I-OpenSSL 3.1.0 sele ikhutshwe kwaye ezi ziindaba zayo

OpenSSL

I-Openssl yi-api ebonelela ngendawo efanelekileyo yokufihla idatha ethunyelweyo

Emva konyaka kunye nesiqingatha sophuhliso kunye neenguqulelo ezininzi zokulungisa kwinguqulelo yangaphambili, ukumiliselwa kwe inguqulelo entsha yethala leencwadi "OpenSSL 3.1.0" ngokuphunyezwa kweeprothokholi ze-SSL/TLS kunye ne-encryption algorithms ezahlukeneyo.

Inkxaso yolu guqulelo lutsha lwe-OpenSSL 3.1 iya kuqhubeka kude kube ngoMatshi ka-2025, ngelixa inkxaso yeenguqulelo ze-OpenSSL ze-3.0 kunye ne-1.1.1 ziya kuqhubeka kude kube ngoSeptemba 2026 kunye noSeptemba 2023, ngokulandelanayo.

Kwabo bangayazi i-OpenSSL, kufuneka bayazi loo nto le yiprojekthi yesoftware esimahla esekwe kwiSSLeay, equkethe iphakheji eqinileyo yeelayibrari ezinxulumene ne-cryptography kunye nezixhobo zokulawula, ezibonelela ngemisebenzi ye-cryptographic kwezinye iipakethe ezifana ne-OpenSSH kunye neziphequluli zewebhu (ukufikelela ngokukhuselekileyo kwiindawo ze-HTTPS).

Ezi zixhobo zinceda inkqubo iphumeze i-Secure Sockets Layer (SSL) kunye nezinye iiprothokholi ezinxulumene nokhuseleko ezifana noKhuseleko lweLayer yezoThutho (TLS). I-OpenSSL ikuvumela ukuba wenze izatifikethi zedijithali ezinokuthi zisetyenziswe kumncedisi, umzekelo i-Apache.

OpenSSL isetyenziswe kuqinisekiso oluntsonkothileyo abaxumi beposi, iitransekshini ezisekelwe kwiwebhu zeentlawulo zekhadi letyala kwaye kwiimeko ezininzi kwiinkqubo ezifuna ukhuseleko lolwazi oluya kutyhilwa kuthungelwano "lwedatha eyimfihlo".

Iimpawu eziphambili ze-OpenSSL 3.1.0

Kolu guqulelo lutsha lwe-OpenSSL 3.1.0, kugxininiswe ukuba Imodyuli ye-FIPS iphumeza inkxaso ye-cryptographic algorithms ezifikelela umgangatho wokhuseleko FIPS 140-3, ngaphandle koko inkqubo yoqinisekiso lwemodyuli iqalile ukufumana isiqinisekiso sokuthotyelwa kwe-FIPS 140-3.

Kukhankanyiwe ukuba de isatifikethi sigqityiwe emva kokuhlaziya i-OpenSSL kwisebe le-3.1, abasebenzisi banokuqhubeka nokusebenzisa imodyuli eqinisekisiweyo ye-FIPS 140-2. Kwiinguqu kwinguqu entsha yemodyuli, ukufakwa kwe-Triple DES ECB, i-Triple DES CBC kunye ne-EdDSA algorithms ivelele, engekavavanyelwa ukuthotyelwa kweemfuno ze-FIPS. Kwakhona kwinguqulelo entsha, ukulungiswa kwenziwe ukuphucula ukusebenza kunye notshintsho lwenziwe ukuqhuba iimvavanyo zangaphakathi kunye nomthwalo ngamnye wemodyuli, kwaye kungekhona nje emva kokufakwa.

Olunye utshintsho olwahlukileyo kukuba wenze utshintsho kubude betyuwa obumiselweyo ye-PKCS#1 RSASSA-PSS imisayino ukuya kubukhulu bobungakanani obuncinci okanye obulingana nobude bokugaya ukuthobela
FIPS 186-4. Oku kuphunyezwa ngokhetho olutsha `OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX` ("auto-digestmax") ukwenzela `rsa_pss_sallen` iparameter, elolo hlobo ngoku.

Ngaphandle koko, ikhowudi ye-OSSL_LIB_CTX yenziwe ngokutsha, ukhetho olutsha lukhululekile kwizitshixo ezingeyomfuneko kwaye luvumela ukusebenza okuphezulu.

Tambien ukusebenza okuphuculweyo kwenkqubo yokufaka ikhowudi kunye nesikhokelo sedikhowuda kuphawuliwe, kunye nokuphucula ukusebenza okwenziwa ngokunxulumene nokusetyenziswa kwezakhiwo zangaphakathi (iitafile ze-hash) kunye ne-caching kunye nesantya esiphuculweyo se-RSA engundoqo yokuvelisa kwimo ye-FIPS.

Ii-algorithms I-AES-GCM, i-ChaCha20, i-SM3, i-SM4 kunye ne-SM4-GCM ine-optimizations iiphakheji zokuhlanganisa zolwakhiwo lweeprosesa ezahlukeneyo. Umzekelo, ikhowudi ye-AES-GCM ikhawuleziswa yi-AVX512 vAES kunye nemiyalelo ye-vPCLMULQDQ.

Yongeziwe inkxaso ye-algorithm ye-KMAC (KECCAK IKhowudi yoQinisekiso loMyalezo) ukuya kwi-KBKDF (ISitshixo-Sesekwe kwiSitshixo sokuQhutywa kweMsebenzi), kunye nemisebenzi emininzi "OBJ_*" ilungiselelwe ukusetyenziswa kwikhowudi enemisonto emininzi.

Ukongezwa amandla okusebenzisa umyalelo we-RNDR kunye neerejista ze-RNDRRS ezikhoyo kwiiprosesa ezisekelwe kwi-AArch64 ye-architecture ukuvelisa amanani e-pseudorandom.

Kwelinye icala, kukhankanyiwe ukuba `DEFINE_LHASH_OF` macro ngoku iyekisiwe kukuthanda `DEFINE_LHASH_OF_EX` macro, ethi ishiye uhlobo olungqameneyo lomsebenzi othile kwiinkcazelo zale misebenzi, nokuba `OPENSSL_NO_DEPRECATED_3_1` ichaziwe. Yiyo loo nto abasebenzisi be `DEFINE_LHASH_OF` benokuqalisa ukufumana izilumkiso zokuyeka le misebenzi nokuba bayazisebenzisa. Kuyacetyiswa ukuba abasebenzisi batshintshele kwimacro entsha, `DEFINE_LHASH_OF_EX`.

Ekugqibeleni, ukuba unomdla wokwazi okungakumbi ngayo malunga nokukhutshwa okutsha, ungajonga iinkcukacha kwil ukulandela ikhonkco.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.