ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Siideynta maktabadda cryptographic wolfSSL 5.1.0

Siideynta maktabadda cryptographic wolfSSL 5.1.0

Siidaynta maktabadda isafgaradka ah ee wolfSSL 5.1.0, oo loo habeeyay in loogu isticmaalo aaladaha ku dhex jira ee leh processor-ka iyo agabka xusuusta xaddidan, sida Internet of Things, nidaamyada guryaha smart, nidaamyada macluumaadka baabuurta, router-yada iyo taleefannada gacanta, ayaa la diyaariyey. Xeerku wuxuu ku qoran yahay luqadda C waxaana lagu qaybiyaa shatiga GPLv2.

Maktabadu waxay bixisaa hirgelinta waxqabadka sare ee algorithms cryptographic casriga ah, oo ay ku jiraan ChaCha20, Curve25519, NTRU, RSA, Blake2b, TLS 1.0-1.3 iyo DTLS 1.2, kuwaas oo sida laga soo xigtay horumariyayaashu 20 jeer ka badan yihiin hirgelinta OpenSSL. Waxay siisaa API la fududeeyay labadaba iyo lakabka la socon kara OpenSSL API. Waxaa jira taageero OCSP (Online Certificate Status Protocol) iyo CRL (Liiska Dib-u-noqoshada Shahaadada) ee hubinta burinta shahaadada.

Hal-abuurka ugu muhiimsan ee wolfSSL 5.1.0:

  • Taageerada madal lagu daray: NXP SE050 (oo leh taageerada Curve25519) iyo Renesas RA6M4. Renesas RX65N/RX72N, taageerada TSIP 1.14 (Trusted Secure IP) ayaa lagu daray.
  • Waxaa lagu daray awoodda isticmaalka ka dib-quantum cryptography algorithms ee dekedda loogu talagalay server-ka Apache http. Wixii loogu talagalay TLS 1.3, nidaamka wareegga 3 ee NIST ee saxiixa dhijitaalka ah ee FALCON waa la hirgeliyay. Tijaabooyin lagu daray cURL oo laga soo ururiyey wolfSSL qaabka loo isticmaalo crypto-algorithms, adkaysi u leh xulashada kombuyuutarka tirada.
  • Si loo hubiyo la jaanqaadka maktabadaha kale iyo codsiyada, taageerada NGINX 1.21.4 iyo Apache httpd 2.4.51 ayaa lagu daray lakabka.
  • U waafaqid OpenSSL, taageer SSL_OP_NO_TLSv1_2 calanka iyo shaqada SSL_CTX_get_max_early_data, SSL_CTX_set_max_early_data, SSL_set_max_early_data, SSL_get_max_early_data, SSL_CTX_clear_ftyped, SSL_CTX_clauee_data _ ayaa lagu daray koodka hore_xogta.
  • Waxaa lagu daray awoodda lagu diiwaangelinayo shaqada dib-u-soo-celinta si loogu beddelo hirgelinta gudaha ee AES-CCM algorithm.
  • Macro WOLFSL_CUSTOM_OID oo lagu daray si loo soo saaro OID-yada caadiga ah ee CSR (codsiga saxeexa shahaadadda).
  • Taageerada lagu daray saxeexyada ECC ee go'aaminta, waxaa karti u leh FSSL_ECDSA_DETERMINISTIC_K_VARIANT makro.
  • Waxaa lagu daray hawlo cusub wc_GetPubKeyDerFromCert, wc_InitDecodedCert, wc_ParseCert iyo wc_FreeDecodedCert.
  • Laba dayacan oo lagu qiimeeyay darnaanta hoose ayaa la xaliyay. Nuglaanta koowaad waxay u oggolaanaysaa weerar DoS ee codsiga macmiilka inta lagu jiro weerarka MITM ee xidhiidhka TLS 1.2. Nuglaanta labaad waxay la xiriirtaa suurtagalnimada in la xakameeyo dib u bilaabista kalfadhiga macmiilka marka la isticmaalayo wakiil ku salaysan wolfSSL ama isku xirka aan hubin dhammaan silsiladda kalsoonida ee shahaadada serverka.

Source: opennet.ru

Add a comment