ProHoster > Blog > litaba tsa inthanete > Ho lokolloa ha LibreSSL 3.1.0 le lilaebrari tsa cryptographic tsa Botan 2.14.0

Ho lokolloa ha LibreSSL 3.1.0 le lilaebrari tsa cryptographic tsa Botan 2.14.0

Baetsi ba Morero oa OpenBSD hlahisoa ho lokolloa ha khatiso e nkehang ea sephutheloana LibreSSL 3.1.0, moo fereko ea OpenSSL e ntseng e ntlafatsoa, ​​e reretsoeng ho fana ka boemo bo phahameng ba tšireletso. Morero oa LibreSSL o shebane le ts'ehetso ea boleng bo holimo bakeng sa liprothokholo tsa SSL / TLS ka ho tlosa ts'ebetso e sa hlokahaleng, ho eketsa likarolo tse ling tsa ts'ireletso, le ho hloekisa haholo le ho tsosolosa motheo oa khoutu. Tokollo ea LibreSSL 3.1.0 e nkuoa e le tokollo ea liteko e hlahisang likarolo tse tla kenyelletsoa ho OpenBSD 6.7.

Likarolo tsa LibreSSL 3.1.0:

  • Ts'ebetsong ea pele ea TLS 1.3 e sisintsoe ho ipapisitsoe le mochini o mocha oa mmuso le sistimi e tlase ea ho sebetsa ka lirekoto. Ka ho sa feleng, ke karolo ea moreki feela ea TLS 1.3 e lumelletsoeng hajoale; karolo ea seva e reriloe hore e kenngoe tšebetsong ka mokhoa o ikhethileng tokollong e tlang.
  • Khoutu e hloekisitsoe, parsing ea protocol le taolo ea memori e ntlafalitsoe.
  • Mekhoa ea RSA-PSS le RSA-OAEP e tlositsoe ho OpenSSL 1.1.1.
  • Ts'ebetsong e tlohile ho OpenSSL 1.1.1 'me e nolofalitsoe ka ho sa feleng jpeg (Cryptographic Message Syntax). Taelo ea "cms" e kenyelelitsoe ho openssl utility.
  • Tšebelisano e ntlafalitsoeng le OpenSSL 1.1.1 ka ho khutlisa liphetoho tse ling.
  • E kentse sehlopha se seholo sa liteko tse ncha tsa ts'ebetso ea cryptographic.
  • Boitšoaro ba EVP_chacha20() bo haufi le semantics ea OpenSSL.
  • E kentse bokhoni ba ho hlophisa sebaka sa sete e nang le litifikeiti tsa bolaoli ba setifikeiti.
  • Sesebelisoa sa openssl, taelo ea "req" e sebelisa khetho ea "-addext".

Ho phaella moo, ho ka hlokomeloa lokolla laebrari ea li-cryptographic Boot 2.14.0, e sebelisitsoeng morerong NeoPG, fereko ea GnuPG 2. Laebrari e fana ka pokello e kholo lintho tsa khale tse entsoeng, e sebelisitsoeng ho TLS protocol, X.509 certificates, AEAD ciphers, TPMs, PKCS#11, password hashing, le post-quantum cryptography (masaeno a thehiloeng hash le tumellano ea bohlokoa e thehiloeng ho McEliece le NewHope). Laebrari e ngotsoe ka C ++ 11 le fuoa tlas'a laesense ea BSD.

har'a liphetoho tokollong e ncha ea Botan:

  • Ho eketsoa ts'ebetsong ea mokhoa GCM (Mokhoa oa Galois/Counter), o potlakisitsoe bakeng sa li-processor tsa POWER8 ho sebelisa taeo ea vector ea VPSUMD.
  • Bakeng sa litsamaiso tsa ARM le POWER, ts'ebetsong ea ts'ebetso ea tumello ea vector bakeng sa AES ka nako ea ts'ebetso e sa khaotseng e potlakisitsoe haholo.
  • Ho entsoe tlhahiso e ncha ea modulo inversion algorithm, e potlakisang le e betere e sireletsang khahlanong le litlhaselo tsa kanale tse lehlakoreng.
  • Ntlafatso e entsoe ho potlakisa ECDSA/ECDH ka ho fokotsa sebaka sa NIST.

Source: opennet.ru

Eketsa ka tlhaloso