Problem: use of libsodium vs. tweetnacl is confused

It's unclear which we need and in the source code, conditional code
treats tweetnacl as a subclass of libsodium, which is inaccurate.

Solution: redesign the configure/cmake API for this:

* tweetnacl is present by default and cannot be enabled
* libsodium can be enabled using --with-libsodium, which replaces
  the built-in tweetnacl
* CURVE encryption can be disabled entirely using --enable-curve=no

The macros we define in platform.hpp are:

    ZMQ_HAVE_CURVE    1        //  When CURVE is enabled
    HAVE_LIBSODIUM    1        //  When we are using libsodium
    HAVE_TWEETNACL    1        //  When we're using tweetnacl (default)

As of this patch, the default build of libzmq always has CURVE
security, and always uses tweetnacl.

.gitignore

@@ -127,6 +127,8 @@ test_udp
 test_large_msg
 test_use_fd_ipc
 test_use_fd_tcp
+test_pre_allocated_fd_ipc
+test_pre_allocated_fd_tcp
 tests/test*.log
 tests/test*.trs
 src/platform.hpp*

Makefile.am

@@ -269,11 +269,6 @@ src_libzmq_la_CPPFLAGS =
 src_libzmq_la_CXXFLAGS = @LIBZMQ_EXTRA_CXXFLAGS@
 src_libzmq_la_LIBADD =
 
-if HAVE_SODIUM
-src_libzmq_la_CPPFLAGS += ${sodium_CFLAGS}
-src_libzmq_la_LIBADD += ${sodium_LIBS}
-endif
-
 if USE_TWEETNACL
 src_libzmq_la_SOURCES += \
     tweetnacl/src/tweetnacl.c \
@@ -283,6 +278,11 @@ src_libzmq_la_CXXFLAGS += \
     -I$(top_builddir)/tweetnacl/src
 endif
 
+if USE_LIBSODIUM
+src_libzmq_la_CPPFLAGS += ${sodium_CFLAGS}
+src_libzmq_la_LIBADD += ${sodium_LIBS}
+endif
+
 if HAVE_PGM
 src_libzmq_la_CPPFLAGS += ${pgm_CFLAGS}
 src_libzmq_la_LIBADD += ${pgm_LIBS}

configure.ac

@@ -67,8 +67,6 @@ LIBZMQ_CHECK_ENABLE_DEBUG
 # Check wheter to enable code coverage
 LIBZMQ_WITH_GCOV
 
-
-
 AC_MSG_CHECKING([if TIPC is available and supports nonblocking connect])
 
 AC_RUN_IFELSE(
@@ -103,7 +101,6 @@ AC_RUN_IFELSE(
 
 AC_MSG_RESULT([$libzmq_tipc_support])
 
-
 AC_ARG_WITH([relaxed],
     [AS_HELP_STRING([--with-relaxed],
         [Switch off pedantic compiler])],
@@ -423,58 +420,49 @@ if test "x$require_libgssapi_krb5_ext" != "xno"; then
         AC_MSG_ERROR(libgssapi_krb5 is needed for GSSAPI security))
 fi
 
-# build using libsodium
-have_sodium_library="no"
+# Select curve encryption library, defaults to tweetnacl
+# To use libsodium instead, use --with-libsodium (must be installed)
+# To disable curve, use --disable-curve
 
-AC_ARG_WITH([libsodium], [AS_HELP_STRING([--with-libsodium],
-    [require libzmq build with libsodium crypto library. Requires pkg-config [default=check]])],
-    [require_libsodium_ext=$withval],
-    [require_libsodium_ext=check])
+AC_ARG_WITH([libsodium],
+    AS_HELP_STRING([--with-libsodium], [Use libsodium instead of built-in tweetnacl [default=no]]))
 
-AC_ARG_WITH([tweetnacl], [AS_HELP_STRING([--with-tweetnacl],
-    [build libzmq  with bundled tweetnacl crypto library [default=no]])],
-    [require_libsodium_ext=no
-     with_tweetnacl=yes
-     AC_MSG_CHECKING(for sodium)
-     AC_MSG_RESULT(tweetnacl)],
-    [with_tweetnacl=check])
-
-# conditionally require libsodium package
-if test "x$require_libsodium_ext" != "xno"; then
-  PKG_CHECK_MODULES([sodium], [libsodium],
-    [
-      have_sodium_library=yes
-      with_tweetnacl=no
-    ],
-    [
-      if test "x$require_libsodium_ext" == "xyes"; then
-        AC_MSG_ERROR(libsodium has been requested but not found)
-      else
-        AC_MSG_RESULT([             libsodium not found, using tweetnacl])
-        have_sodium_library=no
-        with_tweetnacl=yes
-      fi
+AS_IF([test "x$with_libsodium" = "xyes"], [
+    PKG_CHECK_MODULES([sodium], [libsodium], [libsodium_found=yes], [
+        AC_MSG_ERROR(libsodium is not installed. Install it, then run configure again)
     ])
-fi
+])
 
-if test "x$have_sodium_library" != "xno"; then
-    AC_DEFINE(HAVE_LIBSODIUM, 1, [The libsodium library is to be used.])
+AC_ARG_ENABLE([curve],
+    AS_HELP_STRING([--disable-curve], [Disable CURVE security [default=no]]))
 
-    # ssp library is required for libsodium on Solaris-like systems
+if test "x$enable_curve" == "xno"; then
+    curve_library=""
+    AC_MSG_NOTICE([CURVE security is disabled])
+
+elif test "x$with_libsodium" == "xyes"; then
+    AC_MSG_NOTICE([Using libsodium for CURVE security])
+    AC_DEFINE(ZMQ_HAVE_CURVE, [1], [Using curve encryption])
+    AC_DEFINE(HAVE_LIBSODIUM, [1], [Using libsodium for curve encryption])
+    curve_library="libsodium"
+
+    # On Solaris, libsodium depends on libssp
     case "${host_os}" in
         *solaris*)
             LDFLAGS="-lssp $LDFLAGS"
-            CPPFLAGS="$CPPFLAGS -Wno-long-long"
+            CPPFLAGS="-Wno-long-long $CPPFLAGS"
         ;;
     esac
-elif test "x$with_tweetnacl" != "xno"; then
-    AC_DEFINE(HAVE_LIBSODIUM, 1, [Sodium is provided by tweetnacl.])
-    AC_DEFINE(HAVE_TWEETNACL, 1, [Using tweetnacl.])
-    libzmq_pedantic="no"
+else
+    AC_MSG_NOTICE([Using tweetnacl for CURVE security])
+    AC_DEFINE(ZMQ_HAVE_CURVE, [1], [Using curve encryption])
+    AC_DEFINE(HAVE_TWEETNACL, [1], [Using tweetnacl for curve encryption])
+    curve_library="tweetnacl"
+    libzmq_pedantic="no"    #   Disable pedantic warnings
 fi
 
-AM_CONDITIONAL(HAVE_SODIUM, test "x$have_sodium_library" != "xno")
-AM_CONDITIONAL(USE_TWEETNACL, test "x$with_tweetnacl" != "xno")
+AM_CONDITIONAL(USE_LIBSODIUM, test "$curve_library" == "sodium")
+AM_CONDITIONAL(USE_TWEETNACL, test "$curve_library" == "tweetnacl")
 
 # build using pgm
 have_pgm_library="no"
@@ -507,8 +495,6 @@ AC_ARG_WITH([norm],
     [with_norm_ext=$withval],
     [with_norm_ext=no])
 
-
-
 AC_MSG_CHECKING("with_norm_ext = ${with_norm_ext}")
 
 if test "x$with_norm_ext" != "xno"; then

src/ctx.cpp

@@ -48,12 +48,10 @@
 #include "err.hpp"
 #include "msg.hpp"
 
-#ifdef HAVE_LIBSODIUM
-#ifdef HAVE_TWEETNACL
-#include "randombytes.h"
-#else
-#include "sodium.h"
-#endif
+#if defined (HAVE_TWEETNACL)
+#   include "randombytes.h"
+#elif defined (HAVE_LIBSODIUM)
+#   include "sodium.h"
 #endif
 
 #ifdef ZMQ_HAVE_VMCI
@@ -63,7 +61,7 @@
 #define ZMQ_CTX_TAG_VALUE_GOOD 0xabadcafe
 #define ZMQ_CTX_TAG_VALUE_BAD  0xdeadbeef
 
-int clipped_maxsocket(int max_requested)
+int clipped_maxsocket (int max_requested)
 {
     if (max_requested >= zmq::poller_t::max_fds () && zmq::poller_t::max_fds () != -1)
         // -1 because we need room for the reaper mailbox.
@@ -127,8 +125,8 @@ zmq::ctx_t::~ctx_t ()
 
     //  If we've done any Curve encryption, we may have a file handle
     //  to /dev/urandom open that needs to be cleaned up.
-#ifdef HAVE_LIBSODIUM
-    randombytes_close();
+#ifdef ZMQ_HAVE_CURVE
+    randombytes_close ();
 #endif
 
     //  Remove the tag, so that the object is considered dead.

src/curve_client.cpp

@@ -29,7 +29,7 @@
 
 #include "platform.hpp"
 
-#ifdef HAVE_LIBSODIUM
+#ifdef ZMQ_HAVE_CURVE
 
 #ifdef ZMQ_HAVE_WINDOWS
 #include "windows.hpp"

src/curve_client.hpp

@@ -30,15 +30,16 @@
 #ifndef __ZMQ_CURVE_CLIENT_HPP_INCLUDED__
 #define __ZMQ_CURVE_CLIENT_HPP_INCLUDED__
 
+#ifdef ZMQ_HAVE_CURVE
+
 #include "platform.hpp"
 #include "mutex.hpp"
 
-#ifdef HAVE_LIBSODIUM
-#ifdef HAVE_TWEETNACL
-#include "tweetnacl_base.h"
-#include "randombytes.h"
-#else
-#include "sodium.h"
+#if defined (HAVE_TWEETNACL)
+#   include "tweetnacl_base.h"
+#   include "randombytes.h"
+#elif defined (HAVE_LIBSODIUM)
+#   include "sodium.h"
 #endif
 
 #if crypto_box_NONCEBYTES != 24 \
@@ -46,7 +47,7 @@
 ||  crypto_box_SECRETKEYBYTES != 32 \
 ||  crypto_box_ZEROBYTES != 32 \
 ||  crypto_box_BOXZEROBYTES != 16
-#error "libsodium not built properly"
+#   error "libsodium not built properly"
 #endif
 
 #include "mechanism.hpp"

src/curve_server.cpp

@@ -29,7 +29,7 @@
 
 #include "platform.hpp"
 
-#ifdef HAVE_LIBSODIUM
+#ifdef ZMQ_HAVE_CURVE
 
 #ifdef ZMQ_HAVE_WINDOWS
 #include "windows.hpp"

src/curve_server.hpp

@@ -30,15 +30,17 @@
 #ifndef __ZMQ_CURVE_SERVER_HPP_INCLUDED__
 #define __ZMQ_CURVE_SERVER_HPP_INCLUDED__
 
+#ifdef ZMQ_HAVE_CURVE
+
 #include "platform.hpp"
 
-#ifdef HAVE_LIBSODIUM
-#ifdef HAVE_TWEETNACL
-#include "tweetnacl_base.h"
-#include "randombytes.h"
-#else
-#include "sodium.h"
+#if defined (HAVE_TWEETNACL)
+#   include "tweetnacl_base.h"
+#   include "randombytes.h"
+#elif defined (HAVE_LIBSODIUM)
+#   include "sodium.h"
 #endif
+
 #if crypto_box_NONCEBYTES != 24 \
 ||  crypto_box_PUBLICKEYBYTES != 32 \
 ||  crypto_box_SECRETKEYBYTES != 32 \
@@ -47,7 +49,7 @@
 ||  crypto_secretbox_NONCEBYTES != 24 \
 ||  crypto_secretbox_ZEROBYTES != 32 \
 ||  crypto_secretbox_BOXZEROBYTES != 16
-#error "libsodium not built properly"
+#   error "libsodium not built properly"
 #endif
 
 #include "mechanism.hpp"

src/options.cpp

@@ -320,7 +320,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
             }
             break;
 
-#       if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
+#if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
         case ZMQ_IPC_FILTER_UID:
             if (optvallen_ == 0 && optval_ == NULL) {
                 ipc_uid_accept_filters.clear ();
@@ -344,9 +344,9 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
                 return 0;
             }
             break;
-#       endif
+#endif
 
-#       if defined ZMQ_HAVE_SO_PEERCRED
+#if defined ZMQ_HAVE_SO_PEERCRED
         case ZMQ_IPC_FILTER_PID:
             if (optvallen_ == 0 && optval_ == NULL) {
                 ipc_pid_accept_filters.clear ();
@@ -358,7 +358,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
                 return 0;
             }
             break;
-#       endif
+#endif
 
         case ZMQ_PLAIN_SERVER:
             if (is_int && (value == 0 || value == 1)) {
@@ -403,8 +403,8 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
             }
             break;
 
-        //  If libsodium isn't installed, these options provoke EINVAL
-#       ifdef HAVE_LIBSODIUM
+        //  If curve encryption isn't built, these options provoke EINVAL
+#ifdef ZMQ_HAVE_CURVE
         case ZMQ_CURVE_SERVER:
             if (is_int && (value == 0 || value == 1)) {
                 as_server = value;
@@ -496,7 +496,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
                 }
             }
             break;
-#       endif
+#endif
 
         case ZMQ_CONFLATE:
             if (is_int && (value == 0 || value == 1)) {
@@ -506,7 +506,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
             break;
 
         //  If libgssapi isn't installed, these options provoke EINVAL
-#       ifdef HAVE_LIBGSSAPI_KRB5
+#ifdef HAVE_LIBGSSAPI_KRB5
         case ZMQ_GSSAPI_SERVER:
             if (is_int && (value == 0 || value == 1)) {
                 as_server = value;
@@ -538,7 +538,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
                 return 0;
             }
             break;
-#       endif
+#endif
 
         case ZMQ_HANDSHAKE_IVL:
             if (is_int && value >= 0) {
@@ -577,7 +577,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
             }
             break;
 
-#       ifdef ZMQ_HAVE_VMCI
+#ifdef ZMQ_HAVE_VMCI
         case ZMQ_VMCI_BUFFER_SIZE:
             if (optvallen_ == sizeof (uint64_t)) {
                 vmci_buffer_size = *((uint64_t*) optval_);
@@ -605,7 +605,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
                 return 0;
             }
             break;
-#       endif
+#endif
 
         case ZMQ_USE_FD:
             if (is_int && value >= -1) {
@@ -888,8 +888,8 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
             }
             break;
 
-        //  If libsodium isn't installed, these options provoke EINVAL
-#       ifdef HAVE_LIBSODIUM
+        //  If curve encryption isn't built, these options provoke EINVAL
+#ifdef ZMQ_HAVE_CURVE
         case ZMQ_CURVE_SERVER:
             if (is_int) {
                 *value = as_server && mechanism == ZMQ_CURVE;
@@ -932,7 +932,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
                 return 0;
             }
             break;
-#       endif
+#endif
 
         case ZMQ_CONFLATE:
             if (is_int) {
@@ -942,7 +942,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
             break;
 
         //  If libgssapi isn't installed, these options provoke EINVAL
-#       ifdef HAVE_LIBGSSAPI_KRB5
+#ifdef HAVE_LIBGSSAPI_KRB5
         case ZMQ_GSSAPI_SERVER:
             if (is_int) {
                 *value = as_server && mechanism == ZMQ_GSSAPI;

src/poller.hpp

@@ -39,20 +39,20 @@
 #endif
 
 #if defined ZMQ_USE_KQUEUE
-#include "kqueue.hpp"
+#   include "kqueue.hpp"
 #elif defined ZMQ_USE_EPOLL
-#include "epoll.hpp"
+#   include "epoll.hpp"
 #elif defined ZMQ_USE_DEVPOLL
-#include "devpoll.hpp"
+#   include "devpoll.hpp"
 #elif defined ZMQ_USE_POLL
-#include "poll.hpp"
+#   include "poll.hpp"
 #elif defined ZMQ_USE_SELECT
-#include "select.hpp"
+#   include "select.hpp"
 #elif defined ZMQ_HAVE_GNU
-#define ZMQ_USE_POLL
-#include "poll.hpp"
+#   define ZMQ_USE_POLL
+#   include "poll.hpp"
 #else
-#error None of the ZMQ_USE_* macros defined
+#   error None of the ZMQ_USE_* macros defined
 #endif
 
 #if defined ZMQ_USE_SELECT

src/stream_engine.cpp

@@ -682,7 +682,7 @@ bool zmq::stream_engine_t::handshake ()
                     plain_client_t (options);
             alloc_assert (mechanism);
         }
-#ifdef HAVE_LIBSODIUM
+#ifdef ZMQ_HAVE_CURVE
         else
         if (options.mechanism == ZMQ_CURVE
         &&  memcmp (greeting_recv + 12, "CURVE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {

src/zmq.cpp

@@ -1211,7 +1211,8 @@ int zmq_poller_wait (void *poller_, zmq_poller_event_t *event, long timeout_)
         return -1;
     }
 
-    zmq::socket_poller_t::event_t e = {};
+    zmq::socket_poller_t::event_t e;
+    memset (&e, 0, sizeof (e));
 
     int rc = ((zmq::socket_poller_t*)poller_)->wait (&e, timeout_);
 
@@ -1360,7 +1361,7 @@ int zmq_has (const char *capability)
     if (strcmp (capability, "norm") == 0)
         return true;
 #endif
-#if defined (HAVE_LIBSODIUM)
+#if defined (ZMQ_HAVE_CURVE)
     if (strcmp (capability, "curve") == 0)
         return true;
 #endif

src/zmq_utils.cpp

@@ -43,14 +43,12 @@
 #include "windows.hpp"
 #endif
 
-#ifdef HAVE_LIBSODIUM
-#ifdef HAVE_TWEETNACL
-#include "tweetnacl_base.h"
-#else
-#include "sodium.h"
+#if defined (HAVE_TWEETNACL)
+#   include "tweetnacl_base.h"
+#   include "randombytes.h"
+#elif defined (HAVE_LIBSODIUM)
+#   include "sodium.h"
 #endif
-#endif
-
 
 void zmq_sleep (int seconds_)
 {
@@ -185,17 +183,17 @@ uint8_t *zmq_z85_decode (uint8_t *dest, const char *string)
 }
 
 //  --------------------------------------------------------------------------
-//  Generate a public/private keypair with libsodium.
+//  Generate a public/private keypair with tweetnacl or libsodium.
 //  Generated keys will be 40 byte z85-encoded strings.
 //  Returns 0 on success, -1 on failure, setting errno.
-//  Sets errno = ENOTSUP in the absence of libsodium.
+//  Sets errno = ENOTSUP in the absence of a CURVE library.
 
 int zmq_curve_keypair (char *z85_public_key, char *z85_secret_key)
 {
-#ifdef HAVE_LIBSODIUM
+#if defined (ZMQ_HAVE_CURVE)
 #   if crypto_box_PUBLICKEYBYTES != 32 \
     || crypto_box_SECRETKEYBYTES != 32
-#       error "libsodium not built correctly"
+#       error "CURVE encryption library not built correctly"
 #   endif
 
     uint8_t public_key [32];
@@ -210,7 +208,7 @@ int zmq_curve_keypair (char *z85_public_key, char *z85_secret_key)
     zmq_z85_encode (z85_secret_key, secret_key, 32);
 
     return 0;
-#else // requires libsodium
+#else
     (void) z85_public_key, (void) z85_secret_key;
     errno = ENOTSUP;
     return -1;

tests/test_capabilities.cpp

@@ -55,7 +55,7 @@ int main (void)
     assert (!zmq_has ("norm"));
 #endif
     
-#if defined (HAVE_LIBSODIUM)
+#if defined (ZMQ_HAVE_CURVE)
     assert (zmq_has ("curve"));
 #else
     assert (!zmq_has ("curve"));

tests/test_security_curve.cpp

@@ -102,11 +102,10 @@ static void zap_handler (void *handler)
 
 int main (void)
 {
-#ifndef HAVE_LIBSODIUM
-    printf ("libsodium not installed, skipping CURVE test\n");
+#ifndef ZMQ_HAVE_CURVE
+    printf ("CURVE encryption not installed, skipping test\n");
     return 0;
 #endif
-
     //  Generate new keypairs for this test
     int rc = zmq_curve_keypair (client_public, client_secret);
     assert (rc == 0);