OpenSSL 3.0 inosvika new module module, shanduko yelayisensi nezvimwe

Mazuva mashoma apfuura Matt Caswell, nhengo yeboka rekusimudzira reiyo OpenSSL chirongwa, yakazivisa kuburitswa kweOpenSSL 3.0 iyo inouya mushure memakore matatu ebudiriro, 3 alpha vhezheni, 17 beta vhezheni, zvinopfuura 2 zvisimbiso nemipiro kubva kune vanopfuura mazana matatu evanyori vakasiyana.

Uye ndeye iyo OpenSSL yaive nerombo rakanaka kuve nevanoverengeka venguva yakazara mainjiniya aishanda paOpenSSL 3.0, aibhadharwa nenzira dzakasiyana siyana. Mamwe makambani akasaina makondirakiti ekutsigira neve OpenSSL timu yekusimudzira, iyo yakatsigira mamwe mabasa akadai seModule module yaive nezvirongwa zvekudzoreredza kushanda kwayo neOpenSSL 3.0, zvisinei, vakasangana nekunonoka kukuru uye, senge miedzo yeFSS 140-2 yakapera munaGunyana. 2021, OpenSSL yakazopedzisira yafunga kutarisisa kuyedza kwayo paMitezo 140-3 zviyero zvakare.

Chinhu chakakosha kubudikidza OpenSSL 3.0 ndiyo itsva FIPS module. Chikwata chekuvandudza cheOpenSSL chiri kuyedza module uye kuunganidza magwaro akakodzera eFatif 140-2 kusimbiswa. Uchishandisa iyo nyowani module module mumashandisirwo ekuvandudza mapurojekiti inogona kuve nyore sekuita shanduko kune iyo yekumisikidza faira, kunyangwe akawanda mafomu achizoda kuita dzimwe shanduko. Iyo FIPS module murume peji inopa ruzivo rwekuti ungashandisa sei iyo module module mune ako maapplication.

Izvo zvinofanirwawo kucherechedzwa kuti kubvira OpenSSL 3.0, OpenSSL yakachinjira kuApache 2.0 rezinesi. Iwo marezenisi ekare "maviri" eOpenSSL uye SSLeay achiri kushanda kune zvekare vhezheni (1.1.1 uye zvisati zvaitika). OpenSSL 3.0 iri rakakura vhezheni uye harinyatsoenderana neiyo yapfuura vhezheni. Mazhinji mafomu akashanda neOpenSSL 1.1.1 acharamba achishanda asina kuchinjika uye anongoda kudzoreredzwa (pamwe neakawanda ekunyeverwa kwekuyanana nezvekushandisa echinyakare APIs).

Iine OpenSSL 3.0, zvinokwanisika kudoma, kungave kwakarongeka kana kuburikidza nefaira rekumisikidza, iro rinopa mushandisi raanoda kushandisa pachishandiswa chakapihwa.. OpenSSL 3.0 inouya yakajairwa nevatapi vashanu vakasiyana. Nekufamba kwenguva, vechitatu mapato vanogona kugovera vamwe vanopa vanogona kusanganiswa neOpenSSL. Zvese zviitwa zvealgorithms anowanikwa kubva kune vatengesi anowanikwa kuburikidza ne "yepamusoro-chikamu" APIs (semuenzaniso, mabasa ane chirevo chekutanga EVP). Haigone kuwanikwa uchishandisa "yakaderera-chikamu" APIs.

Mumwe wevashambadziri vanowanikwa ndeye FIPS mubatsiri uyo anopa FIPS yakagadziriswa cryptographic algorithms. Iyo FIPS mupi yakaremara nekutadza uye inofanirwa kuve inogoneswa yakajeka panguva yekumisikidzwa uchishandisa iyo yekugonesa-fips sarudzo. Kana ikabvumidzwa, iyo FIPS mupi inogadzirwa uye inoiswa mukuwedzera kune vamwe vapamhi vanopa.

Uchishandisa iyo nyowani module module mune zvinoshandiswa zvinogona kuve nyore sekuita shanduko kune iyo yekumisikidza faira, kunyangwe akawanda mashandiro achizoda kuita dzimwe shanduko. Zvikumbiro zvakanyorerwa kushandisa OpenSSL 3.0 FIPS module hazvifanire kushandisa chero nhaka yeAPIs kana maficha anodarika iyo FIPS module. Izvi zvinosanganisira kunyanya:

  • Yakadzika-chikamu cryptographic APIs (zvinokurudzirwa kushandisa epamusoro-chikamu APIs, senge EVP);
    motores
  • mabasa ese anogadzira kana kugadzirisa nzira dzetsika (semuenzaniso, EVP_MD_meth_new (), EVP_CIPHER_meth_new (), EVP_PKEY_meth_new (), RSA_meth_new (), EC_KEY_METHOD_new ()).

Pane rimwe divi iyo OpenSSL cryptographic raibhurari (libcrypto) inoshandisa huwandu hwakawanda hwekrisptographic algorithms anoshandiswa mumhando dzakasiyana dzeInternet. Kushanda kunosanganisira symmetric encryption, yeruzhinji kiyi cryptography, kiyi chibvumirano, chitupa manejimendi, cryptographic hashing mabasa, cryptographic pseudo-random manhamba jenareta, meseji yekusimbisa meseji (MAC), makiyi ekutora mabasa (KDF), uye zvakasiyana siyana zvinoshandiswa. Iwo masevhisi anopiwa neraibhurari iyi anoshandiswa kuita zvimwe zvakawanda zvechitatu bato zvigadzirwa uye maprotocol. Heino mhedziso yekiyi kiyi libcrypto pfungwa pazasi.

Cryptographic primitives senge SHA256 hash kana AES encryption inonzi "algorithms" muOpenSSL. Imwe algorithm inogona kuita akawanda maitiro anowanikwa. Semuenzaniso, iyo RSA algorithm inowanikwa se "default" kuitiswa kwakakodzera kushandiswa kwakawanda, uye "fips" kuitiswa iyo yakave yakasimbiswa kupesana neFitits zvimiro zvemamiriro ezvinhu akakosha. Izvo zvinoita zvakare kune wechitatu bato kuwedzera mamwe maitiro, semuenzaniso mune Hardware chengetedzo module (HSM).

Finalmente kana iwe uchifarira kuziva zvimwe nezvazvo, iwe unogona kutarisa iyo ruzivo Mune inotevera chinongedzo.


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako