Masu haɓaka aikin OpenBSD sun gabatar da sakin fakitin LibreSSL 3.7.0 mai ɗaukar hoto, wanda a cikinsa ake haɓaka cokali mai yatsu na OpenSSL, da nufin samar da babban matakin tsaro. Aikin LibreSSL yana mayar da hankali ne akan babban goyon baya ga ka'idodin SSL/TLS ta hanyar cire ayyukan da ba dole ba, ƙara ƙarin fasalulluka na tsaro, da mahimmancin tsaftacewa da sake yin aiki da tushe na lambar. Ana ɗaukar LibreSSL 3.7.0 a matsayin saki na gwaji wanda ke haɓaka fasalulluka waɗanda za a haɗa su cikin OpenBSD 7.3.
Siffofin LibreSSL 3.7.0:
- Ƙara goyon baya ga Ed25519 maɓallin dijital na jama'a wanda Daniel Bernstein ya haɓaka kuma ya dogara da Curve25519 elliptical curve da SHA-512 hash. Ana samun goyan bayan Ed25519 duka a cikin nau'i na keɓantacce kuma ta hanyar dubawar EVP.
- Ƙididdigar EVP ta ƙara goyon baya ga sa hannu na dijital na X25519, wanda ya bambanta da sa hannun Ed25519 ta hanyar amfani da "X" kawai daidaitawa lokacin yin amfani da maki a kan elliptical curve, wanda zai iya rage yawan adadin lambar da ake buƙata don ƙirƙira da tabbatar da sa hannu.
- API ɗin ƙananan matakin don aiki tare da maɓallan jama'a da masu zaman kansu, masu jituwa tare da OpenSSL 1.1, an aiwatar da su, suna tallafawa maɓallan EVP_PKEY_ED25519, EVP_PKEY_HMAC da EVP_PKEY_X25519.
- Maimakon tsarin ayyukan timegm () da gmtime (), ana amfani da ayyukan POSIX daga BoringSSL don canza kwanakin.
- Laburaren BN (BigNum) ya tsaftace tsohuwar lambar da ba a yi amfani da ita ba wacce ke aiki tare da manyan lambobi.
- Cire tallafi na HMAC PRIVATE KEY.
- Sake yin lambar ciki don ƙirƙira da tabbatar da sa hannun DSA.
- An sake rubuta lambar don maɓallan fitarwa na TLSv1.2.
- An share tsohuwar tarin TLS kuma an sake yin aiki.
- Halin ayyukan BIO_read() da BIO_write() yana kusa da OpenSSL 3.]
source: budenet.ru