wrong size of variable counter

[ubilog]

Hi, I have noticed that the in function

void hotp(const u_char *key, size_t keylen, u_long counter, int ndigits, char *buf10, char *buf16, size_t buflen)

the counter is u_long (unsigned long).
But on many platforms this type is 32 bit long, not 64 as required by the algorithm (and the RFC).
In the internal loop where counter is shifted with operator <<=, it will run out of bytes after the 4th round.

For counters > 2^32, the OTP will be different according to the platform on which you compile (on i386 the unsigned long is 32 bit only, 64 on OSX, etc.)!!!

This is nothing terrible as long as the library is used as a pure HOTP library because unlikely you're going to use counters > 2^32, but it prevents from using the code as a base for more complex algorithms such as OCRA.

I suggest to rely on something like stdint.h and use uint64_t as for the type of variable counter.
Similar issues may be present for other variables.

[archiecobbs]

Thanks. Fixed in 192fd2e.