[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8230) [new PATCH] totp: bug fixes and improvements


Please have a look at the improved patch series in
It tries to address all the issues highlighted on the first version.

	contrib/passwd/totp: flexibilize decoding
	In function totp_b32_pton()
	- allow lowercase characters in encoded string too
	- allow padding to be omitted (totally, not only parts)
	With this added flexibility we can make use of keys encoded
	by other Base32-encoding implementations.
	In function chk_totp() determine the space required to hold the decoded
	key by calling totp_b32_pton() with a NULL argument for the target.

    Changes to previous version:
	- toupper()'s argument guarded with a cast to (unsigned char)
	- added rationale to commit message

	contrib/passwd/totp: fix the big-endian case, support 32-bit archs
	- reverse tval in the WORDS_BIGENDIAN case before converting it to a
	- use uint64_t for tval to have it correctly sized on 32-bit archs too	
	- avoid magic number when converting tval to a string

    Changes to previous version: 
	- complete rewrite

	contrib/passwd/totp: fix decoding when padding is used
	In totp_b32_pton(), correctly count the number of '=' padding chars
	at the end of the base-32 encoded string: don't count the first
	padding char char twice.

	Note: '*str++' evaluates *str first and increases str later!

    Changes to previous version:
	- commit message only

	contrib/passwd/totp: support compiling using nettle

    Changes to previous version:
	- rewrite, concentrating the #ifdef's as much as possible


Peter Marschall