Fix verification using bitwise OR on booleans

Problem: Using bitwise operations on booleans doesn't make any sense,
and I didn't even catch that this was a problem until I ran `tsc` on the
codebase and saw the complaint. Static analysis rocks. In the libsodium
code these methods return `0` or `-1`, so the bitwise OR acts like a
boolean AND (`(0 | -1) === -1` like `(true && false === false)`.

Solution: Convert bitwise OR to boolean AND and then confirm that this
is the reason that the faulty truncated comparison fixed in fa39bc5 is
now captured by the tests in my pull request into sodium-test.

See-Also: https://github.com/sodium-friends/sodium-test/pull/14

crypto_auth.js

@@ -26,7 +26,7 @@ function crypto_auth_hmacsha256 (out, input, k) {
 function crypto_auth_hmacsha256_verify (h, input, k) {
   const correct = Sha256.HMAC(k).update(input).digest()
 
-  return crypto_verify_32(h, 0, correct, 0) | sodium_memcmp(correct, h, 32)
+  return crypto_verify_32(h, 0, correct, 0) && sodium_memcmp(correct, h, 32)
 }
 
 function crypto_auth_hmacsha512 (out, input, k) {
@@ -40,7 +40,7 @@ function crypto_auth_hmacsha512 (out, input, k) {
 function crypto_auth_hmacsha512_verify (h, input, k) {
   const correct = Sha512.HMAC(k).update(input).digest()
 
-  return crypto_verify_64(h, 0, correct, 0) | sodium_memcmp(correct, h, 64)
+  return crypto_verify_64(h, 0, correct, 0) && sodium_memcmp(correct, h, 64)
 }
 
 function crypto_auth_hmacsha512256 (out, input, k) {
@@ -57,7 +57,7 @@ function crypto_auth_hmacsha512256 (out, input, k) {
 function crypto_auth_hmacsha512256_verify (h, input, k) {
   const correct = Sha512.HMAC(k).update(input).digest()
 
-  return crypto_verify_32(h, 0, correct, 0) | sodium_memcmp(correct.subarray(0, 32), h, 32)
+  return crypto_verify_32(h, 0, correct, 0) && sodium_memcmp(correct.subarray(0, 32), h, 32)
 }
 
 function crypto_auth (out, input, k) {