ProHoster > Blog > xov xwm hauv internet > OpenSSL 3.6.0 Tso tawm nrog EVP_SKEY Kev Txhawb Nqa thiab Tsis Muaj Kev Txhim Kho

OpenSSL 3.6.0 Tso tawm nrog EVP_SKEY Kev Txhawb Nqa thiab Tsis Muaj Kev Txhim Kho

OpenSSL 3.6.0, ib qho kev siv ntawm SSL / TLS raws tu qauv thiab ntau yam encryption algorithms, tau raug tso tawm. OpenSSL 3.6 yog qhov kev txhawb nqa tsis tu ncua, nrog cov hloov tshiab muaj rau 13 lub hlis. Kev them nyiaj yug rau OpenSSL yav dhau los-3.5 LTS, 3.4, 3.3, 3.2, thiab 3.0 LTS-yuav txuas ntxiv mus txog lub Plaub Hlis 2030, Lub Kaum Hli 2026, Plaub Hlis 2026, Kaum Ib Hlis 2025, thiab Cuaj Hlis 2026, raws li. Txoj haujlwm txoj cai tau tso cai raws li Apache 2.0 License.

Main innovations:

  • Ntxiv kev txhawb nqa rau EVP_SKEY (Symmetric KEY) qauv rau sawv cev rau cov yuam sij symmetric li cov khoom opaque. Tsis zoo li cov yuam sij raw, uas yog sawv cev raws li ib qho byte array, EVP_SKEY abstracts tus qauv tseem ceeb thiab muaj cov metadata ntxiv. EVP_SKEY tuaj yeem siv rau hauv encryption, pauv qhov tseem ceeb, thiab qhov tseem ceeb derivation (KDF) ua haujlwm. EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), thiab EVP_PKEY_derive_SKEY() tau ntxiv rau kev ua hauj lwm nrog EVP_SKEY yawm sij.
  • Kev them nyiaj yug tau ntxiv rau cov ntawv pov thawj digital kos npe raws li Leighton-Micali Signatures (LMS) cov tswv yim, uas siv cov haujlwm hash thiab ntoo-raws li hashing nyob rau hauv daim ntawv ntawm Merkle Tree (txhua ceg txheeb xyuas tag nrho cov ceg hauv qab thiab cov nodes). LMS cov npe kos npe yog tiv thaiv kev ntsuas brute-force ntawm lub computer quantum thiab tsim los xyuas qhov tseeb ntawm firmware thiab daim ntawv thov.
  • Ntxiv kev txhawb nqa rau NIST kev ruaj ntseg pawg rau PKEY cov khoom tsis muaj (cov yuam sij pej xeem thiab ntiag tug). Pawg kev ruaj ntseg tau teeb tsa los ntawm "kev ruaj ntseg-qib" qhov chaw. EVP_PKEY_get_security_category() muaj nuj nqi tau ntxiv los xyuas cov qib kev ruaj ntseg. Qib kev ruaj ntseg qhia txog qhov tsis kam tiv thaiv brute-force tawm tsam ntawm quantum computers thiab tuaj yeem coj tus nqi ntawm 0 txog 5:
    • 0 - kev siv tsis tiv thaiv hacking ntawm quantum computers;
    • 1/3/5 - qhov kev siv tsis suav nrog qhov muaj peev xwm ntawm kev tshawb nrhiav tus yuam sij hauv block cipher nrog 128/192/256-ntsis tus yuam sij ntawm quantum computer;
    • 2/4 - qhov kev siv tsis suav nrog qhov muaj peev xwm ntawm kev tshawb nrhiav kev sib tsoo hauv 256/384-ntsis hash ntawm quantum computer).
  • Cov lus txib "openssl configutl" tau ntxiv rau kev ua cov ntaub ntawv teeb tsa. Qhov kev siv hluav taws xob no tso cai rau koj los tsim cov ntaub ntawv sib sau nrog txhua qhov chaw los ntawm ntau cov ntaub ntawv teeb tsa nrog suav nrog.
  • FIPS cryptographic tus muab kev pabcuam tau hloov kho los txhawb kev txiav txim siab tiam ntawm ECDSA digital kos npe (tib yam kos npe yog tsim nrog tib cov ntaub ntawv nkag), raws li cov kev cai ntawm FIPS 186-5 tus qauv.
  • Cov kev cai tsim ib puag ncig tau nce ntxiv. Lub tsev OpenSSL tsis tas yuav tsum muaj cov cuab yeej nrog ANSI-C kev txhawb nqa; Tam sim no yuav tsum muaj C-99-raws li compiler.
  • Cov haujlwm ntsig txog EVP_PKEY_ASN1_METHOD cov qauv tau raug tso tseg.
  • Kev them nyiaj yug rau VxWorks platform tau raug txiav lawm.

Fixed vulnerabilities:

  • CVE-2025-9230 yog qhov muaj qhov tsis zoo hauv kev decryption code rau lo lus zais-encrypted CMS lus (PWRI). Qhov tsis muaj zog tuaj yeem ua rau cov ntaub ntawv tawm ntawm cov ntaub ntawv raug sau lossis nyeem, uas tuaj yeem ua rau muaj kev sib tsoo lossis kev nco tsis zoo hauv daim ntawv thov uas siv OpenSSL los ua CMS cov lus. Txawm hais tias kev siv qhov tsis zoo no rau kev ua tiav txoj cai yog ua tau, qhov hnyav ntawm qhov teeb meem yog txo los ntawm qhov tseeb tias lo lus zais-encrypted CMS cov lus tsis tshua siv hauv kev xyaum. Ntxiv rau OpenSSL 3.6.0, qhov tsis zoo tau raug kho hauv OpenSSL 3.5.4, 3.4.3, 3.3.5, 3.2.6, thiab 3.0.18. Qhov teeb meem kuj tau kho hauv LibreSSL 4.0.1 thiab 4.1.1, lub tsev qiv ntawv tsim los ntawm OpenBSD project.
  • CVE-2025-9231 - Kev siv ntawm SM2 algorithm yog qhov yooj yim rau kev tawm tsam sab-channel. Ntawm cov tshuab nrog 64-ntsis ARM CPUs, qhov no tso cai rau tus kheej qhov tseem ceeb rov qab los ntawm kev txheeb xyuas lub sijhawm ntawm tus kheej suav. Qhov kev tawm tsam tuaj yeem ua tau nyob deb. Qhov kev pheej hmoo ntawm kev tawm tsam yog txo los ntawm qhov tseeb tias OpenSSL tsis ncaj qha rau kev siv daim ntawv pov thawj nrog SM2 yuam sij hauv TLS.
  • CVE-2025-9232 yog qhov muaj qhov tsis zoo hauv kev siv HTTP tus neeg siv khoom tsim uas tso cai rau kev nyeem cov ntaub ntawv tawm thaum ua tiav qhov tshwj xeeb crafted URL hauv HTTP Client functions. Qhov teeb meem tsuas yog tshwm sim nws tus kheej thaum "no_proxy" ib puag ncig hloov pauv tau teeb tsa thiab tuaj yeem ua rau muaj kev sib tsoo.

Tau qhov twg los: opennet.ru

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers 🔥 Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster