ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-cryptographic library wolfSSL 5.1.0

Ukukhishwa kwe-cryptographic library wolfSSL 5.1.0

Umtapo wolwazi we-cryptographic ohlangene we-wolfSSL 5.1.0 ukhululiwe. Ilungiselelwe ukusetshenziswa kumadivayisi ashumekiwe anephrosesa elinganiselwe nezinsiza zenkumbulo, njengamadivayisi e-IoT, amasistimu asekhaya ahlakaniphile, amasistimu olwazi lwemoto, amarutha, nomakhalekhukhwini. Ikhodi ibhalwe ngo-C futhi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2.

Umtapo wolwazi uhlinzeka ngokuqaliswa kokusebenza okuphezulu kwama-cryptographic algorithms esimanje, okuhlanganisa i-ChaCha20, i-Curve25519, i-NTRU, i-RSA, i-Blake2b, i-TLS 1.0-1.3, ne-DTLS 1.2, okuthi, ngokusho konjiniyela, ihlangene izikhathi ezingu-20 ngaphezu kokuqaliswa kwe-OpenSSL. Ihlinzeka nge-API yayo eyenziwe lula kanye nesendlalelo sokusebenzisana ne-OpenSSL API. Isekela i-OCSP (i-Online Certificate Status Protocol) kanye ne-CRL (Uhlu Lokuhoxiswa Kwesitifiketi) ukuze kuhlolwe ukuhoxiswa kwesitifiketi.

Izici ezibalulekile ze-wolfSSL 5.1.0:

  • Kwengezwe ukusekelwa kweplathifomu ye-NXP SE050 (enokusekelwa kwe-Curve25519) kanye ne-Renesas RA6M4. Ukusekelwa kwe-TSIP 1.14 (I-IP Evikelekile Ethembekile) yengezwe ku-Renesas RX65N/RX72N.
  • Usekelo olungeziwe lwama-algorithms we-post-quantum cryptography embobeni yeseva ye-Apache HTTP. Uhlelo lwesiginesha yedijithali ye-NIST Round 3 FALCON selusetshenziswe ku-TLS 1.3. Izivivinyo ezingeziwe ze-cURL ezihlanganiswe ne-wolfSSL kumodi ye-cryptographic algorithm engamelana nenani.
  • Ukusekelwa kwe-NGINX 1.21.4 ne-Apache httpd 2.4.51 kwengezwe kusendlalelo ukuze kuqinisekiswe ukuhambisana namanye amalabhulali nezinhlelo zokusebenza.
  • Ukuze ihambisane ne-OpenSSL, ikhodi yengeze ukusekela kwefulegi le-SSL_OP_NO_TLSv1_2 kanye nemisebenzi SSL_CTX_get_max_early_data, SSL_CTX_set_max_early_data, SSL_set_max_early_data, SSL_CT_max_early_data,_SSL_ SSL_CONF_cmd_value_type, SSL_read_early_data, SSL_write_early_data.
  • Kwengezwe amandla okubhalisa umsebenzi wokuphinda ushayele esikhundleni sokusebenzisa okwakhelwe ngaphakathi kwe-algorithm ye-AES-CCM.
  • Kwengezwe i-WOLFSSL_CUSTOM_OID enkulu ukuze kwenziwe ama-OID angokwezifiso e-CSR (isicelo sokusayina isitifiketi).
  • Kungezwe usekelo lwamasiginesha e-deterministic ECC, anikwe amandla yi-FSSL_ECDSA_DETERMINISTIC_K_VARIANT macro.
  • Kwengezwe imisebenzi emisha wc_GetPubKeyDerFromCert, wc_InitDecodedCert, wc_ParseCert kanye ne-wc_FreeDecodedCert.
  • Ubungozi obubili obukalwe njengobukhulu obuphansi bulungisiwe. Ukuba sengozini kokuqala kuvumela ukuhlaselwa kwe-DoS kuhlelo lokusebenza lweklayenti ngokuhlaselwa komuntu ophakathi nendawo ekuxhumekeni kwe-TLS 1.2. Ukuba sengozini kwesibili kuvumela ithuba lokuthola ukulawula ukuqalisa kabusha kweseshini yeklayenti uma usebenzisa ummeleli osuselwe ku-wolfSSL noma uxhumo olungaqinisekisi lonke uchungechunge lokuthembana lwesitifiketi seseva.

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster