Merge branch 'master' of github.com:jedisct1/libsodium

* 'master' of github.com:jedisct1/libsodium:
  Fix `crypto_pwhash_argon2i_str_verify()` and its tests after `errno` changes
  Add crypto_pwhash_MISMATCH errno (#541)

src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c

@@ -186,6 +186,8 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
                                  const char *const  passwd,
                                  unsigned long long passwdlen)
 {
+    int verify_ret;
+
     if (passwdlen > ARGON2_MAX_PWD_LENGTH) {
         errno = EFBIG;
         return -1;
@@ -196,10 +198,15 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
         return -1;
     }
     /* LCOV_EXCL_STOP */
-    if (argon2i_verify(str, passwd, (size_t) passwdlen) != ARGON2_OK) {
-        return -1;
+
+    verify_ret = argon2i_verify(str, passwd, (size_t) passwdlen);
+    if (verify_ret == ARGON2_OK) {
+	return 0;
     }
-    return 0;
+    if (verify_ret == ARGON2_VERIFY_MISMATCH) {
+	errno = EINVAL;
+    }
+    return -1;
 }
 
 int

src/libsodium/include/sodium/crypto_pwhash.h

@@ -118,4 +118,3 @@ const char *crypto_pwhash_primitive(void)
 #endif
 
 #endif
-

test/default/cmptest.h

@@ -7,6 +7,7 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#include <errno.h>
 
 #include "sodium.h"
 #include "quirks.h"

test/default/pwhash.c

@@ -258,7 +258,8 @@ main(void)
         printf("pwhash_str_verify(1) failure\n");
     }
     str_out[14]++;
-    if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) {
+    if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1 ||
+        errno != EFBIG) {
         printf("pwhash_str_verify(2) failure\n");
     }
     str_out[14]--;
@@ -276,37 +277,44 @@ main(void)
     }
     if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
                                  "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
-                                 "password", 0x100000000ULL) != -1) {
+                                 "password", 0x100000000ULL) != -1 ||
+        errno != EFBIG) {
         printf("pwhash_str_verify(invalid(0)) failure\n");
     }
     if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
                                  "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
-                                 "password", strlen("password")) != -1) {
-        printf("pwhash_str_verify(invalid(1)) failure\n");
+                                 "password", strlen("password")) != -1 ||
+        errno != EFBIG) {
+        printf("pwhash_str_verify(invalid(1)) failure %d\n", errno);
     }
     if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
                                  "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
-                                 "password", strlen("password")) != -1) {
+                                 "password", strlen("password")) != -1 ||
+        errno != EFBIG) {
         printf("pwhash_str_verify(invalid(2)) failure\n");
     }
     if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
                                  "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo",
-                                 "password", strlen("password")) != -1) {
+                                 "password", strlen("password")) != -1 ||
+        errno != EFBIG) {
         printf("pwhash_str_verify(invalid(3)) failure\n");
     }
     if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ"
                                  "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
-                                 "password", strlen("password")) != -1) {
+                                 "password", strlen("password")) != -1 ||
+        errno != EFBIG) {
         printf("pwhash_str_verify(invalid(4)) failure\n");
     }
     if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
                                  "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
-                                 "password", strlen("password")) != -1) {
+                                 "password", strlen("password")) != -1 ||
+        errno != EFBIG) {
         printf("pwhash_str_verify(invalid(5)) failure\n");
     }
     if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
                                  "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM",
-                                 "password", strlen("password")) != -1) {
+                                 "password", strlen("password")) != -1 ||
+        errno != EFBIG) {
         printf("pwhash_str_verify(invalid(6)) failure\n");
     }
     if (crypto_pwhash_str_verify(
@@ -318,19 +326,19 @@ main(void)
     if (crypto_pwhash_str_verify(
             "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
             "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
-            "passwore", strlen("passwore")) != -1) {
+            "passwore", strlen("passwore")) != -1 || errno != EINVAL) {
         printf("pwhash_str_verify(invalid(7)) failure\n");
     }
     if (crypto_pwhash_str_verify(
             "$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
             "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
-            "password", strlen("password")) != -1) {
+            "password", strlen("password")) != -1 || errno != EINVAL) {
         printf("pwhash_str_verify(invalid(8)) failure\n");
     }
     if (crypto_pwhash_str_verify(
             "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
             "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
-            "password", strlen("password")) != -1) {
+            "password", strlen("password")) != -1 || errno != EINVAL) {
         printf("pwhash_str_verify(invalid(9)) failure\n");
     }
     assert(crypto_pwhash_bytes_min() > 0U);