| fix:Fix the issues found in the security audit 1. The IdentityHint parsed from ParseServerIdentityHint does not have a \0 terminator 2. ConsumeHandshakeMessage` does not perform length verification when reading the message after the header 3. There is a problem with the implementation of HITLS_SESS_Decode. The first parameter passed is an output parameter 4. When retransmitting the ccs voyage message in REC_RetransmitListFlush, if the call to REC_DeActiveOutdatedWriteState(ctx) to switch states fails before ccs 5. Descriptions of store ownership need to be added for HITLS_SetCertStore, HITLS_SetChainStore, and HITLS_SetVerifyStore 6. The header file HITLS_CFG_SetSessionCacheSize lacks a description of the behavior when cachesize is set to 0 7. When there is only a cookie and no keyshare in the hrr, the generation of keyshare fails when sending the second clienthello Signed-off-by: balabala-123 <guozhang4@huawei.com> Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1421 | 1 个月前 |