Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa laibulale ya cryptographic wolfSSL 5.1.0

Kutulutsidwa kwa laibulale ya cryptographic wolfSSL 5.1.0

Kutulutsidwa kwa laibulale ya compact cryptographic laibulale ya wolfSSL 5.1.0, yokonzedwa kuti igwiritsidwe ntchito pazida zophatikizika zokhala ndi purosesa yochepa komanso zokumbukira, monga zida za intaneti ya Zinthu, makina anzeru apanyumba, makina azidziwitso zamagalimoto, ma routers ndi mafoni am'manja, kwakonzedwa. Khodiyo imalembedwa m'chinenero cha C ndikugawidwa pansi pa layisensi ya GPLv2.

Laibulaleyi imapereka magwiridwe antchito apamwamba a ma aligorivimu amakono a cryptographic, kuphatikiza ChaCha20, Curve25519, NTRU, RSA, Blake2b, TLS 1.0-1.3 ndi DTLS 1.2, zomwe malinga ndi omwe akupanga ndizophatikizika ka 20 kuposa kukhazikitsidwa kwa OpenSSL. Imapereka API yake yophweka komanso yosanjikiza kuti igwirizane ndi OpenSSL API. Pali chithandizo cha OCSP (Online Certificate Status Protocol) ndi CRL (Mndandanda Wochotsa Satifiketi) powona kuchotsedwa kwa satifiketi.

Zatsopano zazikulu za wolfSSL 5.1.0:

  • Thandizo la nsanja yowonjezera: NXP SE050 (ndi Curve25519 thandizo) ndi Renesas RA6M4. Kwa Renesas RX65N/RX72N, chithandizo cha TSIP 1.14 (Trusted Secure IP) chawonjezedwa.
  • Anawonjezera kuthekera kogwiritsa ntchito ma algorithms a post-quantum cryptography padoko pa seva ya Apache http. Kwa TLS 1.3, ndondomeko ya siginecha ya digito ya NIST yozungulira 3 FALCON yakhazikitsidwa. Mayeso owonjezera a cURL opangidwa kuchokera ku wolfSSL m'njira yogwiritsira ntchito ma crypto-algorithms, osatha kusankha pakompyuta yochulukira.
  • Kuti muwonetsetse kuti zimagwirizana ndi malaibulale ena ndi mapulogalamu, chithandizo cha NGINX 1.21.4 ndi Apache httpd 2.4.51 chawonjezeredwa ku wosanjikiza.
  • Kuti igwirizane ndi OpenSSL, thandizo la mbendera ya SSL_OP_NO_TLSv1_2 ndi magwiridwe antchito SSL_CTX_get_max_early_data, SSL_CTX_set_max_early_data, SSL_set_max_early_data, SSL_get_max_early_data, SSL_CONFlude_data _early_data SSL_write_ yawonjezedwa ku code early_data.
  • Anawonjezera kuthekera kolembetsa ntchito yoyitanitsa kuti alowe m'malo mwa kukhazikitsa kokhazikika kwa algorithm ya AES-CCM.
  • Onjezani zazikulu WOLFSSL_CUSTOM_OID kuti mupange ma OID amtundu wa CSR (pempho losaina satifiketi).
  • Thandizo lowonjezera la siginecha ya deterministic ECC, yothandizidwa ndi FSSL_ECDSA_DETERMINISTIC_K_VARIANT macro.
  • Anawonjezera ntchito zatsopano wc_GetPubKeyDerFromCert, wc_InitDecodedCert, wc_ParseCert ndi wc_FreeDecodedCert.
  • Ziwopsezo ziwiri zomwe zidaonedwa kuti ndizochepa kwambiri zathetsedwa. Chiwopsezo choyamba chimalola kuukira kwa DoS pa kasitomala pulogalamu panthawi ya MITM kuwukira pa kulumikizana kwa TLS 1.2. Chiwopsezo chachiwiri chikukhudzana ndi kuthekera kokhala ndi mphamvu pakuyambiranso gawo lamakasitomala mukamagwiritsa ntchito proxy yochokera ku wolfSSL kapena zolumikizira zomwe sizimayang'ana mndandanda wonse wa chikhulupiliro mu satifiketi ya seva.

Source: opennet.ru

Kuwonjezera ndemanga