ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kweLibreSSL 3.1.0 kunye neBotan 2.14.0 yamathala eencwadi efihlakeleyo

Ukukhutshwa kweLibreSSL 3.1.0 kunye neBotan 2.14.0 yamathala eencwadi efihlakeleyo

Abaphuhlisi beProjekthi ye-OpenBSD thaca ukukhutshwa kohlelo oluphathwayo lwephakheji I-LibreSSL 3.1.0, apho ifolokhwe ye-OpenSSL iphuhliswayo, ejoliswe ekuboneleleni umgangatho ophezulu wokhuseleko. Iprojekthi ye-LibreSSL igxininise kwinkxaso ephezulu ye-SSL / TLS protocol ngokususa umsebenzi ongeyomfuneko, ukongeza iimpawu ezongezelelweyo zokhuseleko, kunye nokucoca kakhulu kunye nokusebenza kwakhona kwesiseko sekhowudi. Ukukhutshwa kwe-LibreSSL 3.1.0 kuthathwa njengokukhutshwa kovavanyo okuphuhlisa iimpawu eziya kubandakanywa kwi-OpenBSD 6.7.

Iimpawu ze-LibreSSL 3.1.0:

  • Ukuphunyezwa kokuqala kwe-TLS 1.3 kucetywayo ngokusekelwe kumatshini omtsha karhulumente kunye nenkqubo engaphantsi yokusebenza kunye neerekhodi. Ngokungagqibekanga, kuphela yinxalenye yomxhasi we-TLS 1.3 enikwe amandla okwangoku; indawo yomncedisi icwangciswe ukuba isebenze ngokungagqibekanga kukhupho oluzayo.
  • Ikhowudi ihlanjululwe, ukwahlulahlula kweprotocol kunye nokulawulwa kwememori kuphuculwe.
  • Iindlela ze-RSA-PSS kunye ne-RSA-OAEP zisusiwe kwi-OpenSSL 1.1.1.
  • Uzalisekiso lususwe kwi-OpenSSL 1.1.1 kwaye lwenziwe ngokuzenzekelayo CMS (I-Cryptographic Message Syntax). Umyalelo we "cms" wongezwe kwi-openssl eluncedo.
  • Ukuphucula ukuhambelana ne-OpenSSL 1.1.1 ngokubuyisela utshintsho oluthile.
  • Kongezwe iseti enkulu yovavanyo olutsha lwe-cryptographic function.
  • Ukuziphatha kwe-EVP_chacha20 () isondele kwi-semantics ye-OpenSSL.
  • Kongezwe ukukwazi ukuqwalasela indawo iseti enezatifikethi zegunya lesatifikethi.
  • Kwisixhobo se-openssl, umyalelo othi "req" usebenzisa "-addext" ukhetho.

Ukongeza, kunokuqatshelwa ukukhululwa ilayibrari ye-cryptographic IBotan 2.14.0, isetyenziswe kwiprojekthi NeoPG, ifolokhwe ye-GnuPG 2. Ithala leencwadi libonelela ngengqokelela enkulu iiprimitives esele zenziwe, esetyenziswa kwi-TLS protocol, izatifikethi ze-X.509, ii-ciphers ze-AEAD, ii-TPMs, i-PKCS#11, i-password hashing, kunye ne-post-quantum cryptography (ii-hash-based signatures kunye nesivumelwano esingundoqo esisekelwe kuMcEliece ne-NewHope). Ilayibrari ibhalwe C ++ 11 kunye inikwe phantsi kwelayisensi ye-BSD.

Phakathi utshintsho kushicilelo olutsha lweBotan:

  • Ukuphunyezwa okongeziweyo kwendlela GCM (Imowudi ye-Galois/Counter), ikhawuleziswe kwiiprosesa ze-POWER8 zisebenzisa i-VPSUMD yeVector yomyalelo.
  • Kwiinkqubo ze-ARM kunye ne-MOWER, ukuphunyezwa kwe-vector permutation operation ye-AES kunye nexesha lokuqhuba rhoqo liye lakhawuleza kakhulu.
  • I-algorithm entsha ye-modulo inversion iyacetywa, ekhawulezayo kwaye ikhusela ngcono kuhlaselo lwe-channel-channel.
  • Uphuculo lwenziwe ukukhawulezisa i-ECDSA/ECDH ngokunciphisa indawo ye-NIST.

umthombo: opennet.ru

Yongeza izimvo