Skip to content

Miscellaneous patches#30

Merged
tilkinsc merged 10 commits into
tilkinsc:masterfrom
freddy77:misc
Nov 24, 2025
Merged

Miscellaneous patches#30
tilkinsc merged 10 commits into
tilkinsc:masterfrom
freddy77:misc

Conversation

@freddy77
Copy link
Copy Markdown
Contributor

@freddy77 freddy77 commented Nov 17, 2025

A bunch of not so related changes, mostly minor.

Remove misleading comment

get_current_time() is not used to seed random number generators.

Use time() to compute epoch time

Simplify get_current_time() function as time() is common to more systems.
Also is more portable allowing to support more systems.

Wrap C function for C++ in headers

This allows to include just C headers in C++ code.
This format is also more common.

Remove useless cast

POWERS items are already uint64_t.

Avoid hmac overflows in otp_generate

Returns OTP_ERROR instead.

Minor style changes

Use mnemonics to test otp_num_to_bytestring results.
Simply copy the pointer for base32_secret string.

Simplify otp_byte_secret computation

Avoids the complex shifts to compute output.

Do not rebuild tests if not changed

test_c and test_cpp are real target, so remove them from the phony list otherwise they get rebuild even if not changed.

Use proper C declaration for functions not taking arguments

For historic reasons without anything the functions are allows to take any argument, better state that there are no argument.

Make test.c a proper test

Returns success or error based on tests.

@freddy77
Remove misleading comment
131df4d 
get_current_time() is not used to seed random number generators.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Use time() to compute epoch time
b447c47 
Simplify get_current_time() function as time() is common to
more systems.
Also is more portable allowing to support more systems.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Wrap C function for C++ in headers
16629f7 
This allows to include just C headers in C++ code.
This format is also more common.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Remove useless cast
31712dd 
POWERS items are already uint64_t.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Avoid hmac overflows in otp_generate
f1032d5 
Returns OTP_ERROR instead.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Minor style changes
1f66d09 
Use mnemonics to test otp_num_to_bytestring results.
Simply copy the pointer for base32_secret string.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Simplify otp_byte_secret computation
416788a 
Avoids the complex shifts to compute output.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Do not rebuild tests if not changed
84b569b 
test_c and test_cpp are real target, so remove them from the
phony list otherwise they get rebuild even if not changed.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Use proper C declaration for functions not taking arguments
9038da7 
For historic reasons without anything the functions are allows
to take any argument, better state that there are no argument.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@tilkinsc
Copy link
Copy Markdown
Owner

tilkinsc commented Nov 23, 2025

Thanks for the PR. I have been on a coders block for a bit. I will review this.

@tilkinsc
Copy link
Copy Markdown
Owner

tilkinsc commented Nov 23, 2025
edited
Loading

Could you synchronize your changes with the success bool with main.cpp with main.c Also, you changed up the way otp_generate() works. I am not sure on the specifics of how I implemented it (years ago). Have you done any sort of comprehensive test against the results of its generations?

Other than that, LGTM

@freddy77
Make test.c and test.cpp proper tests
8c4f6d0 
Returns success or error based on tests.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
@freddy77
Copy link
Copy Markdown
Contributor Author

freddy77 commented Nov 24, 2025

Could you synchronize your changes with the success bool with main.cpp with main.c Also, you changed up the way otp_generate() works. I am not sure on the specifics of how I implemented it (years ago). Have you done any sort of comprehensive test against the results of its generations?

Other than that, LGTM

Done the sync of the C++ test.
About otp_generate() I didn't change that much to be honest. They are more style changes and buffer checks. They may look more but no.
About the testing I did some manual testing using various websites and programs (like FreeOTP) confirming the tokens were correct. Also I used the test programs (that's why I added the checks). I doubt that I wrong change would make the tests pass.

@tilkinsc
Copy link
Copy Markdown
Owner

tilkinsc commented Nov 24, 2025

Lgtm I don't see any security vulnerabilities with your changes. I'm not sure about the complex bit shifts still but whatever. The code is generally nicer.

@tilkinsc tilkinsc merged commit 7976053 into tilkinsc:master Nov 24, 2025
@freddy77 freddy77 deleted the misc branch November 25, 2025 22:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@freddy77 @tilkinsc