I-OpenSSL 3.0 ifika nemodyuli entsha ye-FIPS, utshintsho lwelayisensi kunye nokunye

Darkcrizt

Imizuzu ye4

Kwiintsuku ezininzi ezidlulileyo UMat Caswell, ilungu leqela lophuhliso lweprojekthi ye-OpenSSL, ubhengeze ukukhutshwa kwe-OpenSSL 3.0 eza emva kweminyaka emi-3 yophuhliso, iinguqulelo ezili-17 ze-alpha, iinguqulelo ezi-2 ze-beta, ngaphezulu kwesiqinisekiso esingama-7500 kunye negalelo elisuka ngaphezulu kwababhali abahlukeneyo abangama-350.

Kwaye yile OpenSSL Ndibe nethamsanqa lokuba neenjineli ezininzi ezisisigxina obesebenza kwi-OpenSSL 3.0, exhaswa ngemali ngeendlela ezahlukeneyo. Ezinye iinkampani zisayine iikhontrakthi zenkxaso kunye neqela lophuhliso lwe-OpenSSL, elixhase imisebenzi ethile efana nemodyuli ye-FIPS eyayinezicwangciso zokubuyisela ukuqinisekiswa kwayo nge-OpenSSL 3.0, nangona kunjalo, bahlangabezana nokulibaziseka okukhulu kwaye, njengeemvavanyo ze-FIPS 140-2 eziphele ngoSeptemba I-2021, i-OpenSSL ekugqibeleni igqibe kwelokuba ijolise kwimizamo yayo kwi-FIPS 140-3 imigangatho nayo.

Inqaku eliphambili ngu-OpenSSL 3.0 Imodyuli entsha ye-FIPS. Iqela lophuhliso lwe-OpenSSL livavanya imodyuli kunye nokuqokelela amaxwebhu ayimfuneko e-FIPS 140-2 ukungqinisisa. Sebenzisa imodyuli entsha ye-FIPS kwiiprojekthi zophuhliso lwesicelo kunokuba lula njengokwenza utshintsho kwifayile yoqwalaselo, nangona uninzi lwezicelo luya kufuna ukwenza olunye utshintsho. Imodyuli yemodyuli kwiphepha lomntu libonelela ngolwazi ngendlela yokusebenzisa imodyuli ye-FIPS kwizicelo zakho.

Kufuneka kuqatshelwe ukuba ukusukela nge-OpenSSL 3.0, i-OpenSSL utshintshele kwilayisensi ye-Apache 2.0. Iilayisensi "ezimbini" ezindala ze-OpenSSL kunye ne-SSLeay zisasebenza kwiinguqulelo zangaphambili (1.1.1 nangaphambili). I-OpenSSL 3.0 yinguqulelo enkulu kwaye ayihambelani ngasemva ngokupheleleyo. Uninzi lwezicelo ezisebenze ne-OpenSSL 1.1.1 ziya kuqhubeka nokusebenza zingatshintshi kwaye ziya kufuna ukuphindwaphindwa (ngokunokwenzeka kunye nezilumkiso zokudityaniswa malunga nokusebenzisa ii-API ezidlulileyo).

Nge-OpenSSL 3.0, kunokwenzeka ukuba ucacise, ngokwenkqubo okanye ngefayile yoqwalaselo, enikezela umsebenzisi afuna ukuyisebenzisa kwisicelo esinikiweyo. I-OpenSSL 3.0 iza kumgangatho kunye nababoneleli aba-5 abahlukeneyo. Ixesha elingaphezulu, amaqela esithathu anokuhambisa ababoneleli abongezelelweyo abanokudityaniswa ne-OpenSSL. Konke ukuphunyezwa kwee-algorithms ezifumaneka kubathengisi ziyafikeleleka nge-"level-high" APIs (umzekelo, imisebenzi kunye nesimaphambili i-EVP). Ayinakufikeleleka kusetyenziswa "amanqanaba asezantsi" APIs.

Omnye wabanikezeli bemigangatho ekhoyo ngumboneleli we-FIPS obonelela ngee-algorithms eziqinisekisiweyo ze-FIPS. Umboneleli we-FIPS ukhubazekile ngokungagqibekanga kwaye kufuneka enikwe amandla ngokucacileyo ngexesha lokumisela usebenzisa i-fips-fips ukhetho. Ukuba yenziwe, umboneleli we-FIPS wenziwa kwaye wafakwa ukongeza kwabanye ababoneleli abasemgangathweni.

Sebenzisa imodyuli entsha ye-FIPS kwizicelo kunokuba lula njengokwenza utshintsho kwifayile yoqwalaselo, nangona uninzi lwezicelo luya kufuna ukwenza olunye utshintsho. Izicelo ezibhalelwe ukusebenzisa imodyuli ye-OpenSSL 3.0 FIPS akufuneki zisebenzise naziphi na ii-API zelifa okanye amanqaku adlula kwimodyuli ye-FIPS. Oku kubandakanya ngakumbi:

  • Amanqanaba e-cryptographic APIs akumgangatho osezantsi (kuyacetyiswa ukuba kusetyenziswe ii-API ezikumgangatho ophezulu, ezinje nge-EVP);
    motores
  • yonke imisebenzi eyenza okanye eguqula iindlela zesiko (umzekelo, EVP_MD_meth_new (), EVP_CIPHER_meth_new (), EVP_PKEY_meth_new (), RSA_meth_new (), EC_KEY_METHOD_new ()).

Kwelinye icala Ithala leencwadi le-OpenSSL (libcrypto) isebenzisa uluhlu olubanzi lwee-algorithm ze-cryptographic ezisetyenziswa kwimigangatho eyahlukeneyo ye-Intanethi. Ukusebenza kubandakanya ukubethela okulinganayo, ukufihla isitshixo esidlangalaleni, isivumelwano esingundoqo, ulawulo lwesatifikethi, imisebenzi ye-cryptographic hashing, i-cryptographic pseudo-random number generator, iikhowudi zokuqinisekisa umyalezo (i-MAC), imisebenzi ephambili yokufumana (KDF) kunye nezinto ezahlukeneyo. Iinkonzo ezinikezelwa leli thala leencwadi zisetyenziselwa ukumilisela ezinye iimveliso zomntu wesithathu kunye neeprotocol. Nalu ushwankathelo lweekhontrakthi eziphambili ze-libcrypto apha ngezantsi.

Iimpawu zokuqala ze-Cryptographic ezifana ne-SHA256 hash okanye i-AES encryption ibizwa ngokuba yi "algorithms" kwi-OpenSSL. Ialgorithm nganye inokuba nezinto ezininzi ezenziwayo. Umzekelo, i-algorithm ye-RSA iyafumaneka njengophumezo "olungagqibekanga" olulungele ukusetyenziswa gabalala, kunye nomiliselo lwe "fips" oluqinisekisiweyo ngokuchasene nemigangatho ye-FIPS yeemeko apho ibalulekile. Kuyenzeka ukuba umntu wesithathu ongeze ukuphunyezwa okongeziweyo, umzekelo kwimodyuli yokhuseleko lwezixhobo (HSM).

Gqibela ukuba unomdla wokwazi ngakumbi ngayo, unokujonga iinkcukacha Kule khonkco ilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.