Better NULL input checking?

[michelp]

Reported by @ioguix in #43

By the way, note that if I give NULL as additional data, it just crash:

pgsodium.crypto_aead_det_decrypt was incorrectly not labeled STRICT so it crashed on NULL input, I can fix that, or I'm thinking it makes more sense for all functions (in most cases) to throw errors on NULL input instead of returning NULL, which means removing STRICT and doing NULL checking as shown in this branch:

https://github.com/michelp/pgsodium/compare/fix/better-null-checking?expand=1

this is just one example of many that would need to be added. Thoughts?

[ioguix]

Hi,

Throwing error from functions seems better:

• returning NULL without explanation might be tricky for new users to understand
• it allows a mix of NULL-able args and NOT NULL ones.

[ioguix]

I'm not qualified enough with encryption to review your patch, but it seems nonce and additional data are optional with aead_det_*, am I right? See: https://github.com/jedisct1/libsodium-xchacha20-siv#usage

With ietf variant, it seems only additional data can be left NULL, right? https://doc.libsodium.org/secret-key_cryptography/aead/chacha20-poly1305/ietf_chacha20-poly1305_construction#combined-mode

Does it worth sticking with this from the pgsodium point of view?

[michelp]

Yep, I've pushed some changes to the same that allow for NULL associated with det and ietf and keeping support for NULL nonce with det. It's working well, so I'm going to apply the same pattern across the library.