OpenSSL 3.1.0 yakatoburitswa uye idzi ndidzo nhau dzayo

Darkcrizt

4 maminitsi

OpenSSL

Openssl iapi inopa nharaunda yakakodzera yekuvhara iyo data yakatumirwa

Mushure megore nehafu yebudiriro uye akati wandei ekugadzirisa shanduro mune yapfuura vhezheni, kuvhurwa kwe shanduro itsva yeraibhurari "OpenSSL 3.1.0" nekushandiswa kweSSL/TLS protocol uye akasiyana encryption algorithms.

Tsigiro yeiyi vhezheni itsva yeOpenSSL 3.1 ichaenderera mberi kusvika Kurume 2025, ukuwo tsigiro yenhaka OpenSSL shanduro 3.0 uye 1.1.1 ichaenderera kusvika Gunyana 2026 naGunyana 2023 zvichiteerana.

Kune avo vasingazive nezve OpenSSL, vanofanirwa kuziva izvozvo iyi ipurogiramu yemahara software yakavakirwa paSSLeay, iyo ine pasuru yakasimba yemaraibhurari ane chekuita necryptography uye maturusi ekutonga, ayo anopa mabasa ekriptographic kune mamwe mapakeji akadai seOpenSSH uye mabhurawuza ewebhu (yekusvika kwakachengeteka kunzvimbo dzeHTTPS).

Zvishandiso izvi zvinobatsira sisitimu kuita Secure Sockets Layer (SSL) pamwe nemamwe maprotocol ane chekuita nekuchengetedza akadai seTransport Layer Security (TLS). OpenSSL zvakare inobvumidza iwe kugadzira zvitupa zvedhijitari zvinogona kuiswa kune sevha, semuenzaniso Apache.

OpenSSL inoshandiswa mukusimbisa encrypted mail clients, web-based transactions yekubhadhara kadhi rechikwereti uye kakawanda mumasisitimu anoda kuchengetedzwa kweruzivo ruchaburitswa panetiweki "chakavanzika data".

Hunhu hutsva hutsva hwe OpenSSL 3.1.0

Muiyi vhezheni itsva yeOpenSSL 3.1.0, zvinoratidzwa izvozvo FIPS module inoshandisa tsigiro yekriptographic algorithms izvo zvinozadzikisa mwero wekuchengetedza FIPS 140-3, kunze kwaizvozvo iyo module certification process yatanga kuti uwane FIPS 140-3 yekuteerera certification.

Zvinonzi kusvika chitupa chapera mushure mekugadzirisa OpenSSL kubazi 3.1, vashandisi vanogona kuramba vachishandisa FIPS 140-2 yakasimbiswa FIPS module. Pane shanduko mushanduro itsva yemodule, kusanganisirwa kweTriple DES ECB, Triple DES CBC uye EdDSA algorithms inomira pachena, iyo isati yaedzwa kuti itevedzere zvinodiwa neFIPS. Zvakare mushanduro itsva, magadzirirwo akaitwa kuti avandudze mashandiro uye shanduko yakaitwa yekumhanyisa bvunzo dzemukati neyose module mutoro, uye kwete chete mushure mekuiswa.

Imwe shanduko inomira pachena ndeyekuti akaita shanduko kune yakarebesa munyu kureba yePKCS#1 RSASSA-PSS siginicha kusvika kuhukuru hwehukuru huri diki pane kana kuenzana nehurefu hwekugaya kutevedzera
FIPS 186-4. Izvi zvinoitwa nesarudzo itsva `OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX` ("auto-digestmax") ye `rsa_pss_sallen` parameter, inova yava default.

Kunze kwaizvozvo, iyo OSSL_LIB_CTX kodhi yakagadziridzwa, iyo itsva sarudzo yakasununguka kubva kune zvisingakoshi zvekuvhara uye inobvumira kushanda kwepamusoro.

Tambien kuvandudzwa kwekuita kwe encoder uye decoder masisitimu anosimbiswa, pamwe nekuita optimization yakaitwa yakabatana nekushandiswa kwemukati zvimiro (hash matafura) uye caching uye zvakare yakagadziridzwa kumhanya kweRSA kiyi chizvarwa muFIPS mode.

Algorithms AES-GCM, ChaCha20, SM3, SM4 uye SM4-GCM vane optimizations. assembler mapakeji eakasiyana processor architecture. Semuenzaniso, AES-GCM kodhi inokwidziridzwa neAVX512 vAES uye vPCLMULQDQ mirairo.

Yakawedzerwa rutsigiro rweKMAC algorithm (KECCAK Message Authentication Code) ku KBKDF (Key-Based Key Derivation Function), pamwe akati wandei "OBJ_*" mabasa akagadziridzwa kuti ashandiswe mune akawanda-tambo kodhi.

Yakawedzera kugona kushandisa iyo RNDR rairo uye iyo RNDRRS marejista anowanikwa pane processors anoenderana neAArch64 architecture kugadzira nhamba dzepseudorandom.

Nerumwe rutivi, zvinonzi `DEFINE_LHASH_OF` macro macro haachashandiswi nekuda kwe `DEFINE_LHASH_OF_EX` macro, iyo inosiya inoenderana nemhando-chaiyo basa retsananguro dzemabasa aya, zvisinei nekuti `OPENSSL_NO_DEPRECATED_3_1` yatsanangurwa. Ndosaka vashandisi ve `DEFINE_LHASH_OF` vachigona kutanga kugashira yambiro yekuramba mashandiro ezvishandiso izvi zvisinei nekuti vari kuishandisa. Zvinokurudzirwa kuti vashandisi vashandure kuenda kune itsva macro, `DEFINE_LHASH_OF_EX`.

Pakupedzisira, kana iwe uchifarira kuziva zvakawanda nezvazvo nezve kuburitswa kutsva uku, unogona kutarisa ruzivo pal chinotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako