Closed gnarula closed 3 years ago
AEAD.Lazy silently decrypts a ciphertext which fails authentication. For instance, calling decrypt for XChaCha20-Poly1305 ignores the return value of cryptoAeadXChaCha20Poly1305IetfDecrypt()
cryptoAeadXChaCha20Poly1305IetfDecrypt()
https://github.com/terl/lazysodium-java/blob/ea27165505717d26f8249bb425e5061efbd43270/src/main/java/com/goterl/lazycode/lazysodium/LazySodium.java#L2412
IMHO, the decrypt method should throw an exception in order to alert the user of the library that the decryption was unsuccessful.
AEAD.Lazy silently decrypts a ciphertext which fails authentication. For instance, calling decrypt for XChaCha20-Poly1305 ignores the return value of
cryptoAeadXChaCha20Poly1305IetfDecrypt()
https://github.com/terl/lazysodium-java/blob/ea27165505717d26f8249bb425e5061efbd43270/src/main/java/com/goterl/lazycode/lazysodium/LazySodium.java#L2412
IMHO, the decrypt method should throw an exception in order to alert the user of the library that the decryption was unsuccessful.