From b3b4ef648b0a858c4183dba28071b2c84ef31a7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Wed, 23 Jun 2021 20:46:53 +0200
Subject: [PATCH] core: fix use of uninitialized hash when call to
 weecrypto_hmac fails

---
 src/core/wee-crypto.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/core/wee-crypto.c b/src/core/wee-crypto.c
index 119230996..aa13b71a4 100644
--- a/src/core/wee-crypto.c
+++ b/src/core/wee-crypto.c
@@ -318,7 +318,7 @@ weecrypto_totp_generate_internal (const char *secret, int length_secret,
 {
     uint64_t moving_factor_swapped;
     char hash[20];
-    int offset, length;
+    int rc, offset, length;
     unsigned long bin_code;
 
     moving_factor_swapped = (moving_factor >> 56)
@@ -330,10 +330,12 @@ weecrypto_totp_generate_internal (const char *secret, int length_secret,
         | ((moving_factor >> 40) & 0x000000000000FF00)
         | (moving_factor << 56);
 
-    weecrypto_hmac (secret, length_secret,
-                    &moving_factor_swapped, sizeof (moving_factor_swapped),
-                    GCRY_MD_SHA1,
-                    hash, NULL);
+    rc = weecrypto_hmac (secret, length_secret,
+                         &moving_factor_swapped, sizeof (moving_factor_swapped),
+                         GCRY_MD_SHA1,
+                         hash, NULL);
+    if (!rc)
+        return 0;
 
     offset = hash[19] & 0xf;
     bin_code = (hash[offset] & 0x7f) << 24