Masu haɓaka aikin OpenBSD sun gabatar da sakin fakitin LibreSSL 3.7.0 mai ɗaukar hoto, wanda a cikinsa ake haɓaka cokali mai yatsu na OpenSSL, da nufin samar da babban matakin tsaro. Aikin LibreSSL yana mayar da hankali ne akan babban goyon baya ga ka'idodin SSL/TLS ta hanyar cire ayyukan da ba dole ba, ƙara ƙarin fasalulluka na tsaro, da mahimmancin tsaftacewa da sake yin aiki da tushe na lambar. Ana ɗaukar LibreSSL 3.7.0 a matsayin saki na gwaji wanda ke haɓaka fasalulluka waɗanda za a haɗa su cikin OpenBSD 7.3.
Siffofin LibreSSL 3.7.0:
- An ƙara tallafi don sa hannun dijital na Ed25519 na jama'a, wanda Daniel Bernstein ya haɓaka kuma ya dogara da Curve25519 elliptic curve da SHA-512 hash. Ana samun goyan bayan Ed25519 duka a matsayin na farko na daban kuma ta hanyar dubawar EVP.
- An sabunta ƙirar EVP don tallafawa sa hannun dijital na X25519, wanda ya bambanta da sa hannun Ed25519 domin suna amfani da daidaitawar X kawai lokacin da ake sarrafa maki akan lanƙwan elliptical, yana rage girman lambar da ake buƙata don ƙirƙira da tabbatar da sa hannu.
- An aiwatar da API ɗin ƙananan matakin 1.1 mai jituwa na OpenSSL don aiki tare da maɓallan jama'a da na sirri, yana tallafawa maɓallan EVP_PKEY_ED25519, EVP_PKEY_HMAC, da EVP_PKEY_X25519.
- Maimakon tsarin ayyukan timegm () da gmtime (), ana amfani da ayyukan POSIX daga BoringSSL don canza kwanakin.
- An tsaftace ɗakin karatu na BN (BigNum) daga tsohuwar lambar da ba a yi amfani da ita ba wacce ke aiki tare da manyan lambobi.
- Cire tallafi na HMAC PRIVATE KEY.
- An sake yin aikin lambar ciki don ƙirƙira da tabbatar da sa hannun DSA.
- An sake rubuta lambar don maɓallan fitarwa na TLSv1.2.
- An share tsohuwar tarin TLS kuma an sake yin aiki.
- An matsar da halayen ayyukan BIO_read() da BIO_write() kusa da na OpenSSL 3.]
source: budenet.ru
