ProHoster > Блог > labaran intanet > Sakin ɗakin karatu na sirri wolfSSL 5.1.0

Sakin ɗakin karatu na sirri wolfSSL 5.1.0

An shirya sakin ƙaramin ɗakin karatu mai ɗaukar hoto wolfSSL 5.1.0, wanda aka inganta don amfani akan na'urorin da aka haɗa tare da iyakanceccen sarrafawa da albarkatun ƙwaƙwalwar ajiya, kamar Intanet na Abubuwa, tsarin gida mai wayo, tsarin bayanan mota, masu tuƙi da wayoyin hannu, an shirya su. An rubuta lambar a cikin harshen C kuma an rarraba ta ƙarƙashin lasisin GPLv2.

Laburaren yana ba da aiwatar da babban aiki na algorithms cryptographic na zamani, ciki har da ChaCha20, Curve25519, NTRU, RSA, Blake2b, TLS 1.0-1.3 da DTLS 1.2, wanda bisa ga masu haɓakawa sun ninka sau 20 fiye da aiwatarwa daga OpenSSL. Yana bayar da sauƙaƙan API ɗinsa duka da Layer don dacewa tare da OpenSSL API. Akwai goyan baya ga OCSP (Ka'idar Matsayin Takaddun Shaida ta Kan layi) da CRL (Jerin soke Takaddun shaida) don bincika soke takaddun shaida.

Babban sabbin abubuwa na wolfSSL 5.1.0:

  • Ƙara goyon bayan dandamali: NXP SE050 (tare da tallafi don Curve25519) da Renesas RA6M4. Don Renesas RX65N/RX72N, an ƙara goyan bayan TSIP 1.14 (Trusted Secure IP).
  • An ƙara ikon yin amfani da algorithms na bayanan ƙididdiga na ƙididdiga a cikin tashar jiragen ruwa don uwar garken Apache http. Don TLS 1.3, an aiwatar da tsarin sa hannun dijital na NIST zagaye 3 FALCON. Ƙaddara gwaje-gwaje na cURL da aka haɗa daga wolfSSL a cikin yanayin amfani da algorithms na crypto, mai jurewa ga zaɓi akan kwamfuta mai ƙididdigewa.
  • Don tabbatar da dacewa da sauran ɗakunan karatu da aikace-aikace, an ƙara goyan bayan NGINX 1.21.4 da Apache httpd 2.4.51 zuwa Layer.
  • Ƙara goyon baya ga SSL_OP_NO_TLSv1_2 flag da ayyuka SSL_CTX_get_max_early_data, SSL_CTX_set_max_early_data, SSL_set_max_early_data, SSL_get_max_early_data, SSL_CTX_clear_mode, SSL_value_typedly Opendata to SSL code. Daidaita SSL_data_early.
  • Ƙara ikon yin rajistar aikin sake kira don maye gurbin ginanniyar aiwatar da AES-CCM algorithm.
  • Ƙara macro WOLFSSL_CUSTOM_OID don samar da OID na al'ada don CSR (buƙatun sa hannu na takaddun shaida).
  • Ƙara goyon baya don ƙayyadaddun sa hannun ECC, wanda FSSL_ECDSA_DETERMINISTIC_K_VARIANT macro ya kunna.
  • An ƙara sabbin ayyuka wc_GetPubKeyDerFromCert, wc_InitDecodedCert, wc_ParseCert da wc_FreeDecodedCert.
  • An warware rashin lahani guda biyu da aka ƙididdige matsayin ƙananan tsanani. Rashin lahani na farko yana ba da damar harin DoS akan aikace-aikacen abokin ciniki yayin harin MITM akan haɗin TLS 1.2. Rashin lahani na biyu yana da alaƙa da yuwuwar samun iko akan sake dawo da zaman abokin ciniki lokacin amfani da wakili na tushen wolfSSL ko haɗin da ba sa bincika duk jerin amintattun takaddun sabar.

source: budenet.ru

Add a comment