RubyGems - rbnacl-libsodium - Versions diffs - 1.0.13 → 1.0.15 - Mend

rbnacl-libsodium 1.0.13 → 1.0.15

Files changed (201) hide show

data/vendor/libsodium/test/default/aead_aes256gcm.c CHANGED

@@ -3185,6 +3185,11 @@ tv(void)
             printf("Verification of test vector #%u with a truncated tag failed\n",
                    (unsigned int) i);
         }
+        if (i == 0 && crypto_aead_aes256gcm_decrypt(NULL, NULL,
+                                                    NULL, ciphertext, ciphertext_len,
+                                                    ad, ad_len, nonce, key) != 0) {
+            printf("Verification of test vector #%u's tag failed\n", (unsigned int) i);
+        }
         if (crypto_aead_aes256gcm_decrypt(decrypted, &found_message_len,
                                           NULL, ciphertext, ciphertext_len,
                                           ad, ad_len, nonce, key) != 0) {
@@ -3231,6 +3236,7 @@ main(void)
     assert(crypto_aead_aes256gcm_npubbytes() == crypto_aead_aes256gcm_NPUBBYTES);
     assert(crypto_aead_aes256gcm_abytes() == crypto_aead_aes256gcm_ABYTES);
     assert(crypto_aead_aes256gcm_statebytes() >= sizeof(crypto_aead_aes256gcm_state));
+    assert(crypto_aead_aes256gcm_messagebytes_max() == crypto_aead_aes256gcm_MESSAGEBYTES_MAX);
     printf("OK\n");
     return 0;

data/vendor/libsodium/test/default/aead_chacha20poly1305.c CHANGED

@@ -66,6 +66,10 @@ tv(void)
         printf("m != m2\n");
     }
     memset(m2, 0, m2len);
+    assert(crypto_aead_chacha20poly1305_decrypt_detached(NULL, NULL,
+                                                         c, MLEN, mac,
+                                                         ad, ADLEN,
+                                                         nonce, firstkey) == 0);
     if (crypto_aead_chacha20poly1305_decrypt_detached(m2, NULL,
                                                       c, MLEN, mac,
                                                       ad, ADLEN,
@@ -163,6 +167,12 @@ tv(void)
     assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
     assert(crypto_aead_chacha20poly1305_npubbytes() > 0U);
     assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
+    assert(crypto_aead_chacha20poly1305_messagebytes_max() > 0U);
+    assert(crypto_aead_chacha20poly1305_messagebytes_max() == crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX);
+    assert(crypto_aead_chacha20poly1305_keybytes() == crypto_aead_chacha20poly1305_KEYBYTES);
+    assert(crypto_aead_chacha20poly1305_nsecbytes() == crypto_aead_chacha20poly1305_NSECBYTES);
+    assert(crypto_aead_chacha20poly1305_npubbytes() == crypto_aead_chacha20poly1305_NPUBBYTES);
+    assert(crypto_aead_chacha20poly1305_abytes() == crypto_aead_chacha20poly1305_ABYTES);
     return 0;
 }
@@ -239,6 +249,10 @@ tv_ietf(void)
         printf("m != m2\n");
     }
     memset(m2, 0, m2len);
+    assert(crypto_aead_chacha20poly1305_ietf_decrypt_detached(NULL, NULL,
+                                                              c, MLEN, mac,
+                                                              ad, ADLEN,
+                                                              nonce, firstkey) == 0);
     if (crypto_aead_chacha20poly1305_ietf_decrypt_detached(m2, NULL,
                                                            c, MLEN, mac,
                                                            ad, ADLEN,
@@ -338,10 +352,12 @@ tv_ietf(void)
     assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > crypto_aead_chacha20poly1305_npubbytes());
     assert(crypto_aead_chacha20poly1305_ietf_nsecbytes() == 0U);
     assert(crypto_aead_chacha20poly1305_ietf_nsecbytes() == crypto_aead_chacha20poly1305_nsecbytes());
+    assert(crypto_aead_chacha20poly1305_ietf_messagebytes_max() == crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX);
     assert(crypto_aead_chacha20poly1305_IETF_KEYBYTES  == crypto_aead_chacha20poly1305_ietf_KEYBYTES);
     assert(crypto_aead_chacha20poly1305_IETF_NSECBYTES == crypto_aead_chacha20poly1305_ietf_NSECBYTES);
     assert(crypto_aead_chacha20poly1305_IETF_NPUBBYTES == crypto_aead_chacha20poly1305_ietf_NPUBBYTES);
     assert(crypto_aead_chacha20poly1305_IETF_ABYTES    == crypto_aead_chacha20poly1305_ietf_ABYTES);
+    assert(crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX == crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX);
     return 0;
 }

data/vendor/libsodium/test/default/aead_xchacha20poly1305.c CHANGED

@@ -29,6 +29,7 @@ tv(void)
         = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
     unsigned char *c = (unsigned char *) sodium_malloc(CLEN);
     unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN);
+    unsigned char *key2 = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
     unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_ABYTES);
     unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN);
     unsigned long long found_clen;
@@ -39,8 +40,8 @@ tv(void)
     assert(sizeof MESSAGE - 1U == MLEN);
     memcpy(m, MESSAGE, MLEN);
     crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
-                                              ad, ADLEN,
-                                              NULL, nonce, firstkey);
+                                               ad, ADLEN,
+                                               NULL, nonce, firstkey);
     if (found_clen != MLEN + crypto_aead_xchacha20poly1305_ietf_abytes()) {
         printf("found_clen is not properly set\n");
     }
@@ -52,10 +53,10 @@ tv(void)
     }
     printf("\n");
     crypto_aead_xchacha20poly1305_ietf_encrypt_detached(detached_c,
-                                                       mac, &found_maclen,
-                                                       m, MLEN,
-                                                       ad, ADLEN,
-                                                       NULL, nonce, firstkey);
+                                                        mac, &found_maclen,
+                                                        m, MLEN,
+                                                        ad, ADLEN,
+                                                        NULL, nonce, firstkey);
     if (found_maclen != crypto_aead_xchacha20poly1305_ietf_abytes()) {
         printf("found_maclen is not properly set\n");
     }
@@ -64,7 +65,7 @@ tv(void)
     }
     if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, ad,
-                                                  ADLEN, nonce, firstkey) != 0) {
+                                                   ADLEN, nonce, firstkey) != 0) {
         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed\n");
     }
     if (m2len != MLEN) {
@@ -75,9 +76,9 @@ tv(void)
     }
     memset(m2, 0, m2len);
     if (crypto_aead_xchacha20poly1305_ietf_decrypt_detached(m2, NULL,
-                                                           c, MLEN, mac,
-                                                           ad, ADLEN,
-                                                           nonce, firstkey) != 0) {
+                                                            c, MLEN, mac,
+                                                            ad, ADLEN,
+                                                            nonce, firstkey) != 0) {
         printf("crypto_aead_xchacha20poly1305_ietf_decrypt_detached() failed\n");
     }
     if (memcmp(m, m2, MLEN) != 0) {
@@ -87,14 +88,14 @@ tv(void)
     for (i = 0U; i < CLEN; i++) {
         c[i] ^= (i + 1U);
         if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, CLEN,
-                                                      ad, ADLEN, nonce, firstkey)
+                                                       ad, ADLEN, nonce, firstkey)
             == 0 || memcmp(m, m2, MLEN) == 0) {
             printf("message can be forged\n");
         }
         c[i] ^= (i + 1U);
     }
     crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
-                                              NULL, 0U, NULL, nonce, firstkey);
+                                               NULL, 0U, NULL, nonce, firstkey);
     if (found_clen != CLEN) {
         printf("clen is not properly set (adlen=0)\n");
     }
@@ -106,7 +107,7 @@ tv(void)
     }
     printf("\n");
     if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN,
-                                                  NULL, 0U, nonce, firstkey) != 0) {
+                                                   NULL, 0U, nonce, firstkey) != 0) {
         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
     }
     if (m2len != MLEN) {
@@ -138,7 +139,7 @@ tv(void)
     memcpy(c, m, MLEN);
     crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, c, MLEN,
-                                              NULL, 0U, NULL, nonce, firstkey);
+                                               NULL, 0U, NULL, nonce, firstkey);
     if (found_clen != CLEN) {
         printf("clen is not properly set (adlen=0)\n");
     }
@@ -151,7 +152,7 @@ tv(void)
     printf("\n");
     if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN,
-                                                  NULL, 0U, nonce, firstkey) != 0) {
+                                                   NULL, 0U, nonce, firstkey) != 0) {
         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
     }
     if (m2len != MLEN) {
@@ -161,8 +162,15 @@ tv(void)
         printf("m != c (adlen=0)\n");
     }
+    crypto_aead_xchacha20poly1305_ietf_keygen(key2);
+    if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN,
+                                                   NULL, 0U, nonce, key2) == 0) {
+        printf("crypto_aead_xchacha20poly1305_ietf_decrypt() with a wrong key should have failed\n");
+    }
     sodium_free(c);
     sodium_free(detached_c);
+    sodium_free(key2);
     sodium_free(mac);
     sodium_free(m2);
     sodium_free(m);
@@ -171,10 +179,12 @@ tv(void)
     assert(crypto_aead_xchacha20poly1305_ietf_npubbytes() == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
     assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == 0U);
     assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == crypto_aead_xchacha20poly1305_ietf_NSECBYTES);
+    assert(crypto_aead_xchacha20poly1305_ietf_messagebytes_max() == crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX);
     assert(crypto_aead_xchacha20poly1305_IETF_KEYBYTES  == crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
     assert(crypto_aead_xchacha20poly1305_IETF_NSECBYTES == crypto_aead_xchacha20poly1305_ietf_NSECBYTES);
     assert(crypto_aead_xchacha20poly1305_IETF_NPUBBYTES == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
     assert(crypto_aead_xchacha20poly1305_IETF_ABYTES    == crypto_aead_xchacha20poly1305_ietf_ABYTES);
+    assert(crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX == crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX);
     return 0;
 }

data/vendor/libsodium/test/default/auth.c CHANGED

@@ -19,6 +19,7 @@ int
 main(void)
 {
     crypto_auth_hmacsha512_state st;
+    crypto_auth_hmacsha256_state st256;
     size_t                       i;
     assert(crypto_auth_hmacsha512_statebytes() ==
@@ -52,6 +53,18 @@ main(void)
             printf("\n");
     }
+    memset(a2, 0, sizeof a2);
+    crypto_auth_hmacsha256_init(&st256, key2, sizeof key2);
+    crypto_auth_hmacsha256_update(&st256, NULL, 0U);
+    crypto_auth_hmacsha256_update(&st256, c, 1U);
+    crypto_auth_hmacsha256_update(&st256, c, sizeof c - 2U);
+    crypto_auth_hmacsha256_final(&st256, a2);
+    for (i = 0; i < sizeof a2; ++i) {
+        printf(",0x%02x", (unsigned int) a2[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
     assert(crypto_auth_bytes() > 0U);
     assert(crypto_auth_keybytes() > 0U);
     assert(strcmp(crypto_auth_primitive(), "hmacsha512256") == 0);

data/vendor/libsodium/test/default/auth.exp CHANGED

@@ -20,3 +20,11 @@
 ,0x31,0x8a,0x9a,0x0b,0x3b,0x78,0x60,0xa4
 ,0x31,0x6f,0x72,0x9b,0x8d,0x30,0x0f,0x15
 ,0x9b,0x2f,0x60,0x93,0xa8,0x60,0xc1,0xed
+,0x62,0x27,0xe4,0xce,0x7c,0x7f,0xe7,0xa4
+,0xba,0x9e,0x2a,0xc3,0x42,0xc3,0x5d,0x24
+,0x03,0x3e,0x38,0x8c,0x9b,0xdc,0x29,0x9b
+,0x4a,0x50,0x50,0xf6,0x71,0x70,0xf4,0x83
+,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00

data/vendor/libsodium/test/default/box.c CHANGED

@@ -87,6 +87,7 @@ main(void)
     assert(crypto_box_zerobytes() > 0U);
     assert(crypto_box_boxzerobytes() > 0U);
     assert(crypto_box_macbytes() > 0U);
+    assert(crypto_box_messagebytes_max() > 0U);
     assert(strcmp(crypto_box_primitive(), "curve25519xsalsa20poly1305") == 0);
     assert(crypto_box_curve25519xsalsa20poly1305_seedbytes() ==
            crypto_box_seedbytes());
@@ -104,6 +105,8 @@ main(void)
            crypto_box_boxzerobytes());
     assert(crypto_box_curve25519xsalsa20poly1305_macbytes() ==
            crypto_box_macbytes());
+    assert(crypto_box_curve25519xsalsa20poly1305_messagebytes_max() ==
+           crypto_box_messagebytes_max());
     return 0;
 }

data/vendor/libsodium/test/default/box2.c CHANGED

@@ -64,6 +64,8 @@ main(void)
     assert(ret == -1);
     memset(m, 0, sizeof m);
+    ret = crypto_box_beforenm(k, small_order_p, bobsk);
+    assert(ret == -1);
     ret = crypto_box_beforenm(k, alicepk, bobsk);
     assert(ret == 0);
     if (crypto_box_open_afternm(m, c, 163, nonce, k) == 0) {

data/vendor/libsodium/test/default/box_easy.c CHANGED

@@ -64,11 +64,8 @@ main(void)
     }
     printf("\n");
     c[randombytes_uniform(crypto_box_MACBYTES)]++;
-    ret =
-        crypto_box_open_easy(c, c, crypto_box_MACBYTES, nonce, bobpk, alicesk);
+    ret = crypto_box_open_easy(c, c, crypto_box_MACBYTES, nonce, bobpk, alicesk);
     assert(ret == -1);
-    assert(crypto_box_easy(c, m, SIZE_MAX - 1U, nonce, bobpk, alicesk) == -1);
     return 0;
 }

data/vendor/libsodium/test/default/box_easy2.c CHANGED

@@ -88,10 +88,10 @@ main(void)
     memset(m2, 0, m2_size);
-    if (crypto_box_easy_afternm(c, m, SIZE_MAX - 1U, nonce, k1) == 0) {
+    if (crypto_box_easy_afternm(c, m, 0, nonce, k1) != 0) {
         printf(
-            "crypto_box_easy_afternm() with a short ciphertext should have "
-            "failed\n");
+            "crypto_box_easy_afternm() with a null ciphertext should have "
+            "worked\n");
     }
     crypto_box_easy_afternm(c, m, (unsigned long long) mlen, nonce, k1);
     if (crypto_box_open_easy_afternm(
@@ -113,6 +113,10 @@ main(void)
     ret = crypto_box_detached(c, mac, m, (unsigned long long) mlen, nonce,
                               alicepk, bobsk);
     assert(ret == 0);
+    if (crypto_box_open_detached(m2, c, mac, (unsigned long long) mlen, nonce,
+                                 small_order_p, alicesk) != -1) {
+        printf("crypto_box_open_detached() with a weak key passed\n");
+    }
     if (crypto_box_open_detached(m2, c, mac, (unsigned long long) mlen, nonce,
                                  bobpk, alicesk) != 0) {
         printf("crypto_box_open_detached() failed\n");

data/vendor/libsodium/test/default/chacha20.c CHANGED

@@ -75,7 +75,7 @@ void tv(void)
     crypto_stream_chacha20_xor_ic(out, out, sizeof out, nonce, 1U, key);
     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
     printf("[%s]\n", out_hex);
-};
+}
 static
 void tv_ietf(void)
@@ -163,7 +163,7 @@ void tv_ietf(void)
     crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, 1U, key);
     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
     printf("[%s]\n", out_hex);
-};
+}
 int
 main(void)
@@ -172,8 +172,15 @@ main(void)
     tv_ietf();
     assert(crypto_stream_chacha20_keybytes() > 0U);
+    assert(crypto_stream_chacha20_keybytes() == crypto_stream_chacha20_KEYBYTES);
     assert(crypto_stream_chacha20_noncebytes() > 0U);
+    assert(crypto_stream_chacha20_noncebytes() == crypto_stream_chacha20_NONCEBYTES);
+    assert(crypto_stream_chacha20_messagebytes_max() == crypto_stream_chacha20_MESSAGEBYTES_MAX);
+    assert(crypto_stream_chacha20_ietf_keybytes() > 0U);
+    assert(crypto_stream_chacha20_ietf_keybytes() == crypto_stream_chacha20_ietf_KEYBYTES);
     assert(crypto_stream_chacha20_ietf_noncebytes() > 0U);
+    assert(crypto_stream_chacha20_ietf_noncebytes() == crypto_stream_chacha20_ietf_NONCEBYTES);
+    assert(crypto_stream_chacha20_ietf_messagebytes_max() == crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX);
     return 0;
 }

data/vendor/libsodium/test/default/cmptest.h CHANGED

@@ -30,7 +30,53 @@
 int xmain(void);
-#ifndef BROWSER_TESTS
+#ifdef BENCHMARKS
+# include <sys/time.h>
+# ifndef ITERATIONS
+#  define ITERATIONS 128
+# endif
+static unsigned long long now(void)
+{
+    struct             timeval tp;
+    unsigned long long now;
+    if (gettimeofday(&tp, NULL) != 0) {
+        abort();
+    }
+    now = ((unsigned long long) tp.tv_sec * 1000000ULL) +
+        (unsigned long long) tp.tv_usec;
+    return now;
+}
+int main(void)
+{
+    unsigned long long ts_start;
+    unsigned long long ts_end;
+    unsigned int       i;
+    if (sodium_init() != 0) {
+        return 99;
+    }
+    randombytes_set_implementation(&randombytes_salsa20_implementation);
+    ts_start = now();
+    for (i = 0; i < ITERATIONS; i++) {
+        if (xmain() != 0) {
+            abort();
+        }
+    }
+    ts_end = now();
+    printf("%llu\n", 1000000ULL * (ts_end - ts_start) / ITERATIONS);
+    return 0;
+}
+#define printf(...) do { } while(0)
+#elif !defined(BROWSER_TESTS)
 FILE *fp_res;

data/vendor/libsodium/test/default/codecs.c ADDED

@@ -0,0 +1,226 @@
+#define TEST_NAME "codecs"
+#include "cmptest.h"
+int
+main(void)
+{
+    unsigned char  buf1[1000];
+    char           buf3[33];
+    unsigned char  buf4[4];
+    const char    *b64;
+    char          *b64_;
+    const char    *b64_end;
+    unsigned char *bin;
+    unsigned char *bin_padded;
+    const char    *hex;
+    const char    *hex_end;
+    size_t         b64_len;
+    size_t         bin_len, bin_len2;
+    unsigned int   i;
+    printf("%s\n",
+           sodium_bin2hex(buf3, 33U, (const unsigned char *) "0123456789ABCDEF",
+                          16U));
+    hex = "Cafe : 6942";
+    sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len,
+                   &hex_end);
+    printf("%lu:%02x%02x%02x%02x\n", (unsigned long) bin_len,
+           buf4[0], buf4[1], buf4[2], buf4[3]);
+    printf("dt1: %ld\n", (long) (hex_end - hex));
+    hex = "Cafe : 6942";
+    sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, NULL);
+    printf("%lu:%02x%02x%02x%02x\n", (unsigned long) bin_len,
+           buf4[0], buf4[1], buf4[2], buf4[3]);
+    hex = "deadbeef";
+    if (sodium_hex2bin(buf1, 1U, hex, 8U, NULL, &bin_len, &hex_end) != -1) {
+        printf("sodium_hex2bin() overflow not detected\n");
+    }
+    printf("dt2: %ld\n", (long) (hex_end - hex));
+    hex = "de:ad:be:eff";
+    if (sodium_hex2bin(buf1, 4U, hex, 12U, ":", &bin_len, &hex_end) != -1) {
+        printf(
+            "sodium_hex2bin() with an odd input length and a short output "
+            "buffer\n");
+    }
+    printf("dt3: %ld\n", (long) (hex_end - hex));
+    hex = "de:ad:be:eff";
+    if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":",
+                       &bin_len, &hex_end) != -1) {
+        printf("sodium_hex2bin() with an odd input length\n");
+    }
+    printf("dt4: %ld\n", (long) (hex_end - hex));
+    hex = "de:ad:be:eff";
+    if (sodium_hex2bin(buf1, sizeof buf1, hex, 13U, ":",
+                       &bin_len, &hex_end) != -1) {
+        printf("sodium_hex2bin() with an odd input length (2)\n");
+    }
+    printf("dt5: %ld\n", (long) (hex_end - hex));
+    hex = "de:ad:be:eff";
+    if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":",
+                       &bin_len, NULL) != -1) {
+        printf("sodium_hex2bin() with an odd input length and no end pointer\n");
+    }
+    hex = "de:ad:be:ef*";
+    if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":",
+                       &bin_len, &hex_end) != 0) {
+        printf("sodium_hex2bin() with an extra character and an end pointer\n");
+    }
+    printf("dt6: %ld\n", (long) (hex_end - hex));
+    hex = "de:ad:be:ef*";
+    if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":",
+                       &bin_len, NULL) != -1) {
+        printf("sodium_hex2bin() with an extra character and no end pointer\n");
+    }
+    printf("%s\n",
+           sodium_bin2base64(buf3, 31U, (const unsigned char *) "\xfb\xf0\xf1" "0123456789ABCDEFab",
+                             21U, sodium_base64_VARIANT_ORIGINAL));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 33U, (const unsigned char *) "\xfb\xf0\xf1" "0123456789ABCDEFabc",
+                             22U, sodium_base64_VARIANT_ORIGINAL_NO_PADDING));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 31U, (const unsigned char *) "\xfb\xf0\xf1" "0123456789ABCDEFab",
+                             21U, sodium_base64_VARIANT_URLSAFE));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 33U, (const unsigned char *) "\xfb\xf0\xf1" "0123456789ABCDEFabc",
+                             22U, sodium_base64_VARIANT_URLSAFE_NO_PADDING));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 1U, NULL,
+                             0U, sodium_base64_VARIANT_ORIGINAL));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 5U, (const unsigned char *) "a",
+                             1U, sodium_base64_VARIANT_ORIGINAL));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 5U, (const unsigned char *) "ab",
+                             2U, sodium_base64_VARIANT_ORIGINAL));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 5U, (const unsigned char *) "abc",
+                             3U, sodium_base64_VARIANT_ORIGINAL));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 1U, NULL,
+                             0U, sodium_base64_VARIANT_ORIGINAL_NO_PADDING));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 3U, (const unsigned char *) "a",
+                             1U, sodium_base64_VARIANT_ORIGINAL_NO_PADDING));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 4U, (const unsigned char *) "ab",
+                             2U, sodium_base64_VARIANT_ORIGINAL_NO_PADDING));
+    printf("%s\n",
+           sodium_bin2base64(buf3, 5U, (const unsigned char *) "abc",
+                             3U, sodium_base64_VARIANT_ORIGINAL_NO_PADDING));
+    b64 = "VGhpcyBpcyBhIGpvdXJu" "\n" "ZXkgaW50by" " " "Bzb3VuZA==";
+    memset(buf4, '*', sizeof buf4);
+    assert(sodium_base642bin(buf4, sizeof buf4, b64, strlen(b64), "\n\r ", &bin_len,
+                             &b64_end, sodium_base64_VARIANT_ORIGINAL) == -1);
+    buf4[bin_len] = 0;
+    printf("[%s]\n", (const char *) buf4);
+    printf("[%s]\n", b64_end);
+    memset(buf1, '*', sizeof buf1);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), "\n\r ", &bin_len,
+                             &b64_end, sodium_base64_VARIANT_ORIGINAL) == 0);
+    buf1[bin_len] = 0;
+    printf("[%s]\n", (const char *) buf1);
+    assert(*b64_end == 0);
+    memset(buf1, '*', sizeof buf1);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, &bin_len,
+                             &b64_end, sodium_base64_VARIANT_ORIGINAL) == 0);
+    buf1[bin_len] = 0;
+    printf("[%s]\n", (const char *) buf1);
+    printf("[%s]\n", b64_end);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
+                             &b64_end, sodium_base64_VARIANT_ORIGINAL) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
+                             &b64_end, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL,
+                             &b64_end, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
+                             &b64_end, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL,
+                             &b64_end, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
+                             NULL, sodium_base64_VARIANT_ORIGINAL) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
+                             NULL, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL,
+                             NULL, sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL,
+                             NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL,
+                             NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == -1);
+    assert(sodium_base642bin(NULL, (size_t) 10U, "a=", (size_t) 2U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_URLSAFE) == -1);
+    assert(sodium_base642bin(NULL, (size_t) 10U, "a*", (size_t) 2U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_URLSAFE) == -1);
+    assert(sodium_base642bin(NULL, (size_t) 10U, "a*", (size_t) 2U, "~", NULL, NULL,
+                             sodium_base64_VARIANT_URLSAFE) == -1);
+    assert(sodium_base642bin(NULL, (size_t) 10U, "a*", (size_t) 2U, "*", NULL, NULL,
+                             sodium_base64_VARIANT_URLSAFE) == -1);
+    assert(sodium_base642bin(NULL, (size_t) 10U, "a==", (size_t) 3U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_URLSAFE) == -1);
+    assert(sodium_base642bin(NULL, (size_t) 10U, "a=*", (size_t) 3U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_URLSAFE) == -1);
+    assert(sodium_base642bin(NULL, (size_t) 10U, "a=*", (size_t) 3U, "~", NULL, NULL,
+                             sodium_base64_VARIANT_URLSAFE) == -1);
+    assert(sodium_base642bin(NULL, (size_t) 10U, "a=*", (size_t) 3U, "*", NULL, NULL,
+                             sodium_base64_VARIANT_URLSAFE) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, "O1R", (size_t) 3U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, "O1Q", (size_t) 3U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, "O1", (size_t) 2U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, "Ow", (size_t) 2U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, "O", (size_t) 1U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, "kaw", (size_t) 3U, NULL, NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, "kQ*", (size_t) 3U, "@", NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, "kQ*", (size_t) 3U, "*", NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL) == -1);
+    assert(sodium_base642bin(buf1, sizeof buf1, "kaw=**", (size_t) 6U, "*", NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, "kaw*=*", (size_t) 6U, "~*", NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL) == 0);
+    assert(sodium_base642bin(buf1, sizeof buf1, "ka*w*=*", (size_t) 7U, "*~", NULL, NULL,
+                             sodium_base64_VARIANT_ORIGINAL) == 0);
+    for (i = 0; i < 1000; i++) {
+        assert(sizeof buf1 >= 100);
+        bin_len = (size_t) randombytes_uniform(100);
+        bin = (unsigned char *) sodium_malloc(bin_len);
+        b64_len = (bin_len + 2U) / 3U * 4U + 1U;
+        assert(b64_len == sodium_base64_encoded_len(bin_len, sodium_base64_VARIANT_URLSAFE));
+        b64_ = (char *) sodium_malloc(b64_len);
+        randombytes_buf(bin, bin_len);
+        memcpy(buf1, bin, bin_len);
+        b64 = sodium_bin2base64(b64_, b64_len, bin, bin_len,
+                                sodium_base64_VARIANT_URLSAFE);
+        assert(b64 != NULL);
+        assert(sodium_base642bin(bin, bin_len + 10, b64, b64_len,
+                                 NULL, NULL, &b64_end,
+                                 sodium_base64_VARIANT_URLSAFE) == 0);
+        assert(b64_end == &b64[b64_len - 1]);
+        assert(memcmp(bin, buf1, bin_len) == 0);
+        sodium_free(bin);
+        sodium_free(b64_);
+    }
+    return 0;
+}