Commit Graph

5 Commits

Author SHA1 Message Date
Ilya Maykov
6bece9c8c4 Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL.
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
  it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
  comparing two 0-length byte arrays is legal
  memzero on a 0-length byte array is a no-op
  converting an empty hex string to binary results in an empty binary string
  converting an empty binary string to hex results in an empty hex string
  converting an empty b64 string to binary results in an empty binary string
  converting an empty binary string to b64 results in an empty b64 string
  sodium_add / sodium_sub on zero-length arrays is a no-op

For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.

Only memset() may have issues with a zero length.

Fix tests, use guard page instead of NULL because of Wasm
2019-04-26 15:36:58 +02:00
Frank Denis
cff3d7f6c7 Remove unused variables 2018-12-29 16:42:09 +01:00
Frank Denis
34e787030f Use a guard page instead of NULL for opt arguments in tests 2018-12-24 15:02:59 +01:00
Frank Denis
3e0b4dec6e Add sodium_base64_encoded_len() 2017-09-21 11:25:09 +02:00
Frank Denis
ee1d5c96d8 Move the codecs tests to their own test file 2017-09-19 22:51:05 +02:00