Abathuthukisi bephrojekthi ye-OpenBSD bethule ukukhishwa kohlelo oluphathwayo lwephakheji ye-LibreSSL 3.7.0, lapho kuthuthukiswa khona imfoloko ye-OpenSSL, okuhloswe ngayo ukuhlinzeka ngezinga eliphezulu lokuphepha. Iphrojekthi ye-LibreSSL igxile ekusekelweni kwekhwalithi ephezulu kwezivumelwano ze-SSL/TLS ngokususa ukusebenza okungadingekile, ukwengeza izici zokuphepha ezengeziwe, nokuhlanza ngokuphawulekayo nokusebenza kabusha isisekelo sekhodi. I-LibreSSL 3.7.0 ithathwa njengokukhishwa kokuhlola okuthuthukisa izici ezizofakwa ku-OpenBSD 7.3.
Izici ze-LibreSSL 3.7.0:
- Ukwesekwa okwengeziwe kwesiginesha yedijithali yokhiye womphakathi we-Ed25519 ethuthukiswe nguDaniel Bernstein futhi kusekelwe ku-Curve25519 elliptic curve kanye ne-SHA-512 hash. Ukwesekwa kwe-Ed25519 kuyatholakala kokubili ngendlela yakudala ehlukile nangesixhumi esibonakalayo se-EVP.
- Isixhumi esibonakalayo se-EVP sengeze usekelo lwamasiginesha edijithali ye-X25519, ehlukile kumasiginesha e-Ed25519 ngokusebenzisa izixhumanisi ezithi βXβ kuphela lapho ushintsha amaphuzu kujika eliyi-elliptic, elinganciphisa kakhulu inani lekhodi edingekayo ukuze udale futhi uqinisekise amasiginesha.
- I-API yezinga eliphansi yokusebenza ngokhiye basesidlangalaleni nabayimfihlo, ehambisana ne-OpenSSL 1.1, isetshenzisiwe, isekela okhiye EVP_PKEY_ED25519, EVP_PKEY_HMAC kanye ne-EVP_PKEY_X25519.
- Esikhundleni sezinhlelo zokusebenza zesistimu timegm() kanye ne-gmtime(), imisebenzi ye-POSIX esuka ku-BoringSSL isetshenziselwa ukuguqula amadethi.
- Umtapo wolwazi we-BN (BigNum) uhlanze ikhodi endala nengasetshenziswanga esebenza nezinombolo ezibalulekile.
- Kususwe usekelo lwe-HMAC PRIVATE KEY.
- Ikhodi yangaphakathi esetshenziswe kabusha yokudala nokuqinisekisa amasiginesha e-DSA.
- Ikhodi yokuthekelisa okhiye ye-TLSv1.2 ibhalwe kabusha.
- Isitaki esidala se-TLS sihlanziwe futhi sasebenza kabusha.
- Ukuziphatha kwemisebenzi ye-BIO_read() kanye ne-BIO_write() kuseduze ne-OpenSSL 3.]
Source: opennet.ru