New release 5.8.1.1

FIX: In some cases, the HOTP/TOTP was not well computed
multiOTP · Mar 14, 2021 · c3ec1b4 · c3ec1b4
1 parent 5af23b0
commit c3ec1b4
Show file tree

Hide file tree

Showing 18 changed files with 76 additions and 73 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -15,8 +15,8 @@
 # Please check http://www.multiOTP.net/ and you will find the magic button ;-)
 #
 # @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
-# @version   5.8.1.0
-# @date      2021-02-12
+# @version   5.8.1.1
+# @date      2021-03-14
 # @since     2013-11-29
 # @copyright (c) 2013-2018 by SysCo systemes de communication sa
 # @copyright GNU Lesser General Public License
@@ -40,7 +40,7 @@ MAINTAINER Andre Liechti <[email protected]>
 LABEL Description="multiOTP open source, running on Debian ${DEBIAN} with PHP${PHPVERSION}." \
       License="LGPL-3.0" \
       Usage="docker run --mount source=[SOURCE PERSISTENT VOLUME],target=/etc/multiotp -p [HOST WWW PORT NUMBER]:80 -p [HOST SSL PORT NUMBER]:443 -p [HOST RADIUS-AUTH PORT NUMBER]:1812/udp -p [HOST RADIUS-ACCNT PORT NUMBER]:1813/udp -d multiotp-open-source" \
-      Version="5.8.1.0"
+      Version="5.8.1.1"
 
 ARG DEBIAN_FRONTEND=noninteractive
 

diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ multiOTP open source is OATH certified for HOTP/TOTP
 (c) 2010-2021 SysCo systemes de communication sa  
 http://www.multiOTP.net/
 
-Current build: 5.8.1.0 (2021-02-12)
+Current build: 5.8.1.1 (2021-03-14)
 
 Binary download: https://download.multiotp.net/ (including virtual appliance image)
 
@@ -311,6 +311,7 @@ WHAT'S NEW IN THE RELEASES
 CHANGE LOG OF RELEASED VERSIONS
 ===============================
 ```
+2021-03-14 5.8.1.1 FIX: In some cases, the HOTP/TOTP was not well computed
 2021-02-12 5.8.1.0 ENH: Enhanced Web GUI accounts list (green=AD/LDAP synced, orange = delayed, red=locked)
 2020-12-11 5.8.0.7 ENH: -sync-delete-retention-days= option is set by default to 30 days
 2020-12-11 5.8.0.6 ENH: VM version 010 support  (Debian Buster 10.5, PHP 7.3, FreeRADIUS 3.0.17)
@@ -1678,7 +1679,7 @@ MULTIOTP COMMAND LINE TOOL
 ==========================
 
 ``` 
-multiOTP 5.8.1.0 (2021-02-12)
+multiOTP 5.8.1.1 (2021-03-14)
 (c) 2010-2021 SysCo systemes de communication sa
 http://www.multiOTP.net   (you can try the [Donate] button ;-)
 
@@ -2178,8 +2179,8 @@ Visit https://forum.multiotp.net/ for additional support
 ``` 
 
 ``` 
-Hash verification for multiotp_5.8.1.0.zip 
-SHA256:5dae5af747d3cbe277f8de82eb24d2a1b506ea8959d755558cc515a5a1b1adfc 
-SHA1:668efe435de0a205f27f387a75b28a6859a291e6 
-MD5:67f045efa7bab63f09afd0d71e69037d 
+Hash verification for multiotp_5.8.1.1.zip 
+SHA256:9cd03e212323964cd8c9fc2a132a01792d9cc5186c02125d0f06aef957801711 
+SHA1:f45b31f5cd7fe596ff7ff8090316b1fbbd611016 
+MD5:5d0b90c902edc5f21df5e528001835b3 
 ``` 
diff --git a/check.multiotp.class.php b/check.multiotp.class.php
@@ -22,8 +22,8 @@
  * PHP 5.3.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2013-07-10
  * @copyright (c) 2013-2021 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License

diff --git a/checkmultiotp.cmd b/checkmultiotp.cmd
@@ -11,8 +11,8 @@ REM
 REM Windows batch file for Windows 2K/XP/2003/7/2008/8/2012/10/2019
 REM
 REM @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
-REM @version   5.8.1.0
-REM @date      2021-02-12
+REM @version   5.8.1.1
+REM @date      2021-03-14
 REM @since     2010-07-10
 REM @copyright (c) 2010-2021 SysCo systemes de communication sa
 REM @copyright GNU Lesser General Public License

diff --git a/launcher/ReadMe.txt b/launcher/ReadMe.txt
@@ -15,8 +15,8 @@ The multiOTP C++ launcher is simply used to launch PHP
 and run multiotp.windows.php with the provided arguments.
 
 @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
-@version   5.8.1.0
-@date      2021-02-12
+@version   5.8.1.1
+@date      2021-03-14
 @since     2016-12-08
 @copyright (c) 2010-2021 SysCo systemes de communication sa
 @copyright GNU Lesser General Public License

diff --git a/launcher/launcher.cpp b/launcher/launcher.cpp
@@ -14,8 +14,8 @@
  * and run multiotp.windows.php with the provided arguments.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2016-12-08
  * @copyright (c) 2010-2021 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License
@@ -68,8 +68,8 @@
 #include <iostream>
 
 #define SOFTWARE    "LAUNCHPHPMULTIOTP"
-#define VER_NUMBER  "5.8.1.0"
-#define VER_DATE    "2021-02-12"
+#define VER_NUMBER  "5.8.1.1"
+#define VER_DATE    "2021-03-14"
 
 int _tmain(int argc, _TCHAR* argv[])
 {

diff --git a/multiotp.class.php b/multiotp.class.php
@@ -72,8 +72,8 @@
  * PHP 5.3.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2010-06-08
  * @copyright (c) 2010-2021 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License
@@ -513,6 +513,7 @@
  *
  * Change Log
  *
+ *   2021-03-14 5.8.1.1 SysCo/al FIX: In some cases, the HOTP/TOTP was not well computed
  *   2021-02-12 5.8.1.0 SysCo/al ENH: Enhanced Web GUI accounts list (green=AD/LDAP synced, orange = delayed, red=locked)
  *   2020-12-11 5.8.0.7 SysCo/al ENH: -sync-delete-retention-days= option is set by default to 30 days
  *   2020-12-11 5.8.0.6 SysCo/al ENH: VM version 010 support  (Debian Buster 10.5, PHP 7.3, FreeRADIUS 3.0.17)
@@ -873,8 +874,8 @@ class Multiotp
  * @brief     Main class definition of the multiOTP project.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2010-07-18
  */
 {
@@ -968,8 +969,8 @@ class Multiotp
    * @retval  void
    *
    * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
-   * @version   5.8.1.0
-   * @date      2021-02-12
+   * @version   5.8.1.1
+   * @date      2021-03-14
    * @since     2010-07-18
    */
   function __construct(
@@ -993,11 +994,11 @@ function __construct(
 
       if (!isset($this->_class)) { $this->_class = base64_decode('bXVsdGlPVFA='); }
       if (!isset($this->_version)) {
-        $temp_version = '@version   5.8.1.0'; // You should add a suffix for your changes (for example 5.0.3.2-andy-2016-10-XX)
+        $temp_version = '@version   5.8.1.1'; // You should add a suffix for your changes (for example 5.0.3.2-andy-2016-10-XX)
         $this->_version = trim(mb_substr($temp_version, 8));
       }
       if (!isset($this->_date)) {
-        $temp_date = '@date      2021-02-12'; // You should update the date with the date of your changes
+        $temp_date = '@date      2021-03-14'; // You should update the date with the date of your changes
         $this->_date = trim(mb_substr($temp_date, 8));
       }
       if (!isset($this->_copyright)) { $this->_copyright = base64_decode('KGMpIDIwMTAtMjAyMSBTeXNDbyBzeXN0ZW1lcyBkZSBjb21tdW5pY2F0aW9uIHNh'); }
@@ -8090,7 +8091,7 @@ function ComputeMotp(
       $timestep,
       $token_size
   ) {
-      return mb_strtolower(mb_substr(md5($timestep.$seed_and_pin),0,$token_size),'UTF-8');
+      return strtolower(substr(md5($timestep.$seed_and_pin),0,$token_size));
   }
 
 
@@ -8127,7 +8128,7 @@ function GenerateOathHotp(
    * Short description: Compute the OATH defined hash
    *
    * Creation 2010-06-07
-   * Update 2010-07-19
+   * Update 2021-03-14
    * @package multiotp
    * @version 3.0.0
    * @author SysCo/al
@@ -8152,25 +8153,25 @@ function ComputeOathHotp(
       }
       $bin_counter = implode($cur_counter);
       // Pad to 8 chars
-      if (mb_strlen ($bin_counter) < 8)
+      if (strlen ($bin_counter) < 8)
       {
-          $bin_counter = str_repeat(chr(0), 8 - mb_strlen($bin_counter)) . $bin_counter;
+          $bin_counter = str_repeat(chr(0), 8 - strlen($bin_counter)) . $bin_counter;
       }
 
       // HMAC hash
-      if ('HMAC-SHA512' == mb_strtoupper($hash_algo,'UTF-8'))
+      if ('HMAC-SHA512' == strtoupper($hash_algo))
       {
           $hash = hash_hmac('sha512', $bin_counter, $key);
       }
-      elseif ('HMAC-SHA256' == mb_strtoupper($hash_algo,'UTF-8'))
+      elseif ('HMAC-SHA256' == strtoupper($hash_algo))
       {
           $hash = hash_hmac('sha256', $bin_counter, $key);
       }
-      elseif ('HMAC-MD5' == mb_strtoupper($hash_algo,'UTF-8'))
+      elseif ('HMAC-MD5' == strtoupper($hash_algo))
       {
           $hash = hash_hmac('md5', $bin_counter, $key);
       }
-      else // if ('HMAC-SHA1' == mb_strtoupper($hash_algo,'UTF-8'))
+      else // if ('HMAC-SHA1' == strtoupper($hash_algo))
       {
           $hash = hash_hmac('sha1', $bin_counter, $key);
       }

diff --git a/multiotp.cli.header.php b/multiotp.cli.header.php
@@ -35,8 +35,8 @@
  * PHP 5.3.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2010-06-08
  * @copyright (c) 2010-2021 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License

diff --git a/multiotp.cli.proxy.php b/multiotp.cli.proxy.php
@@ -15,8 +15,8 @@
  * PHP 5.3.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2010-06-08
  * @copyright (c) 2010-2021 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License

diff --git a/multiotp.php b/multiotp.php
@@ -37,8 +37,8 @@
  * PHP 5.3.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2010-06-08
  * @copyright (c) 2010-2021 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License
@@ -664,8 +664,8 @@
  * PHP 5.3.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2010-06-08
  * @copyright (c) 2010-2021 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License
@@ -1105,6 +1105,7 @@
  *
  * Change Log
  *
+ *   2021-03-14 5.8.1.1 SysCo/al FIX: In some cases, the HOTP/TOTP was not well computed
  *   2021-02-12 5.8.1.0 SysCo/al ENH: Enhanced Web GUI accounts list (green=AD/LDAP synced, orange = delayed, red=locked)
  *   2020-12-11 5.8.0.7 SysCo/al ENH: -sync-delete-retention-days= option is set by default to 30 days
  *   2020-12-11 5.8.0.6 SysCo/al ENH: VM version 010 support  (Debian Buster 10.5, PHP 7.3, FreeRADIUS 3.0.17)
@@ -1465,8 +1466,8 @@ class Multiotp
  * @brief     Main class definition of the multiOTP project.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2010-07-18
  */
 {
@@ -1560,8 +1561,8 @@ class Multiotp
    * @retval  void
    *
    * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
-   * @version   5.8.1.0
-   * @date      2021-02-12
+   * @version   5.8.1.1
+   * @date      2021-03-14
    * @since     2010-07-18
    */
   function __construct(
@@ -1585,11 +1586,11 @@ function __construct(
 
       if (!isset($this->_class)) { $this->_class = base64_decode('bXVsdGlPVFA='); }
       if (!isset($this->_version)) {
-        $temp_version = '@version   5.8.1.0'; // You should add a suffix for your changes (for example 5.0.3.2-andy-2016-10-XX)
+        $temp_version = '@version   5.8.1.1'; // You should add a suffix for your changes (for example 5.0.3.2-andy-2016-10-XX)
         $this->_version = trim(mb_substr($temp_version, 8));
       }
       if (!isset($this->_date)) {
-        $temp_date = '@date      2021-02-12'; // You should update the date with the date of your changes
+        $temp_date = '@date      2021-03-14'; // You should update the date with the date of your changes
         $this->_date = trim(mb_substr($temp_date, 8));
       }
       if (!isset($this->_copyright)) { $this->_copyright = base64_decode('KGMpIDIwMTAtMjAyMSBTeXNDbyBzeXN0ZW1lcyBkZSBjb21tdW5pY2F0aW9uIHNh'); }
@@ -8682,7 +8683,7 @@ function ComputeMotp(
       $timestep,
       $token_size
   ) {
-      return mb_strtolower(mb_substr(md5($timestep.$seed_and_pin),0,$token_size),'UTF-8');
+      return strtolower(substr(md5($timestep.$seed_and_pin),0,$token_size));
   }
 
 
@@ -8719,7 +8720,7 @@ function GenerateOathHotp(
    * Short description: Compute the OATH defined hash
    *
    * Creation 2010-06-07
-   * Update 2010-07-19
+   * Update 2021-03-14
    * @package multiotp
    * @version 3.0.0
    * @author SysCo/al
@@ -8744,25 +8745,25 @@ function ComputeOathHotp(
       }
       $bin_counter = implode($cur_counter);
       // Pad to 8 chars
-      if (mb_strlen ($bin_counter) < 8)
+      if (strlen ($bin_counter) < 8)
       {
-          $bin_counter = str_repeat(chr(0), 8 - mb_strlen($bin_counter)) . $bin_counter;
+          $bin_counter = str_repeat(chr(0), 8 - strlen($bin_counter)) . $bin_counter;
       }
 
       // HMAC hash
-      if ('HMAC-SHA512' == mb_strtoupper($hash_algo,'UTF-8'))
+      if ('HMAC-SHA512' == strtoupper($hash_algo))
       {
           $hash = hash_hmac('sha512', $bin_counter, $key);
       }
-      elseif ('HMAC-SHA256' == mb_strtoupper($hash_algo,'UTF-8'))
+      elseif ('HMAC-SHA256' == strtoupper($hash_algo))
       {
           $hash = hash_hmac('sha256', $bin_counter, $key);
       }
-      elseif ('HMAC-MD5' == mb_strtoupper($hash_algo,'UTF-8'))
+      elseif ('HMAC-MD5' == strtoupper($hash_algo))
       {
           $hash = hash_hmac('md5', $bin_counter, $key);
       }
-      else // if ('HMAC-SHA1' == mb_strtoupper($hash_algo,'UTF-8'))
+      else // if ('HMAC-SHA1' == strtoupper($hash_algo))
       {
           $hash = hash_hmac('sha1', $bin_counter, $key);
       }

diff --git a/multiotp.server.php b/multiotp.server.php
@@ -27,8 +27,8 @@
  * PHP 5.3.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
- * @version   5.8.1.0
- * @date      2021-02-12
+ * @version   5.8.1.1
+ * @date      2021-03-14
  * @since     2013-08-06
  * @copyright (c) 2013-2021 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License

diff --git a/radius_debug.cmd b/radius_debug.cmd
@@ -9,8 +9,8 @@ REM
 REM Windows batch file for Windows 2K/XP/2003/7/2008/8/2012/10
 REM
 REM @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
-REM @version   5.8.1.0
-REM @date      2021-02-12
+REM @version   5.8.1.1
+REM @date      2021-03-14
 REM @since     2014-04-22
 REM @copyright (c) 2014-2021 SysCo systemes de communication sa
 REM @copyright GNU Lesser General Public License

diff --git a/radius_install.cmd b/radius_install.cmd
@@ -9,8 +9,8 @@ REM
 REM Windows batch file for Windows 2K/XP/2003/7/2008/8/2012/10
 REM
 REM @author    Andre Liechti, SysCo systemes de communication sa, <[email protected]>
-REM @version   5.8.1.0
-REM @date      2021-02-12
+REM @version   5.8.1.1
+REM @date      2021-03-14
 REM @since     2013-08-20
 REM @copyright (c) 2013-2021 SysCo systemes de communication sa
 REM @copyright GNU Lesser General Public License