Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa laibulale yachinsinsi ya OpenSSL 3.1.0

Kutulutsidwa kwa laibulale yachinsinsi ya OpenSSL 3.1.0

Pambuyo pa chaka ndi theka lachitukuko, laibulale ya OpenSSL 3.1.0 idatulutsidwa ndikukhazikitsa ma protocol a SSL/TLS ndi ma algorithms osiyanasiyana obisa. OpenSSL 3.1 idzathandizidwa mpaka Marichi 2025. Thandizo la nthambi zakale za OpenSSL 3.0 ndi 1.1.1 zipitilira mpaka Seputembara 2026 ndi Seputembara 2023, motsatana. Khodi ya polojekitiyi imagawidwa pansi pa layisensi ya Apache 2.0.

Zatsopano zazikulu za OpenSSL 3.1.0:

  • Ma module a FIPS amathandizira ma cryptographic algorithms omwe amagwirizana ndi FIPS 140-3 mulingo wachitetezo. Njira yotsimikizira ma module yayamba kupeza chiphaso chotsatira zofunikira za FIPS 140-3. Mpaka certification itatha, mutasintha OpenSSL ku nthambi ya 3.1, ogwiritsa ntchito akhoza kupitiriza kugwiritsa ntchito gawo la FIPS lomwe liri lovomerezeka ku FIPS 140-2. Zina mwa zosintha mu gawo latsopano la gawoli, kuphatikiza kwa Triple DES ECB, Triple DES CBC ndi EdDSA ma algorithms, omwe sanayesedwebe kuti agwirizane ndi zofunikira za FIPS, amadziwika. Mtundu watsopanowu umaphatikizaponso kukhathamiritsa kuti mugwire bwino ntchito komanso kusintha koyesa mayeso amkati nthawi iliyonse yomwe gawoli ladzaza, osati kungoyika.
  • OSSL_LIB_CTX khodi yasinthidwa. Njira yatsopanoyi imachotsa kutsekereza kosafunikira ndikulola magwiridwe antchito apamwamba.
  • Kuchita bwino kwa encoder ndi ma decoder frameworks.
  • Kukhathamiritsa kwa magwiridwe antchito okhudzana ndi kugwiritsa ntchito zida zamkati (matebulo a hashi) ndi caching zachitika.
  • Liwiro lakupanga makiyi a RSA mumayendedwe a FIPS wawonjezedwa.
  • Pazomangamanga zosiyanasiyana zama purosesa, kukhathamiritsa kwapagulu kwakhazikitsidwa pakukhazikitsa ma algorithms a AES-GCM, ChaCha20, SM3, SM4 ndi SM4-GCM. Mwachitsanzo, kachidindo ka AES-GCM imathandizira pogwiritsa ntchito malangizo a AVX512 vAES ndi vPCLMULQDQ.
  • KBKDF (Key Based Key Derivation Function) tsopano imathandizira KMAC (KECCAK Message Authentication Code) algorithm.
  • Ntchito zosiyanasiyana za "OBJ_*" zimasinthidwa kuti zigwiritsidwe ntchito mumitundu yambiri.
  • Anawonjezera luso logwiritsa ntchito malangizo a RNDR ndi zolembera za RNDRRS, zomwe zimapezeka m'mapurosesa kutengera kamangidwe ka AArch64, kuti apange manambala a pseudorandom.
  • Magwiridwe OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio ndi OPENSSL_LH_node_usage_stats_bio asiyidwa. Gulu lalikulu la DEFINE_LHASH_OF latsitsidwa.

Source: opennet.ru

Kuwonjezera ndemanga