Fix an overflow for 10-digits OTP
This commit is contained in:
parent
0b93ea8653
commit
4d2024128e
17
otp.c
17
otp.c
@ -26,12 +26,20 @@ otp(const EVP_MD *evp_md, const void *key, int key_len, uint64_t counter,
|
|||||||
unsigned char md_value[EVP_MAX_MD_SIZE];
|
unsigned char md_value[EVP_MAX_MD_SIZE];
|
||||||
uint8_t buf[8];
|
uint8_t buf[8];
|
||||||
uint32_t res;
|
uint32_t res;
|
||||||
unsigned int md_len, modulo, offset;
|
int32_t modulo;
|
||||||
|
unsigned int md_len, offset;
|
||||||
|
|
||||||
if (digits < 6 || digits > 10)
|
if (digits < 6 || digits > 10)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 10 digits would be 10_000_000_000, which overflows 32 bits.
|
||||||
|
* Nevertheless, given the number construction, 10 digits OTP are
|
||||||
|
* possible. We won't apply reminder operator in that case.
|
||||||
|
*/
|
||||||
|
if (digits < 10)
|
||||||
for (modulo = 1000000; digits > 6; digits--, modulo *= 10)
|
for (modulo = 1000000; digits > 6; digits--, modulo *= 10)
|
||||||
;
|
continue;
|
||||||
|
|
||||||
/* convert counter to big endian */
|
/* convert counter to big endian */
|
||||||
buf[0] = counter >> 56;
|
buf[0] = counter >> 56;
|
||||||
@ -46,14 +54,15 @@ otp(const EVP_MD *evp_md, const void *key, int key_len, uint64_t counter,
|
|||||||
if (HMAC(evp_md, key, key_len, buf, sizeof(buf), md_value, &md_len) ==
|
if (HMAC(evp_md, key, key_len, buf, sizeof(buf), md_value, &md_len) ==
|
||||||
NULL)
|
NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
offset = md_value[md_len - 1] & 0xf;
|
offset = md_value[md_len - 1] & 0xf;
|
||||||
res = (md_value[offset] << 24) |
|
res = (md_value[offset] << 24) |
|
||||||
(md_value[offset + 1] << 16) |
|
(md_value[offset + 1] << 16) |
|
||||||
(md_value[offset + 2] << 8) |
|
(md_value[offset + 2] << 8) |
|
||||||
md_value[offset + 3];
|
md_value[offset + 3];
|
||||||
res &= ~0x80000000;
|
res &= 0x7fffffff;
|
||||||
|
|
||||||
return (int32_t)res % modulo;
|
return digits == 10 ? (int32_t)res : (int32_t)res % modulo;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t
|
int32_t
|
||||||
|
Loading…
Reference in New Issue
Block a user