Solution: remove implementation. Frank Hartmann <soundart@gmx.net>,
the author, rejected our request to relicense under MPL2, so we
have to remove his copyrighted work.
Tweetnacl is not security-supported and could not be used in
production environments anyway, the supported backend is libsodium.
* add opt-out for randombytes_close
Problem: randombytes_close is either a no-op or unsafe when a Context is running.
Unfortunately, there does not appear to be a single always correct choice,
so let builders pick between two not-great options.
Opting out can leak an FD on /dev/urandom which may need to be closed explicitly.
However, with the default behavior,
using multiple contexts with CURVE can crash with no application-level workaround available.
randombytes_close is not threadsafe and calling it while still in use by a Context can cause a crash.
For implementations using /dev/[u]random, this can leave up to one leftover FD per process.
The libsodium docs suggest that this function rarely needs to be called explicitly.
Solution: restrict it only to the original issue #2632, Tweetnacl on
*NIX when using /dev/urandom, ie: without the new Linux getrandom()
syscall.
Existing applications might use atexit to register cleanup functions
(like CZMQ does), and the current change as-is imposes an ordering
that did not exist before - the context MUST be created BEFORE
registering the cleanup with atexit. This is a backward incompatible
change that is reported to cause aborts in some applications.
Although libsodium's documentation says that its initialisation APIs
is not thread-safe, nobody has ever reported an issue with it, so
avoiding the global init/deinit in the libsodium case is the less
risky option we have.
Tweetnacl users on Windows and on Linux with getrandom (glibc 2.25 and
Linux kernel 3.17) are not affected by the original issue.
Fixes#2991
Solution: do not rely __cplusplus >= 201103L to detect whether the
compiler supports thread safe static initialisation, but check only
the proper feature preprocessor macro.
GCC introduced it in version 8, and Clang in version 6.
Solution: add a crypto [de-]initialiser, refcounted and serialised
through critical sections.
This is necessary as utility APIs such as zmq_curve_keypair also
call into the sodium/tweetnacl libraries and need the initialisation
outside of the zmq context.
Also the libsodium documentation explicitly says that sodium_init
must not be called concurrently from multiple threads, which could
have happened until now. Also the randombytes_close function does
not appear to be thread safe either.
This change guarantees that the library is initialised only once at
any given time across the whole program.
Fixes#2632
Of course people still "can" distributed the sources under the
LGPLv3. However we provide COPYING.LESSER with additional grants.
Solution: specify these grants in the header of each source file.
Copyrights had become ads for Sustrik's corporate sponsors, going against the original
agreement to share copyrights with the community (that agreement was: one line stating
iMatix copyright + one reference to AUTHORS file). The proliferation of corporate ads
is also unfair to the many individual authors. I've removed ALL corporate title from
the source files so the copyright statements can now be centralized in AUTHORS and
source files can be properly updated on an annual basis.
This patch introduces two changes:
1. 32-bit ID is used to identify the peer instead of UUID
2. REQ socket seeds the label stack with unique 32-bit request ID
It also drops any replies with non-matching request ID
Signed-off-by: Martin Sustrik <sustrik@250bpm.com>
