ProHoster > Блог > ozi ịntanetị > MepeeSSL 3.6.0 weputara ya na nkwado EVP_SKEY na ndozi oke mmiri

MepeeSSL 3.6.0 weputara ya na nkwado EVP_SKEY na ndozi oke mmiri

OpenSSL 3.6.0, mmejuputa iwu SSL/TLS na usoro nzuzo dị iche iche, ewepụtala. OpenSSL 3.6 bụ ntọhapụ nkwado oge niile, yana mmelite dị maka ọnwa 13. Nkwado maka mwepụta OpenSSL gara aga-3.5 LTS, 3.4, 3.3, 3.2, na 3.0 LTS—ga-aga n'ihu ruo Eprel 2030, Ọktoba 2026, Eprel 2026, Nọvemba 2025, na Septemba 2026, n'otu n'otu. Enyere ikike koodu ọrụ a n'okpuru ikikere Apache 2.0.

Isi ihe ọhụrụ:

  • Nkwado agbakwunyere maka nhazi EVP_SKEY (Symmetric KEY) maka ịnọchite anya igodo symmetric dị ka ihe na-adịghị ahụkebe. N'adịghị ka igodo raw, nke a na-anọchi anya ya dị ka nhazi byte, EVP_SKEY na-edepụta usoro isi ma nwee metadata ndị ọzọ. Enwere ike iji EVP_SKEY na izo ya ezo, mgbanwe igodo, na ọrụ mwepu isi (KDF). Egbakwunyela ọrụ EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), na EVP_PKEY_derive_SKEY() maka iji igodo EVP_SKEY arụ ọrụ.
  • agbakwunyere nkwado maka nkwenye mbinye aka dijitalụ dabere na atụmatụ Leighton-Micali Signatures (LMS), nke na-eji ọrụ hash na hashing dabere na osisi n'ụdị osisi Merkle (alaka ọ bụla na-enyocha alaka na ọnụ niile dị n'okpuru). mbinye aka dijitalụ LMS na-eguzogide ule ike ike na kọmpụta quantum ma emebere ya iji chọpụta izi ezi nke ngwa ngwa na ngwa.
  • Nkwado agbakwunyere maka ụdị nchekwa NIST maka paramita ihe PKEY (igodo ọha na nke nzuzo). A na-edozi ngalaba nchekwa site na ntọala "ụdị nchekwa". Agbakwunyela ọrụ EVP_PKEY_get_security_category() iji lelee ọkwa nchekwa. Ọkwa nchekwa ahụ na-egosipụta nguzogide mwakpo ike ike na kọmpụta quantum ma nwee ike were ụkpụrụ integer site na 0 ruo 5:
    • 0 - mmejuputa iwu anaghị eguzogide mbanye anataghị ikike na kọmpụta quantum;
    • 1/3/5 - mmejuputa ya anaghị ewepu ohere nke ịchọ igodo na ngọngọ cipher nwere igodo 128/192/256-bit na kọmpụta quantum;
    • 2/4 - mmejuputa ya anaghị ewepu ohere nke ịchọ nkukota na hash 256/384-bit na kọmputa quantum).
  • Agbakwunyela iwu "openssl configutl" maka nhazi faịlụ nhazi. Akụrụngwa a na-enye gị ohere ịmepụta faịlụ agbakọtara yana ntọala niile sitere na nhazi faịlụ ọtụtụ yana gụnyere.
  • Emelitela onye na-eweta cryptographic FIPS iji kwado ọgbọ deterministic nke ECDSA dijitalụ mbinye aka (otu mbinye aka a na-eji otu data ntinye emepụtara), dịka ihe achọrọ nke ọkọlọtọ FIPS 186-5.
  • abawanyela ihe ndị chọrọ ime ụlọ. Iwuli OpenSSL achọkwaghị ngwaọrụ nwere nkwado ANSI-C; a na-achọrọ ihe nchịkọta C-99 na-akwado ugbu a.
  • Akwụsịla ọrụ ndị metụtara nhazi EVP_PKEY_ASN1_METHOD.
  • Akwụsịla nkwado maka ikpo okwu VxWorks.

Ọdịmma emebere:

  • CVE-2025-9230 bụ adịghị ike na koodu ntọhapụ maka ozi CMS ezoro ezo (PWRI). Ọdịmma ahụ nwere ike iduga ka edere ma ọ bụ gụọ data na-apụ apụ, nke nwere ike ibute mkpọka ma ọ bụ nrụrụ ebe nchekwa na ngwa na-eji OpenSSL hazie ozi CMS. Ọ bụ ezie na nrigbu nke adịghị ike a maka mkpochapụ koodu ga-ekwe omume, a na-ebelata ịdị njọ nke okwu ahụ site n'eziokwu ahụ bụ na a naghị ejikarị ozi CMS ezoro ezoro ezoro ezo na omume. Na mgbakwunye na OpenSSL 3.6.0, edobere adịghị ike na OpenSSL 3.5.4, 3.4.3, 3.3.5, 3.2.6, na 3.0.18. Edozikwara okwu a na LibreSSL 4.0.1 na 4.1.1, ọbá akwụkwọ nke mmemme OpenBSD mebere.
  • CVE-2025-9231 - Mmejuputa nke SM2 algọridim dị mfe na mwakpo ọwa n'akụkụ. Na sistemu nwere 64-bit ARM CPUs, nke a na-enye ohere mgbake igodo nzuzo site na nyocha oge ịgbakọ onye ọ bụla. Enwere ike ime mwakpo a n'ebe dị anya. A na-ebelata ihe egwu nke mwakpo ahụ site na eziokwu na OpenSSL anaghị akwado iji asambodo nwere igodo SM2 na TLS.
  • CVE-2025-9232 bụ adịghị ike na mmejuputa onye ahịa HTTP arụnyere na-enye ohere ịgụ data na-apụ apụ mgbe ị na-ahazi URL ahaziri ahazi na ọrụ Client HTTP. Okwu a na-egosipụta naanị onwe ya mgbe edobere mgbanwe gburugburu "no_proxy" ma nwee ike bute ọdịda ngwa.

isi: opennet.ru

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster