weecrypto_totp_validate compared the generated and client-supplied OTPs
with strcmp and broke out of the time-window loop on the first match.
Both choices leaked information via response timing: strcmp leaked the
expected OTP digit-by-digit (shrinking the brute-force search from
~10^digits to a handful of guesses within the 30-second window), and
the early break leaked which window offset matched.
Compare in constant time with string_memcmp_constant_time and always
iterate the full window, OR-ing the result into otp_ok without an
early exit.
This affects both relay protocols (which call totp_validate via the
public info hook) and any other caller of the info hook.
Bump the requirement to v1.8.0, which means we can remove ~70% of the
ifdef guard.
It was released over 8 years ago, with 3 new feature releases since
then and dozen of bugfix releases in the 1.8 branch.
The oldest distributions we target Ubuntu 20.04 and Debian Bullseye,
have 1.8.5 and 1.8.7 respectively.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>