Deprecate sodiumoxide resolver

It's no longer maintained, and we shouldn't support any backends that won't offer security patches.
mcginty · Jan 26, 2024 · faf0560 · faf0560
1 parent 308a24d
commit faf0560
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 28 deletions.
diff --git a/README.md b/README.md
@@ -63,35 +63,19 @@ as well as a `RingAcceleratedResolver` available to be used with
 If you enable the `ring-accelerated` feature, Snow will default to choosing `ring`'s
 crypto implementations when available.
 
-#### libsodium
-
-[libsodium](https://libsodium.org/) is a fork of NaCl focused on improved usability
-and regular maintenance.
-
-##### Compatibility caveat
-
-libsodium [blacklists a set of low-order points](https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c#L20)
-that it deems unsafe because they would output an all-zeroes result.
-
-Noise [does not validate Curve25519 points](https://moderncrypto.org/mail-archive/noise/2017/000971.html),
-so if another Noise implementation provides an all-zero (or another low-order) public
-key for some reason (be it testing, or a real life foot-shot), if you use the libsodium
-backend of snow, it will error in a way that's not fully compatible with the
-specification.
-
 ### Resolver primitives supported
 
-|            | default | ring | libsodium |
-| ---------: | :-----: | :--: | :-------: |
-|     CSPRNG |    ✔    |  ✔   |     ✔     |
-|      25519 |    ✔    |  ✔   |     ✔     |
-|        448 |         |      |           |
-|     AESGCM |    ✔    |  ✔   |           |
-| ChaChaPoly |    ✔    |  ✔   |     ✔     |
-|     SHA256 |    ✔    |  ✔   |     ✔     |
-|     SHA512 |    ✔    |  ✔   |           |
-|    BLAKE2s |    ✔    |      |           |
-|    BLAKE2b |    ✔    |      |           |
+|            | default | ring |
+| ---------: | :-----: | :--: |
+|     CSPRNG |    ✔    |  ✔   |
+|      25519 |    ✔    |  ✔   |
+|        448 |         |      |
+|     AESGCM |    ✔    |  ✔   |
+| ChaChaPoly |    ✔    |  ✔   |
+|     SHA256 |    ✔    |  ✔   |
+|     SHA512 |    ✔    |  ✔   |
+|    BLAKE2s |    ✔    |      |
+|    BLAKE2b |    ✔    |      |
 
 ## License
 

diff --git a/build.rs b/build.rs
@@ -1,6 +1,13 @@
 use rustc_version::{version_meta, Channel};
+use std::env;
 
 fn main() {
+    if env::var("CARGO_FEATURE_SODIUMOXIDE").is_ok() {
+        println!(
+            "cargo:warning=Use of the sodiumoxide backend is deprecated, as it is no longer \
+             maintained; please consider switching to another resolver."
+        )
+    }
     if version_meta().unwrap().channel == Channel::Nightly {
         println!("cargo:rustc-cfg=feature=\"nightly\"");
     }

diff --git a/src/resolvers/libsodium.rs b/src/resolvers/libsodium.rs
@@ -1,4 +1,6 @@
-extern crate sodiumoxide;
+//! # NOTE
+//! This backend is deprecated, as sodiumoxide is unmaintained. This will be removed in a
+//! following version of snow.
 
 use byteorder::{ByteOrder, LittleEndian};