| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
fix(bsl/pem): replace strstr with length-bounded PemMemStr to prevent OOB reads When input is raw binary (DER-encoded cert/key) without '\0' terminator, strstr may read out of bounds. Replace all strstr calls with PemMemStr which searches within encodeLen using memchr+memcmp. Add SDV tests for binary input, truncated PEM, and real cert/key file round-trips. Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1320 | 1 个月前 | |
Fix code review issues The main issues are concentrated on: the strictness of CMS attributes, the PBKDF2 iteration count for enc decryption file headers, the length estimation of stream-based Base64 encoding and decoding, the length accumulation of BSL_ParamMaker, the input length accumulation of PAKE KDF, the length accumulation of SPAKE2+ transcript, the UIO handle leakage in configuration files, and the issuance policy risk of x509 -copy_extensions copyall. Multiple alerts such as PAKE register stack overflow and double-free, ElGamal output length, one-time Base64 encoding, etc., are no longer valid in the current source code. It is suspected that these are false positives caused by old code results or repeated/truncated automated reports. Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1394 | 1 个月前 | |
Support Pure cmake build build: Migrate build system from Python/JSON/CMake hybrid to pure CMake The previous build system mixed Python scripts and JSON configuration files with CMake, scattering build logic across multiple languages and formats. This made the system hard to understand and maintain, and required a Python interpreter at configure time. The build system has been rewritten entirely in CMake. Feature flags, dependency resolution, platform detection, compiler options, and config-header generation are now all expressed natively in CMake. For more details, see the "Build and Installation" section in README.md. | 2 个月前 |