Re: (ITS#8230) [new PATCH] totp: bug fixes and improvements

[peter@adpm.de]

Hi,

Please have a look at the improved patch series in
	https://github.com/marschap/openldap/commits/contrib-totp2
It tries to address all the issues highlighted on the first version.

https://github.com/marschap/openldap/commit/e4e1045f59368af8d15172ad22fcc0fd1d99a28b
	contrib/passwd/totp: flexibilize decoding
    
	In function totp_b32_pton()
	- allow lowercase characters in encoded string too
	- allow padding to be omitted (totally, not only parts)
	With this added flexibility we can make use of keys encoded
	by other Base32-encoding implementations.
    
	In function chk_totp() determine the space required to hold the decoded
	key by calling totp_b32_pton() with a NULL argument for the target.

    Changes to previous version:
	- toupper()'s argument guarded with a cast to (unsigned char)
	- added rationale to commit message

https://github.com/marschap/openldap/commit/edfa2b0fb3238ca9f231fa75bd452b4221f9431d
	contrib/passwd/totp: fix the big-endian case, support 32-bit archs
    
	- reverse tval in the WORDS_BIGENDIAN case before converting it to a
	  string
	- use uint64_t for tval to have it correctly sized on 32-bit archs too	
	- avoid magic number when converting tval to a string

    Changes to previous version: 
	- complete rewrite

https://github.com/marschap/openldap/commit/24007f02cebb0b7f801288b02d0ac8c2f1d4ea05
	contrib/passwd/totp: fix decoding when padding is used
    
	In totp_b32_pton(), correctly count the number of '=' padding chars
	at the end of the base-32 encoded string: don't count the first
	padding char char twice.

	Note: '*str++' evaluates *str first and increases str later!

    Changes to previous version:
	- commit message only

https://github.com/marschap/openldap/commit/435619ccd8be1b62f86db67643bca7775ead65dc
	contrib/passwd/totp: support compiling using nettle

    Changes to previous version:
	- rewrite, concentrating the #ifdef's as much as possible

Best
Peter

-- 
Peter Marschall
peter@adpm.de