
    if (!fValid)
        return false;
    vchSig.resize(72);
    RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32);
    do {
        uint256 nonce;
        prng.Generate((unsigned char*)&nonce, 32);
        nonce = ArithToUint256(UintToArith256(nonce) + test_case);
        int nSigLen = 72;
        int ret = secp256k1_ecdsa_sign((const unsigned char*)&hash, (unsigned char*)&vchSig[0], &nSigLen, begin(), (unsigned char*)&nonce);
        nonce = uint256();
        if (ret) {
            vchSig.resize(nSigLen);
            return true;
        }
    } while(true);
}

bool CKey::VerifyPubKey(const CPubKey& pubkey) const {
    if (pubkey.IsCompressed() != fCompressed) {
        return false;
    }
    unsigned char rnd[8];
    std::string str = "Bitcoin key verification\n";
    GetRandBytes(rnd, sizeof(rnd));
    uint256 hash;
    CHash256().Write((unsigned char*)str.data(), str.size()).Write(rnd, sizeof(rnd)).Finalize((unsigned char*)&hash);
    std::vector<unsigned char> vchSig;
    Sign(hash, vchSig);
    return pubkey.Verify(hash, vchSig);
}

bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig) const {
    if (!fValid)
        return false;
    vchSig.resize(65);
    int rec = -1;
    RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32);
    do {
        uint256 nonce;
        prng.Generate((unsigned char*)&nonce, 32);
        int ret = secp256k1_ecdsa_sign_compact((const unsigned char*)&hash, &vchSig[1], begin(), (unsigned char*)&nonce, &rec);
        nonce = uint256();
        if (ret)
            break;
    } while(true);
    assert(rec != -1);
    vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
    return true;
}

bool CKey::Load(CPrivKey &privkey, CPubKey &vchPubKey, bool fSkipCheck=false) {
    if (!secp256k1_ec_privkey_import((unsigned char*)begin(), &privkey[0], privkey.size()))
        return false;
    fCompressed = vchPubKey.IsCompressed();
    fValid = true;

    if (fSkipCheck)
        return true;

    return VerifyPubKey(vchPubKey);
}

bool CKey::Derive(CKey& keyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const {
    assert(IsValid());
    assert(IsCompressed());
    unsigned char out[64];
    LockObject(out);
    if ((nChild >> 31) == 0) {
        CPubKey pubkey = GetPubKey();
        assert(pubkey.begin() + 33 == pubkey.end());
        BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin()+1, out);
    } else {
        assert(begin() + 32 == end());
        BIP32Hash(cc, nChild, 0, begin(), out);
    }
    memcpy(ccChild, out+32, 32);
    memcpy((unsigned char*)keyChild.begin(), begin(), 32);
    bool ret = secp256k1_ec_privkey_tweak_add((unsigned char*)keyChild.begin(), out);
    UnlockObject(out);
    keyChild.fCompressed = true;
    keyChild.fValid = ret;
    return ret;
}

bool CExtKey::Derive(CExtKey &out, unsigned int nChild) const {
    out.nDepth = nDepth + 1;
    CKeyID id = key.GetPubKey().GetID();
    memcpy(&out.vchFingerprint[0], &id, 4);
    out.nChild = nChild;
    return key.Derive(out.key, out.vchChainCode, nChild, vchChainCode);
}

void CExtKey::SetMaster(const unsigned char *seed, unsigned int nSeedLen) {
    static const unsigned char hashkey[] = {'B','i','t','c','o','i','n',' ','s','e','e','d'};
    unsigned char out[64];
    LockObject(out);
    CHMAC_SHA512(hashkey, sizeof(hashkey)).Write(seed, nSeedLen).Finalize(out);
    key.Set(&out[0], &out[32], true);
    memcpy(vchChainCode, &out[32], 32);
    UnlockObject(out);
    nDepth = 0;
    nChild = 0;
    memset(vchFingerprint, 0, sizeof(vchFingerprint));
}

CExtPubKey CExtKey::Neuter() const {
    CExtPubKey ret;
    ret.nDepth = nDepth;
    memcpy(&ret.vchFingerprint[0], &vchFingerprint[0], 4);
    ret.nChild = nChild;
    ret.pubkey = key.GetPubKey();
    memcpy(&ret.vchChainCode[0], &vchChainCode[0], 32);
    return ret;
}

void CExtKey::Encode(unsigned char code[74]) const {
    code[0] = nDepth;
    memcpy(code+1, vchFingerprint, 4);
    code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF;
    code[7] = (nChild >>  8) & 0xFF; code[8] = (nChild >>  0) & 0xFF;
    memcpy(code+9, vchChainCode, 32);
    code[41] = 0;
    assert(key.size() == 32);
    memcpy(code+42, key.begin(), 32);
}

void CExtKey::Decode(const unsigned char code[74]) {
    nDepth = code[0];
    memcpy(vchFingerprint, code+1, 4);
    nChild = (code[5] << 24) | (code[6] << 16) | (code[7] << 8) | code[8];
    memcpy(vchChainCode, code+9, 32);
    key.Set(code+42, code+74, true);
}

bool ECC_InitSanityCheck() {
#if !defined(USE_SECP256K1)
    if (!CECKey::SanityCheck()) {
        return false;
    }
#endif
    CKey key;
    key.MakeNewKey(true);
    CPubKey pubkey = key.GetPubKey();
    return key.VerifyPubKey(pubkey);
}
Added "Core" to copyright headers Github-Pull: #5494 Rebased-From: 15de949bb9277e442302bdd8dee299a8d6deee60 10 years ago			`// Copyright (c) 2009-2014 The Bitcoin Core developers`
Update comments in key to be doxygen compatible 10 years ago			`// Distributed under the MIT software license, see the accompanying`
Update License in File Headers I originally created a pull to replace the "COPYING" in crypter.cpp and crypter.h, but it turned out that COPYING was actually the correct file. 13 years ago			`// file COPYING or http://www.opensource.org/licenses/mit-license.php.`
Add GetSecret() and GetKeys() to CKeyStore 14 years ago
Cleanup code using forward declarations. Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files. 12 years ago			`#include "key.h"`

Use arith_uint256 where necessary Also add conversion from/to uint256 where needed. 10 years ago			`#include "arith_uint256.h"`
Split up crypto/sha2 10 years ago			`#include "crypto/hmac_sha512.h"`
Deterministic signing 10 years ago			`#include "crypto/rfc6979_hmac_sha256.h"`
boost: moveonly: create eccryptoverify.h\|cpp and move helper functions there Eventually (after 0.10) these files will hold the logic for crypto verification routines, and CKey/CPubKey will call into them. 10 years ago			`#include "eccryptoverify.h"`
boost: moveonly: split CPubKey and friends to new files 10 years ago			`#include "pubkey.h"`
add GetRandBytes() as wrapper for RAND_bytes() - add a small wrapper in util around RAND_bytes() and replace with GetRandBytes() in the code to log errors from calling RAND_bytes() - remove OpenSSL header rand.h where no longer needed 11 years ago			`#include "random.h"`
Add a built-in SHA256/SHA512 implementation. This also moves the HMAC-SHA512 implementation to sha2.cpp. 11 years ago
libsecp256k1 integration 11 years ago			`#include <secp256k1.h>`
boost: code movement only: split CECKey into separate files 10 years ago			`#include "ecwrapper.h"`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago
Update comments in keystore to be doxygen compatible 10 years ago			`//! anonymous namespace`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`namespace {`

libsecp256k1 integration 11 years ago			`class CSecp256k1Init {`
			`public:`
			`CSecp256k1Init() {`
Use libsecp256k1 in key.cpp 10 years ago			`secp256k1_start(SECP256K1_START_SIGN);`
libsecp256k1 integration 11 years ago			`}`
			`~CSecp256k1Init() {`
			`secp256k1_stop();`
			`}`
			`};`
			`static CSecp256k1Init instance_of_csecp256k1;`

ensure clean and consistent "namespace" usage - remove some missplaced ; - ensure end of a namespace is clearly visible - use same formatting when using namespace 11 years ago			`} // anon namespace`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago
			`bool CKey::Check(const unsigned char *vch) {`
boost: moveonly: create eccryptoverify.h\|cpp and move helper functions there Eventually (after 0.10) these files will hold the logic for crypto verification routines, and CKey/CPubKey will call into them. 10 years ago			`return eccrypto::Check(vch);`
Refactor: move code from key.h to key.cpp 13 years ago			`}`

CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`void CKey::MakeNewKey(bool fCompressedIn) {`
Add RandAddSeedPerfmon to MakeNewKey 10 years ago			`RandAddSeedPerfmon();`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`do {`
add GetRandBytes() as wrapper for RAND_bytes() - add a small wrapper in util around RAND_bytes() and replace with GetRandBytes() in the code to log errors from calling RAND_bytes() - remove OpenSSL header rand.h where no longer needed 11 years ago			`GetRandBytes(vch, sizeof(vch));`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`} while (!Check(vch));`
			`fValid = true;`
			`fCompressed = fCompressedIn;`
Refactor: move code from key.h to key.cpp 13 years ago			`}`

CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`bool CKey::SetPrivKey(const CPrivKey &privkey, bool fCompressedIn) {`
Use libsecp256k1 in key.cpp 10 years ago			`if (!secp256k1_ec_privkey_import((unsigned char*)begin(), &privkey[0], privkey.size()))`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`return false;`
			`fCompressed = fCompressedIn;`
			`fValid = true;`
			`return true;`
Refactor: move code from key.h to key.cpp 13 years ago			`}`

CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`CPrivKey CKey::GetPrivKey() const {`
			`assert(fValid);`
libsecp256k1 integration 11 years ago			`CPrivKey privkey;`
boost: remove CPrivKey dependency from CECKey This allows CECKey to be used without directly depending on the secure allocators 10 years ago			`int privkeylen, ret;`
libsecp256k1 integration 11 years ago			`privkey.resize(279);`
boost: remove CPrivKey dependency from CECKey This allows CECKey to be used without directly depending on the secure allocators 10 years ago			`privkeylen = 279;`
Use libsecp256k1 in key.cpp 10 years ago			`ret = secp256k1_ec_privkey_export(begin(), (unsigned char*)&privkey[0], &privkeylen, fCompressed);`
libsecp256k1 integration 11 years ago			`assert(ret);`
			`privkey.resize(privkeylen);`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`return privkey;`
Refactor: move code from key.h to key.cpp 13 years ago			`}`

CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`CPubKey CKey::GetPubKey() const {`
			`assert(fValid);`
boost: remove CPubKey dependency from CECKey. Follow-up of e405aa48 10 years ago			`CPubKey result;`
libsecp256k1 integration 11 years ago			`int clen = 65;`
Use libsecp256k1 in key.cpp 10 years ago			`int ret = secp256k1_ec_pubkey_create((unsigned char*)result.begin(), &clen, begin(), fCompressed);`
boost: remove CPubKey dependency from CECKey. Follow-up of e405aa48 10 years ago			`assert((int)result.size() == clen);`
libsecp256k1 integration 11 years ago			`assert(ret);`
boost: remove CPubKey dependency from CECKey. Follow-up of e405aa48 10 years ago			`assert(result.IsValid());`
			`return result;`
Refactor: move code from key.h to key.cpp 13 years ago			`}`

Deterministic signing 10 years ago			`bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case) const {`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`if (!fValid)`
Refactor: move code from key.h to key.cpp 13 years ago			`return false;`
libsecp256k1 integration 11 years ago			`vchSig.resize(72);`
Deterministic signing 10 years ago			`RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32);`
libsecp256k1 integration 11 years ago			`do {`
Deterministic signing 10 years ago			`uint256 nonce;`
			`prng.Generate((unsigned char*)&nonce, 32);`
Use arith_uint256 where necessary Also add conversion from/to uint256 where needed. 10 years ago			`nonce = ArithToUint256(UintToArith256(nonce) + test_case);`
Deterministic signing 10 years ago			`int nSigLen = 72;`
Update Bitcoin for libsecp256k1 API change 10 years ago			`int ret = secp256k1_ecdsa_sign((const unsigned char)&hash, (unsigned char)&vchSig[0], &nSigLen, begin(), (unsigned char*)&nonce);`
Replace direct use of 0 with SetNull and IsNull Replace x=0 with .SetNull(), x==0 with IsNull(), x!=0 with !IsNull(). Replace uses of uint256(0) with uint256(). 10 years ago			`nonce = uint256();`
Resize after succesful result 10 years ago			`if (ret) {`
			`vchSig.resize(nSigLen);`
Deterministic signing 10 years ago			`return true;`
Resize after succesful result 10 years ago			`}`
libsecp256k1 integration 11 years ago			`} while(true);`
Refactor: move code from key.h to key.cpp 13 years ago			`}`

Add sanity check after key generation Add a sanity check to prevent cosmic rays from flipping a bit in the generated public key, or bugs in the elliptic curve code. This is simply done by signing a (randomized) message, and verifying the result. 10 years ago			`bool CKey::VerifyPubKey(const CPubKey& pubkey) const {`
			`if (pubkey.IsCompressed() != fCompressed) {`
			`return false;`
			`}`
			`unsigned char rnd[8];`
			`std::string str = "Bitcoin key verification\n";`
			`GetRandBytes(rnd, sizeof(rnd));`
			`uint256 hash;`
			`CHash256().Write((unsigned char)str.data(), str.size()).Write(rnd, sizeof(rnd)).Finalize((unsigned char)&hash);`
			`std::vector<unsigned char> vchSig;`
			`Sign(hash, vchSig);`
			`return pubkey.Verify(hash, vchSig);`
			`}`

CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig) const {`
			`if (!fValid)`
Refactor: move code from key.h to key.cpp 13 years ago			`return false;`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`vchSig.resize(65);`
			`int rec = -1;`
Deterministic signing 10 years ago			`RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32);`
libsecp256k1 integration 11 years ago			`do {`
Deterministic signing 10 years ago			`uint256 nonce;`
			`prng.Generate((unsigned char*)&nonce, 32);`
Update Bitcoin for libsecp256k1 API change 10 years ago			`int ret = secp256k1_ecdsa_sign_compact((const unsigned char)&hash, &vchSig[1], begin(), (unsigned char)&nonce, &rec);`
Replace direct use of 0 with SetNull and IsNull Replace x=0 with .SetNull(), x==0 with IsNull(), x!=0 with !IsNull(). Replace uses of uint256(0) with uint256(). 10 years ago			`nonce = uint256();`
Deterministic signing 10 years ago			`if (ret)`
libsecp256k1 integration 11 years ago			`break;`
			`} while(true);`
CSecret/CKey -> CKey/CPubKey split/refactor 12 years ago			`assert(rec != -1);`
			`vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);`
			`return true;`
			`}`
Refactor: move code from key.h to key.cpp 13 years ago
improve wallet load time by removing duplicated calls to EC_KEY_check_key and adding a hash for vchPubKey/vchPrivKey entries in wallet.dat backwards compatible with previous wallet.dat format 11 years ago			`bool CKey::Load(CPrivKey &privkey, CPubKey &vchPubKey, bool fSkipCheck=false) {`
Use libsecp256k1 in key.cpp 10 years ago			`if (!secp256k1_ec_privkey_import((unsigned char*)begin(), &privkey[0], privkey.size()))`
improve wallet load time by removing duplicated calls to EC_KEY_check_key and adding a hash for vchPubKey/vchPrivKey entries in wallet.dat backwards compatible with previous wallet.dat format 11 years ago			`return false;`
			`fCompressed = vchPubKey.IsCompressed();`
			`fValid = true;`
libsecp256k1 integration 11 years ago
verify vchPubKey matches calculated public key unless fSkipCheck is set 11 years ago			`if (fSkipCheck)`
			`return true;`
libsecp256k1 integration 11 years ago
Add sanity check after key generation Add a sanity check to prevent cosmic rays from flipping a bit in the generated public key, or bugs in the elliptic curve code. This is simply done by signing a (randomized) message, and verifying the result. 10 years ago			`return VerifyPubKey(vchPubKey);`
improve wallet load time by removing duplicated calls to EC_KEY_check_key and adding a hash for vchPubKey/vchPrivKey entries in wallet.dat backwards compatible with previous wallet.dat format 11 years ago			`}`

BIP32 derivation implementation 11 years ago			`bool CKey::Derive(CKey& keyChild, unsigned char ccChild[32], unsigned int nChild, const unsigned char cc[32]) const {`
			`assert(IsValid());`
			`assert(IsCompressed());`
			`unsigned char out[64];`
			`LockObject(out);`
			`if ((nChild >> 31) == 0) {`
			`CPubKey pubkey = GetPubKey();`
			`assert(pubkey.begin() + 33 == pubkey.end());`
			`BIP32Hash(cc, nChild, *pubkey.begin(), pubkey.begin()+1, out);`
			`} else {`
			`assert(begin() + 32 == end());`
			`BIP32Hash(cc, nChild, 0, begin(), out);`
			`}`
			`memcpy(ccChild, out+32, 32);`
libsecp256k1 integration 11 years ago			`memcpy((unsigned char*)keyChild.begin(), begin(), 32);`
Use libsecp256k1 in key.cpp 10 years ago			`bool ret = secp256k1_ec_privkey_tweak_add((unsigned char*)keyChild.begin(), out);`
BIP32 derivation implementation 11 years ago			`UnlockObject(out);`
			`keyChild.fCompressed = true;`
			`keyChild.fValid = ret;`
			`return ret;`
			`}`

			`bool CExtKey::Derive(CExtKey &out, unsigned int nChild) const {`
			`out.nDepth = nDepth + 1;`
			`CKeyID id = key.GetPubKey().GetID();`
			`memcpy(&out.vchFingerprint[0], &id, 4);`
			`out.nChild = nChild;`
			`return key.Derive(out.key, out.vchChainCode, nChild, vchChainCode);`
			`}`

			`void CExtKey::SetMaster(const unsigned char *seed, unsigned int nSeedLen) {`
Add a built-in SHA256/SHA512 implementation. This also moves the HMAC-SHA512 implementation to sha2.cpp. 11 years ago			`static const unsigned char hashkey[] = {'B','i','t','c','o','i','n',' ','s','e','e','d'};`
BIP32 derivation implementation 11 years ago			`unsigned char out[64];`
			`LockObject(out);`
Add a built-in SHA256/SHA512 implementation. This also moves the HMAC-SHA512 implementation to sha2.cpp. 11 years ago			`CHMAC_SHA512(hashkey, sizeof(hashkey)).Write(seed, nSeedLen).Finalize(out);`
BIP32 derivation implementation 11 years ago			`key.Set(&out[0], &out[32], true);`
			`memcpy(vchChainCode, &out[32], 32);`
			`UnlockObject(out);`
			`nDepth = 0;`
			`nChild = 0;`
			`memset(vchFingerprint, 0, sizeof(vchFingerprint));`
			`}`

			`CExtPubKey CExtKey::Neuter() const {`
			`CExtPubKey ret;`
			`ret.nDepth = nDepth;`
			`memcpy(&ret.vchFingerprint[0], &vchFingerprint[0], 4);`
			`ret.nChild = nChild;`
			`ret.pubkey = key.GetPubKey();`
			`memcpy(&ret.vchChainCode[0], &vchChainCode[0], 32);`
			`return ret;`
			`}`

			`void CExtKey::Encode(unsigned char code[74]) const {`
			`code[0] = nDepth;`
			`memcpy(code+1, vchFingerprint, 4);`
			`code[5] = (nChild >> 24) & 0xFF; code[6] = (nChild >> 16) & 0xFF;`
			`code[7] = (nChild >> 8) & 0xFF; code[8] = (nChild >> 0) & 0xFF;`
			`memcpy(code+9, vchChainCode, 32);`
			`code[41] = 0;`
			`assert(key.size() == 32);`
			`memcpy(code+42, key.begin(), 32);`
			`}`

			`void CExtKey::Decode(const unsigned char code[74]) {`
			`nDepth = code[0];`
			`memcpy(vchFingerprint, code+1, 4);`
			`nChild = (code[5] << 24) \| (code[6] << 16) \| (code[7] << 8) \| code[8];`
			`memcpy(vchChainCode, code+9, 32);`
			`key.Set(code+42, code+74, true);`
			`}`

key.cpp: fail with a friendlier message on missing ssl EC support Previously if bitcoind is linked with an OpenSSL which is compiled without EC support, this is seen as an assertion failure "pKey != NULL" at key.cpp:134, which occurs after several seconds. It is an esoteric piece of knowledge to interpret this as "oops, I linked with the wrong OpenSSL", and because of the delay it may not even be noticed. The new output is : OpenSSL appears to lack support for elliptic curve cryptography. For more information, visit https://en.bitcoin.it/wiki/OpenSSL_and_EC_Libraries : Initialization sanity check failed. Bitcoin Core is shutting down. which occurs immediately after attempted startup. This also blocks in an InitSanityCheck() function which currently only checks for EC support but should eventually do more. See #4081. 11 years ago			`bool ECC_InitSanityCheck() {`
Add key generation/verification to ECC sanity check 10 years ago			`#if !defined(USE_SECP256K1)`
			`if (!CECKey::SanityCheck()) {`
			`return false;`
			`}`
			`#endif`
			`CKey key;`
			`key.MakeNewKey(true);`
			`CPubKey pubkey = key.GetPubKey();`
			`return key.VerifyPubKey(pubkey);`
key.cpp: fail with a friendlier message on missing ssl EC support Previously if bitcoind is linked with an OpenSSL which is compiled without EC support, this is seen as an assertion failure "pKey != NULL" at key.cpp:134, which occurs after several seconds. It is an esoteric piece of knowledge to interpret this as "oops, I linked with the wrong OpenSSL", and because of the delay it may not even be noticed. The new output is : OpenSSL appears to lack support for elliptic curve cryptography. For more information, visit https://en.bitcoin.it/wiki/OpenSSL_and_EC_Libraries : Initialization sanity check failed. Bitcoin Core is shutting down. which occurs immediately after attempted startup. This also blocks in an InitSanityCheck() function which currently only checks for EC support but should eventually do more. See #4081. 11 years ago			`}`