LibreSSL 3.8.0 ya zo tare da sauye-sauye da haɓaka da yawa

Darkcrizt

4 minti

LibreSSL

LibreSSL cokali mai yatsu na OpenSSL ne wanda aikin OpenBSD ya haɓaka.

Masu haɓaka aikin OpenBSD kwanan nan sun sanar da sakin fakitin mai ɗaukar hoto. "FreeSSL 3.8.0", sigar wanda canje-canje da yawa da haɓakawa aka mayar da hankali kan kwanciyar hankali da daidaitawa.

Ga waɗanda ba su san LibreSSL ba, ya kamata ku san cewa wannan aiwatar da tushen bude ido ne na yarjejeniya TLS suna haɓaka cokali mai yatsu na OpenSSL nufin samar da mafi girman matakin tsaro. An fara haɓaka LibreSSL azaman wanda aka yi niyya don maye gurbin OpenSSL akan OpenBSD, kuma an tura shi zuwa wasu dandamali da zarar an daidaita sigar ɗakin karatu.

Aikin LibreSSL yana mayar da hankali ga babban goyon baya ga ka'idodin SSL / TLS ta hanyar cire abubuwan da ba dole ba, ƙara ƙarin fasalulluka na tsaro, da mahimmancin tsaftacewa da sake yin aiki na tushen lambar.

Babban sabbin fasalulluka na LibreSSL 3.8.0

LibreSSL 3.8.0 ana la'akari da sigar gwaji wanda ke haɓaka ayyukan da za a haɗa tare da OpenBSD 7.4. A lokaci guda, an samar da tsayayyen nau'ikan LibreSSL 3.6.3 da 3.7.3, wanda aka gyara kwari iri-iri.

A cikin wannan sabon sigar LibreSSL 3.8.0, an haskaka hakan ingantattun daidaituwar endian.h tare da hto* da *toh macros, Baya ga ƙara da goyon baya ga SHA-2 da SHA-3 an yanke kuma an fara aikin tsaftace lambar SHA na ciki da sake yin aiki.

Wani sanannen canji shine sake rubuta ayyukan cikin gida BN_exp() da BN_copy(), da kuma maye gurbin aiwatar da aikin BN_mod_sqrt().

Baya ga wannan, an kuma yi nuni da cewa umarnin kara mai tarawa don gine-gine AMD64 yi amfani da umarnin endbr64 (Kashe Reshen Kai tsaye).

Hakanan an lura cewa an ƙara gyara don canjin tunani mara kyau a cikin OpenSSL 3 wanda ya karya tallafi don rabuwa da gata a cikin libtls, Bugu da ƙari, an aika lambar BoringSSL don tabbatar da ƙa'idodin da aka ayyana a cikin RFC 5280 kuma fassarar libcrypto ta ci gaba da amfani da mu'amalar CBB (bytebuilder) da CBS (bytestring).

A gefe guda, an nuna cewa an shigo da lambar tabbatar da manufofin BoringSSL RFC 5280 kuma an yi amfani da ita.
don maye gurbin tsohuwar lambar lokaci, ban da cire tallafi ga GF2m: BIGNUM tunda baya goyan bayan tsawaita binary, cire yawancin alamun jama'a waɗanda aka yanke a cikin OpenSSL 0.9.8.

Na sauran canje-canje wanda ya fice daga wannan sabon sigar:

  • API ɗin jama'a X9.31 da aka cire (RSA_X931_PADDING har yanzu yana nan).
  • An cire yanayin satar rubutu.
  • An cire tallafi don SXNET da NETSCAPE_CERT_SEQUENCE, gami da
    openssl (1) umarni nseq.
  • An zubar da takardar shaidar wakili (RFC 3820).
  • POLICY_TREE da sifofi masu alaƙa da APIs an cire su.
  • Kafaffen binciken kwaro don i2d_ECDSA_SIG() a cikin ossl_ecdsa_sign().
  • Kafaffen gano ayyukan tsawaitawa (XOP) akan kayan aikin AMD.
  • Kafaffen sarrafa kuskure a cikin tls_check_common_name().
  • An ƙara ɓarna mai nuni a cikin SSL_free().
  • Kafaffen X509err() da X509V3err() da nau'ikan su na ciki.
  • Mahimman ingantattun kewayon gwaji na BN_mod_sqrt() da GCD.
  • Kamar koyaushe, ana ƙara sabon ɗaukar hoto yayin da aka gyara kwari da ƙananan tsarin
    ana tsaftace su.

A ƙarshe, idan kuna sha'awar ƙarin sani game da shi, zaku iya tuntuɓar cikakkun bayanai A cikin mahaɗin mai zuwa.

Yadda ake shigar da sabon sigar LibreSSL?

Ga masu sha'awar samun damar shigar da wannan sabon sigar, ya kamata su sani cewa a halin yanzu bai kai ga yawancin rarrabawar Linux ba, don haka shigarwa a halin yanzu akwai. harhada kunshin da kanku.

Amma kar ku damu, LibreSSL yana ginawa Abu ne mai sauqi qwarai kuma don wannan kawai dole ne ku buɗe tasha kuma gudanar da umarni masu zuwa (dole ne ku sami abubuwan dogaro masu zuwa ta atomatik, autoconf, git, libtool, perl da git).

Abu na farko shine samun lambar tushe, wanda zaku iya yi da wannan umarni:

git clone https://github.com/libressl/portable.git

Da zarar an yi haka, yanzu za mu shirya hanyar da za mu aiwatar da harhadawa, don haka sai mu shigar da babban fayil ɗin da ke ɗauke da lambar tushe na LibreSSL kuma za mu rubuta:

cd šaukuwa ./autogen.sh ./dist.sh

Da zarar an yi haka, za mu ci gaba da haɗawa da:

./configure make check make install

Ko kuma idan kun fi son yin shi tare da CMake:

mkdir gina cd gina cmake .. make make test

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.