I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukukhishwa kwe-cryptographic library wolfSSL 5.1.0

Ukukhishwa kwe-cryptographic library wolfSSL 5.1.0

Ukukhishwa komtapo wolwazi ohlangene we-cryptographic wolfSSL 5.1.0, olungiselelwe ukusetshenziswa kumadivayisi ashumekiwe anephrosesa elinganiselwe nezisetshenziswa zenkumbulo, ezifana namadivayisi e-inthanethi Yezinto, amasistimu asekhaya ahlakaniphile, amasistimu olwazi lwezimoto, amarutha namaselula, sekulungisiwe. Ikhodi ibhalwe ngolimi C futhi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2.

Umtapo wolwazi uhlinzeka ngokusetshenziswa okuphakeme kokusebenza kwama-cryptographic algorithms esimanje, okuhlanganisa i-ChaCha20, i-Curve25519, i-NTRU, i-RSA, i-Blake2b, i-TLS 1.0-1.3 kanye ne-DTLS 1.2, okuthi ngokusho konjiniyela ihlangene ngokuphindwe izikhathi ezingu-20 kunokuqaliswa okuvela ku-OpenSSL. Ihlinzeka nge-API yayo eyenziwe lula kanye nesendlalelo sokusebenzisana ne-OpenSSL API. Kukhona ukusekelwa kwe-OCSP (Iphrothokholi Yesimo Sesitifiketi Se-inthanethi) kanye ne-CRL (Uhlu Lokuhoxiswa Kwesitifiketi) ukuze kuhlolwe ukuhoxiswa kwesitifiketi.

Ukuqanjwa okuyinhloko kwe-wolfSSL 5.1.0:

  • Ukwesekwa kwenkundla okungeziwe: I-NXP SE050 (enokusekelwa kwe-Curve25519) kanye ne-Renesas RA6M4. Ku-Renesas RX65N/RX72N, usekelo lwe-TSIP 1.14 (Trusted Secure IP) lwengeziwe.
  • Kwengezwe amandla okusebenzisa i-post-quantum cryptography algorithms embobeni yeseva ye-Apache http. Ku-TLS 1.3, uhlelo lwesiginesha yedijithali ye-NIST engumjikelezo 3 we-FALCON selusetshenzisiwe. Ukuhlolwa okungeziwe kwe-cURL okuhlanganiswe kusukela ku-wolfSSL kumodi yokusebenzisa i-crypto-algorithms, ukumelana nokukhethwa kukhompuyutha ye-quantum.
  • Ukuqinisekisa ukuhambisana namanye amalabhulali nezinhlelo zokusebenza, usekelo lwe-NGINX 1.21.4 ne-Apache httpd 2.4.51 lwengezwe kusendlalelo.
  • Ukwesekwa okwengeziwe kwefulegi le-SSL_OP_NO_TLSv1_2 nemisebenzi SSL_CTX_get_max_early_data, SSL_CTX_set_max_early_data, SSL_set_max_early_data, SSL_get_max_early_data, SSL_CTX_clear_valuarly_mode, SSL_data_sSLtype_SSL-read_SSLtype_SSL-idatha_yokufundwa _bhala_indlebe kukhodi yokuhambisana kwe-OpenSSL ly_data.
  • Kwengezwe amandla okubhalisa umsebenzi wokuphinda ushayele esikhundleni sokusebenzisa okwakhelwe ngaphakathi kwe-algorithm ye-AES-CCM.
  • Kwengezwe i-WOLFSSL_CUSTOM_OID enkulu ukuze kukhiqizwe ama-OID angokwezifiso e-CSR (isicelo sokusayina isitifiketi).
  • Kungezwe usekelo lwamasiginesha e-deterministic ECC, anikwe amandla yi-FSSL_ECDSA_DETERMINISTIC_K_VARIANT macro.
  • Kwengezwe imisebenzi emisha wc_GetPubKeyDerFromCert, wc_InitDecodedCert, wc_ParseCert kanye ne-wc_FreeDecodedCert.
  • Ubungozi obubili obukalwe njengobukhulu obuphansi buxazululiwe. Ukuba sengozini kokuqala kuvumela ukuhlaselwa kwe-DoS kuhlelo lokusebenza lweklayenti ngesikhathi sokuhlasela kwe-MITM kuxhumo lwe-TLS 1.2. Ukuba sengozini kwesibili kuhlobene nethuba lokuthola ukulawula ukuqaliswa kabusha kweseshini yeklayenti lapho kusetshenziswa ummeleli osuselwe ku-wolfSSL noma uxhumo olungahloli lonke iketango lokwethembana kusitifiketi seseva.

Source: opennet.ru

Engeza amazwana