diff --git a/lib/liboath/oath_hotp.c b/lib/liboath/oath_hotp.c
index f22c83a..f748612 100644
--- a/lib/liboath/oath_hotp.c
+++ b/lib/liboath/oath_hotp.c
@@ -121,13 +121,13 @@ oath_hotp_match(struct oath_key *k, unsigned int response, int window)
 
 	if (k == NULL)
 		return (-1);
-	if (window < 1)
+	if (window < 0)
 		return (-1);
 	if (k->mode != om_hotp)
 		return (-1);
-	if (k->counter >= UINT64_MAX - window)
+	if (k->counter >= UINT64_MAX - window - 1)
 		return (-1);
-	for (int i = 0; i < window; ++i) {
+	for (int i = 0; i <= window; ++i) {
 		code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits);
 		if (code == response && !k->dummy) {
 			k->counter = k->counter + i + 1;
diff --git a/lib/liboath/oath_totp.c b/lib/liboath/oath_totp.c
index baf81ef..09c473a 100644
--- a/lib/liboath/oath_totp.c
+++ b/lib/liboath/oath_totp.c
@@ -81,7 +81,7 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
 
 	if (k == NULL)
 		return (-1);
-	if (window < 1)
+	if (window < 0)
 		return (-1);
 	if (k->mode != om_totp)
 		return (-1);