search

terl / lazysodium-java

A Java implementation of the Libsodium crypto library. For the lazy dev.
https://github.com/terl/lazysodium-java/wiki
Mozilla Public License 2.0
135 stars 47 forks source link

Pass-by-value instead of pointer parameter in base64 to bin and hex to bin functions #83

Closed ionspin closed 3 years ago

ionspin commented 3 years ago

Similar to the issue #65 there are a couple of codec helper functions that are using java pass-by-value paramateres instead of pointers and therefore not correctly passing back the length information. Base64 to bin libsodium C code:

int
sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen,
                  const char * const b64, const size_t b64_len,
                  const char * const ignore, size_t * const bin_len,
                  const char ** const b64_end, const int variant)

Lazysodium java code:

    public native int sodium_base642bin(byte[] bin,
                                        int binMaxLen,
                                        byte[] b64,
                                        int b64Len,
                                        byte[] ignore,
                                        int binLen,
                                        byte b64End,
                                        int variant);

If I am not mistaken parameter binLen should be of type Pointer like it was handled in this commit

The same situation is repeated for hex2bin Libsodium C code:

int
sodium_hex2bin(unsigned char *const bin, const size_t bin_maxlen,
               const char *const hex, const size_t hex_len,
               const char *const ignore, size_t *const bin_len,
               const char **const hex_end)

Lazysodium java code:

    public native int sodium_hex2bin(byte[] bin,
                                     int binMaxLen,
                                     byte[] hex,
                                     int hexLen,
                                     byte[] ignore,
                                     int binLen,
                                     byte hexEnd);

Same paramater name, binLen

ionspin commented 3 years ago

I also found a SIGSEGV crash when writing tests because hexEnd and b64End parameters were also expecting pointers instead of byte values, more details in the pull request. Ping me if I need to update the pull request in any way.

Also to add motivation why I need these SodiumJava functions that are rarely used, I'm writing a libsodium kotlin multiplatform library wrapper and I need to use as close to original libsodium approach wherever I can, so using LazySodiumJava wouldn't be optimal in that case.

Also thanks for all the work you did on the library!