ProHoster > Блог > labaran intanet > Sakin ɗakin karatu na sirri na OpenSSL 3.1.0

Sakin ɗakin karatu na sirri na OpenSSL 3.1.0

Bayan shekara guda da rabi na ci gaba, an sake buɗe ɗakin karatu na OpenSSL 3.1.0 tare da aiwatar da ka'idojin SSL/TLS da algorithms ɓoye daban-daban. OpenSSL 3.1 za a tallafawa har zuwa Maris 2025. Taimakawa ga rassan OpenSSL 3.0 da 1.1.1 na baya zai ci gaba har zuwa Satumba 2026 da Satumba 2023, bi da bi. Ana rarraba lambar aikin a ƙarƙashin lasisin Apache 2.0.

Babban sabbin abubuwa na OpenSSL 3.1.0:

  • Samfurin FIPS yana goyan bayan algorithms na sirri wanda ya dace da ma'aunin tsaro na FIPS 140-3. Tsarin takaddun shaida na module ya fara samun takardar shedar yarda da buƙatun FIPS 140-3. Har sai an kammala takaddun shaida, bayan an sabunta OpenSSL zuwa reshe na 3.1, masu amfani za su iya ci gaba da amfani da tsarin FIPS wanda ke da bokan FIPS 140-2. Daga cikin canje-canje a cikin sabon sigar, an lura da haɗa Triple DES ECB, Triple DES CBC da EdDSA algorithms, waɗanda har yanzu ba a gwada su ba don biyan bukatun FIPS. Sabuwar sigar kuma ta haɗa da haɓakawa don haɓaka aiki da canzawa zuwa gudanar da gwaje-gwaje na ciki duk lokacin da aka ɗora kayan aikin, ba kawai bayan shigarwa ba.
  • An sake yin aiki da lambar OSSL_LIB_CTX. Sabon zaɓi yana kawar da toshewar da ba dole ba kuma yana ba da damar yin aiki mafi girma.
  • Ingantattun ayyuka na maɓalli da tsarin ƙira.
  • An aiwatar da ingantaccen aiki mai alaƙa da amfani da sifofi na ciki (tebur ɗin hash) da caching.
  • An ƙara saurin samar da maɓallan RSA a yanayin FIPS.
  • Don tsarin gine-gine daban-daban, an gabatar da ƙayyadaddun ingantawar taro a cikin aiwatar da algorithms AES-GCM, ChaCha20, SM3, SM4 da SM4-GCM. Misali, lambar AES-GCM tana haɓaka ta amfani da umarnin AVX512 vAES da vPCLMULQDQ.
  • KBKDF (Ayyukan Samar da Maɓalli na Maɓalli) yanzu yana goyan bayan KMAC (Lambar Tabbatar da Saƙon KeCCAK) algorithm.
  • Ana daidaita ayyuka daban-daban na "OBJ_*" don amfani a lamba mai zare da yawa.
  • An ƙara ikon yin amfani da umarnin RNDR da rijistar RNDRRS, ana samun su a cikin na'urori masu sarrafawa dangane da gine-ginen AArch64, don samar da lambobi masu ƙima.
  • Ayyukan OPENSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSL_LH_node_stats_bio da OPENSSL_LH_node_usage_stats_bio. DEFINE_LHASH_OF macro an soke shi.

source: budenet.ru

Add a comment