| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
fix(auth): reject NULL ctx in HITLS_AUTH_OtpCtxCtrl Fix potential null pointer dereference risk in HITLS_AUTH_OtpCtxCtrl Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1168 | 2 个月前 | |
fix: harden file permissions for sensitive data and add input validation - Introduce HITLS_APP_UioOpenPrivate to create key files with 0600 permissions, replacing open-then-chmod pattern to avoid TOCTOU race - Migrate key/PKCS12/rand output paths to use private file creation - Refactor PKCS12 generation to use GenBuff + private UIO write - Add null check for confirmP.data in SPAKE2+ RespDerive - Add max length validation for private pass token challenge requests - Reject AEAD ciphers in enc command explicitly - Add 30s handshake timeout on accepted TCP connections Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1575 | 17 小时前 | |
fix: harden file permissions for sensitive data and add input validation - Introduce HITLS_APP_UioOpenPrivate to create key files with 0600 permissions, replacing open-then-chmod pattern to avoid TOCTOU race - Migrate key/PKCS12/rand output paths to use private file creation - Refactor PKCS12 generation to use GenBuff + private UIO write - Add null check for confirmP.data in SPAKE2+ RespDerive - Add max length validation for private pass token challenge requests - Reject AEAD ciphers in enc command explicitly - Add 30s handshake timeout on accepted TCP connections Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1575 | 17 小时前 |