I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukukhishwa kwe-OpenSSL 3.1.0 Cryptographic Library

Ukukhishwa kwe-OpenSSL 3.1.0 Cryptographic Library

Ngemva konyaka nengxenye yokuthuthukiswa, umtapo wezincwadi we-OpenSSL 3.1.0 wakhululwa ngokusetshenziswa kwezivumelwano ze-SSL/TLS kanye nama-algorithms okubethela ahlukahlukene. I-OpenSSL 3.1 izosekelwa kuze kube uMashi 2025. Ukusekelwa kwamagatsha adlule e-OpenSSL 3.0 kanye ne-1.1.1 kuzoqhubeka kuze kube uSepthemba 2026 noSepthemba 2023, ngokulandelana. Ikhodi yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0.

Okuqanjiwe okuyinhloko kwe-OpenSSL 3.1.0:

  • Imojuli ye-FIPS isekela ama-cryptographic algorithm athobelana nezinga lokuvikeleka le-FIPS 140-3. Inqubo yesitifiketi semojuli isiqalile ukuthola isitifiketi sokuhambisana nezidingo ze-FIPS 140-3. Kuze kuphele ukunikezwa isitifiketi, ngemva kokubuyekeza i-OpenSSL ibe yigatsha 3.1, abasebenzisi bangaqhubeka nokusebenzisa imojula ye-FIPS egunyazwe ku-FIPS 140-2. Phakathi kwezinguquko zenguqulo entsha yemojula, ukufakwa kwe-Triple DES ECB, Triple DES CBC kanye ne-EdDSA algorithms, okungakahlolelwa ukuhambisana nezidingo ze-FIPS, kuyaphawulwa. Inguqulo entsha iphinda ihlanganise ukulungiselelwa kokuthuthukisa ukusebenza kanye nokushintshela ekusebenziseni izivivinyo zangaphakathi njalo uma imojuli ilayishwa, hhayi nje ngemva kokufakwa.
  • Ikhodi ye-OSSL_LIB_CTX isisetshenzwe kabusha. Inketho entsha iqeda ukuvinjwa okungadingekile futhi ivumela ukusebenza okuphezulu.
  • Ukusebenza okuthuthukisiwe kwesifaki khodi nezinhlaka zesikhiphi khodi.
  • Ukwenziwa ngcono kokusebenza okuhlobene nokusetshenziswa kwezakhiwo zangaphakathi (amathebula e-hashi) kanye nokugcinwa kwesikhashana sekwenziwe.
  • Isivinini sokukhiqiza okhiye be-RSA kumodi ye-FIPS sinyusiwe.
  • Ngezakhiwo ezihlukahlukene zamaphrosesa, ukulungiselelwa komhlangano othize kwethulwe ekusetshenzisweni kwe-algorithms ye-AES-GCM, ChaCha20, SM3, SM4 kanye ne-SM4-GCM. Isibonelo, ikhodi ye-AES-GCM isheshiswa kusetshenziswa i-AVX512 vAES nemiyalo ye-vPCLMULQDQ.
  • I-KBKDF (Umsebenzi Wokutholwa Kokhiye Osekelwe Kukhiye) manje isekela i-algorithm ye-KMAC (KECCAK Message Authentication Code).
  • Imisebenzi ehlukahlukene ye-"OBJ_*" ishintshwa ukuze isetshenziswe kukhodi enezintambo eziningi.
  • Kwengezwe ikhono lokusebenzisa imiyalelo ye-RNDR namarejista e-RNDRRS, atholakala kumaphrosesa asekelwe ekwakhiweni kwe-AArch64, ukuze kukhiqizwe izinombolo mbumbulu.
  • Imisebenzi OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usge_bio, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio kanye ne-OPENSSL_LH_node_usage_stats_bio yehlisiwe. I-DEFINE_LHASH_OF macro yehlisiwe.

Source: opennet.ru

Engeza amazwana