Kwiintsuku ezininzi ezidlulileyo UMat Caswell, ilungu leqela lophuhliso lweprojekthi ye-OpenSSL, ubhengeze ukukhutshwa kwe-OpenSSL 3.0 eza emva kweminyaka emi-3 yophuhliso, iinguqulelo ezili-17 ze-alpha, iinguqulelo ezi-2 ze-beta, ngaphezulu kwesiqinisekiso esingama-7500 kunye negalelo elisuka ngaphezulu kwababhali abahlukeneyo abangama-350.
Kwaye yile OpenSSL Ndibe nethamsanqa lokuba neenjineli ezininzi ezisisigxina obesebenza kwi-OpenSSL 3.0, exhaswa ngemali ngeendlela ezahlukeneyo. Ezinye iinkampani zisayine iikhontrakthi zenkxaso kunye neqela lophuhliso lwe-OpenSSL, elixhase imisebenzi ethile efana nemodyuli ye-FIPS eyayinezicwangciso zokubuyisela ukuqinisekiswa kwayo nge-OpenSSL 3.0, nangona kunjalo, bahlangabezana nokulibaziseka okukhulu kwaye, njengeemvavanyo ze-FIPS 140-2 eziphele ngoSeptemba I-2021, i-OpenSSL ekugqibeleni igqibe kwelokuba ijolise kwimizamo yayo kwi-FIPS 140-3 imigangatho nayo.
Inqaku eliphambili ngu-OpenSSL 3.0 Imodyuli entsha ye-FIPS. Iqela lophuhliso lwe-OpenSSL livavanya imodyuli kunye nokuqokelela amaxwebhu ayimfuneko e-FIPS 140-2 ukungqinisisa. Sebenzisa imodyuli entsha ye-FIPS kwiiprojekthi zophuhliso lwesicelo kunokuba lula njengokwenza utshintsho kwifayile yoqwalaselo, nangona uninzi lwezicelo luya kufuna ukwenza olunye utshintsho. Imodyuli yemodyuli kwiphepha lomntu libonelela ngolwazi ngendlela yokusebenzisa imodyuli ye-FIPS kwizicelo zakho.
Kufuneka kuqatshelwe ukuba ukusukela nge-OpenSSL 3.0, i-OpenSSL utshintshele kwilayisensi ye-Apache 2.0. Iilayisensi "ezimbini" ezindala ze-OpenSSL kunye ne-SSLeay zisasebenza kwiinguqulelo zangaphambili (1.1.1 nangaphambili). I-OpenSSL 3.0 yinguqulelo enkulu kwaye ayihambelani ngasemva ngokupheleleyo. Uninzi lwezicelo ezisebenze ne-OpenSSL 1.1.1 ziya kuqhubeka nokusebenza zingatshintshi kwaye ziya kufuna ukuphindwaphindwa (ngokunokwenzeka kunye nezilumkiso zokudityaniswa malunga nokusebenzisa ii-API ezidlulileyo).
Nge-OpenSSL 3.0, kunokwenzeka ukuba ucacise, ngokwenkqubo okanye ngefayile yoqwalaselo, enikezela umsebenzisi afuna ukuyisebenzisa kwisicelo esinikiweyo. I-OpenSSL 3.0 iza kumgangatho kunye nababoneleli aba-5 abahlukeneyo. Ixesha elingaphezulu, amaqela esithathu anokuhambisa ababoneleli abongezelelweyo abanokudityaniswa ne-OpenSSL. Konke ukuphunyezwa kwee-algorithms ezifumaneka kubathengisi ziyafikeleleka nge-"level-high" APIs (umzekelo, imisebenzi kunye nesimaphambili i-EVP). Ayinakufikeleleka kusetyenziswa "amanqanaba asezantsi" APIs.
Omnye wabanikezeli bemigangatho ekhoyo ngumboneleli we-FIPS obonelela ngee-algorithms eziqinisekisiweyo ze-FIPS. Umboneleli we-FIPS ukhubazekile ngokungagqibekanga kwaye kufuneka enikwe amandla ngokucacileyo ngexesha lokumisela usebenzisa i-fips-fips ukhetho. Ukuba yenziwe, umboneleli we-FIPS wenziwa kwaye wafakwa ukongeza kwabanye ababoneleli abasemgangathweni.
Sebenzisa imodyuli entsha ye-FIPS kwizicelo kunokuba lula njengokwenza utshintsho kwifayile yoqwalaselo, nangona uninzi lwezicelo luya kufuna ukwenza olunye utshintsho. Izicelo ezibhalelwe ukusebenzisa imodyuli ye-OpenSSL 3.0 FIPS akufuneki zisebenzise naziphi na ii-API zelifa okanye amanqaku adlula kwimodyuli ye-FIPS. Oku kubandakanya ngakumbi:
- Amanqanaba e-cryptographic APIs akumgangatho osezantsi (kuyacetyiswa ukuba kusetyenziswe ii-API ezikumgangatho ophezulu, ezinje nge-EVP);
motores - yonke imisebenzi eyenza okanye eguqula iindlela zesiko (umzekelo, EVP_MD_meth_new (), EVP_CIPHER_meth_new (), EVP_PKEY_meth_new (), RSA_meth_new (), EC_KEY_METHOD_new ()).
Kwelinye icala Ithala leencwadi le-OpenSSL (libcrypto) isebenzisa uluhlu olubanzi lwee-algorithm ze-cryptographic ezisetyenziswa kwimigangatho eyahlukeneyo ye-Intanethi. Ukusebenza kubandakanya ukubethela okulinganayo, ukufihla isitshixo esidlangalaleni, isivumelwano esingundoqo, ulawulo lwesatifikethi, imisebenzi ye-cryptographic hashing, i-cryptographic pseudo-random number generator, iikhowudi zokuqinisekisa umyalezo (i-MAC), imisebenzi ephambili yokufumana (KDF) kunye nezinto ezahlukeneyo. Iinkonzo ezinikezelwa leli thala leencwadi zisetyenziselwa ukumilisela ezinye iimveliso zomntu wesithathu kunye neeprotocol. Nalu ushwankathelo lweekhontrakthi eziphambili ze-libcrypto apha ngezantsi.
Iimpawu zokuqala ze-Cryptographic ezifana ne-SHA256 hash okanye i-AES encryption ibizwa ngokuba yi "algorithms" kwi-OpenSSL. Ialgorithm nganye inokuba nezinto ezininzi ezenziwayo. Umzekelo, i-algorithm ye-RSA iyafumaneka njengophumezo "olungagqibekanga" olulungele ukusetyenziswa gabalala, kunye nomiliselo lwe "fips" oluqinisekisiweyo ngokuchasene nemigangatho ye-FIPS yeemeko apho ibalulekile. Kuyenzeka ukuba umntu wesithathu ongeze ukuphunyezwa okongeziweyo, umzekelo kwimodyuli yokhuseleko lwezixhobo (HSM).
Gqibela ukuba unomdla wokwazi ngakumbi ngayo, unokujonga iinkcukacha Kule khonkco ilandelayo.