ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kwe-cryptographic library wolfSSL 5.1.0

Ukukhutshwa kwe-cryptographic library wolfSSL 5.1.0

Ukukhutshwa kwelayibrari ye-cryptographic compact wolfSSL 5.1.0, elungiselelwe ukusetyenziswa kwizixhobo ezizinzisiweyo ezineprosesa enyiniweyo kunye nemithombo yememori, efana ne-Intanethi yezixhobo zeZinto, iinkqubo zekhaya ezihlakaniphile, iinkqubo zolwazi lwemoto, iirotha kunye neeselfowuni, sele ilungisiwe. Ikhowudi ibhalwe ngolwimi C kwaye isasazwe phantsi kwelayisensi ye-GPLv2.

Ithala leencwadi libonelela ngokuphunyezwa kokusebenza okuphezulu kwee-algorithms zanamhlanje ze-cryptographic, kubandakanya i-ChaCha20, i-Curve25519, i-NTRU, i-RSA, i-Blake2b, i-TLS 1.0-1.3 kunye ne-DTLS 1.2, ngokutsho kwabaphuhlisi bamaxesha angama-20 adibeneyo ngaphezu kokuphunyezwa kwe-OpenSSL. Ibonelela nge-API yayo eyenziwe lula kunye nomaleko wokuhambelana ne-OpenSSL API. Kukho inkxaso ye-OCSP (i-Online Certificate Status Protocol) kunye ne-CRL (uLuhlu lokurhoxiswa kwesatifikethi) yokujonga ukurhoxiswa kwesatifikethi.

Iinguqulelo eziphambili ze wolfSSL 5.1.0:

  • Inkxaso yeqonga elongezelelweyo: I-NXP SE050 (ngenkxaso yeCurve25519) kunye neRenesas RA6M4. I-Renesas RX65N/RX72N, inkxaso ye-TSIP 1.14 (i-IP ethembekileyo eKhuselekileyo) yongezwe.
  • Kongezwe ukukwazi ukusebenzisa i-post-quantum cryptography algorithms kwizibuko le-Apache http umncedisi. Kwi-TLS 1.3, i-NIST ngeenxa zonke ye-3 FALCON isikimu sokutyikitya sedijithali siphunyeziwe. Iimvavanyo ezongeziweyo ze-cURL ezihlanganiswe kwi-wolfSSL kwindlela yokusebenzisa i-crypto-algorithms, ukumelana nokukhethwa kwikhompyutheni ye-quantum.
  • Ukuqinisekisa ukuhambelana namanye amathala eencwadi kunye nezicelo, inkxaso ye-NGINX 1.21.4 kunye ne-Apache httpd 2.4.51 yongezwe kuluhlu.
  • Ngokuhambelana ne-OpenSSL, inkxaso ye-SSL_OP_NO_TLSv1_2 iflegi kunye nemisebenzi SSL_CTX_get_max_max_early_data, SSL_CTX_set_max_early_data, SSL_set_max_early_data, SSL_get_max_early_data, SSL_CTX_read_CT, SSL_CTX_read_data _early_data SSL_write_ yongezwe kwikhowudi early_data.
  • Ukongezwa ukukwazi ukubhalisa umsebenzi wokufowunela ukubuyisela ukuphunyezwa okwakhiweyo kwe-algorithm ye-AES-CCM.
  • Kongezwe i-macro WOLFSSL_CUSTOM_OID ukuvelisa ii-OID zesiko ze-CSR (isicelo sokusayina isatifikethi).
  • Inkxaso eyongeziweyo yotyikityo lwe-ECC eqinisekileyo, yenziwe yi-FSSL_ECDSA_DETERMINISTIC_K_VARIANT macro.
  • Kongezwe imisebenzi emitsha wc_GetPubKeyDerFromCert, wc_InitDecodedCert, wc_ParseCert kunye ne-wc_FreeDecodedCert.
  • Ubuthathaka obubini obubekwe njengobungqongqo obuphantsi busonjululwe. Ubuthathaka bokuqala buvumela ukuhlaselwa kwe-DoS kwisicelo somthengi ngexesha lokuhlaselwa kwe-MITM kwi-TLS 1.2 uxhumano. Ubuthathaka besibini bunxulumene nokuba nokwenzeka kokufumana ulawulo lokuqalisa kwakhona kweseshoni yomxhasi xa usebenzisa i-wolfSSL-based proxy okanye uqhagamshelo olungajongi lonke ikhonkco lokuthembela kwisatifikethi somncedisi.

umthombo: opennet.ru

Yongeza izimvo