diff --git a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c index f29cc2d4..abf4ef90 100644 --- a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c +++ b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c @@ -186,6 +186,8 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES], const char *const passwd, unsigned long long passwdlen) { + int verify_ret; + if (passwdlen > ARGON2_MAX_PWD_LENGTH) { errno = EFBIG; return -1; @@ -196,10 +198,15 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES], return -1; } /* LCOV_EXCL_STOP */ - if (argon2i_verify(str, passwd, (size_t) passwdlen) != ARGON2_OK) { - return -1; + + verify_ret = argon2i_verify(str, passwd, (size_t) passwdlen); + if (verify_ret == ARGON2_OK) { + return 0; } - return 0; + if (verify_ret == ARGON2_VERIFY_MISMATCH) { + errno = EINVAL; + } + return -1; } int diff --git a/src/libsodium/include/sodium/crypto_pwhash.h b/src/libsodium/include/sodium/crypto_pwhash.h index 56eca068..9e45d7ea 100644 --- a/src/libsodium/include/sodium/crypto_pwhash.h +++ b/src/libsodium/include/sodium/crypto_pwhash.h @@ -118,4 +118,3 @@ const char *crypto_pwhash_primitive(void) #endif #endif - diff --git a/test/default/cmptest.h b/test/default/cmptest.h index 24f5ff2a..96a0ad76 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -7,6 +7,7 @@ #include #include #include +#include #include "sodium.h" #include "quirks.h" diff --git a/test/default/pwhash.c b/test/default/pwhash.c index 7c0efbde..ffef570b 100644 --- a/test/default/pwhash.c +++ b/test/default/pwhash.c @@ -258,7 +258,8 @@ main(void) printf("pwhash_str_verify(1) failure\n"); } str_out[14]++; - if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) { + if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1 || + errno != EFBIG) { printf("pwhash_str_verify(2) failure\n"); } str_out[14]--; @@ -276,37 +277,44 @@ main(void) } if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", - "password", 0x100000000ULL) != -1) { + "password", 0x100000000ULL) != -1 || + errno != EFBIG) { printf("pwhash_str_verify(invalid(0)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", - "password", strlen("password")) != -1) { - printf("pwhash_str_verify(invalid(1)) failure\n"); + "password", strlen("password")) != -1 || + errno != EFBIG) { + printf("pwhash_str_verify(invalid(1)) failure %d\n", errno); } if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", - "password", strlen("password")) != -1) { + "password", strlen("password")) != -1 || + errno != EFBIG) { printf("pwhash_str_verify(invalid(2)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo", - "password", strlen("password")) != -1) { + "password", strlen("password")) != -1 || + errno != EFBIG) { printf("pwhash_str_verify(invalid(3)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ" "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", - "password", strlen("password")) != -1) { + "password", strlen("password")) != -1 || + errno != EFBIG) { printf("pwhash_str_verify(invalid(4)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", - "password", strlen("password")) != -1) { + "password", strlen("password")) != -1 || + errno != EFBIG) { printf("pwhash_str_verify(invalid(5)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM", - "password", strlen("password")) != -1) { + "password", strlen("password")) != -1 || + errno != EFBIG) { printf("pwhash_str_verify(invalid(6)) failure\n"); } if (crypto_pwhash_str_verify( @@ -318,19 +326,19 @@ main(void) if (crypto_pwhash_str_verify( "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", - "passwore", strlen("passwore")) != -1) { + "passwore", strlen("passwore")) != -1 || errno != EINVAL) { printf("pwhash_str_verify(invalid(7)) failure\n"); } if (crypto_pwhash_str_verify( "$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", - "password", strlen("password")) != -1) { + "password", strlen("password")) != -1 || errno != EINVAL) { printf("pwhash_str_verify(invalid(8)) failure\n"); } if (crypto_pwhash_str_verify( "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", - "password", strlen("password")) != -1) { + "password", strlen("password")) != -1 || errno != EINVAL) { printf("pwhash_str_verify(invalid(9)) failure\n"); } assert(crypto_pwhash_bytes_min() > 0U);