OpenSSL 3.0.0 los nrog tus tswv tsev ntawm kev hloov pauv loj thiab txhim kho

Tom qab peb xyoos ntawm kev txhim kho thiab 19 qhov kev sim sim qhov kev tso tawm tshiab ntawm OpenSSL 3.0.0 tau tshaj tawm tsis ntev los no uas muaj ntau dua 7500 qhov kev hloov pauv tau pab los ntawm 350 tus tsim tawm thiab uas tseem sawv cev rau kev hloov pauv tseem ceeb hauv tus lej version thiab qhov ntawd yog vim kev hloov pauv mus rau cov lej ib txwm muaj.

Txij tam sim no, thawj tus lej (Loj) hauv tus lej xov tooj yuav hloov tsuas yog thaum kev sib raug zoo raug ua txhaum ntawm API / ABI qib, thiab tus thib ob (Me Me) thaum ua haujlwm tau nce ntxiv yam tsis hloov API / ABI. Kev hloov kho tshiab yuav xa nrog tus lej thib peb (thaj) hloov pauv. Tus lej 3.0.0 tau xaiv tam sim ntawd tom qab 1.1.1 kom tsis txhob muaj kev sib tsoo nrog FIPS tus qauv hauv kev txhim kho rau OpenSSL, uas tau suav tus lej 2.x.

Qhov kev hloov loj thib ob rau txoj haujlwm yog hloov los ntawm daim ntawv tso cai ob (OpenSSL thiab SSLeay) rau daim ntawv tso cai Apache 2.0. Cov ntawv tso cai OpenSSL ib txwm siv yav dhau los yog ua raws li qub Apache 1.0 daim ntawv tso cai thiab yuav tsum tau hais qhia meej txog OpenSSL hauv cov khoom txhawb nqa thaum siv OpenSSL cov tsev qiv ntawv, thiab tshwj xeeb yog tias OpenSSL tau xa nrog cov khoom.

Cov kev cai no ua rau daim ntawv tso cai yav dhau los tsis sib xws nrog GPL, ua rau nws nyuaj siv OpenSSL hauv GPL cov ntawv tso cai ua haujlwm. Txhawm rau hla qhov kev tsis sib xws no, GPL cov haujlwm tau yuam kom tswj hwm cov ntawv cog lus tshwj xeeb, uas cov ntawv tseem ceeb ntawm GPL tau ntxiv nrog cov lus qhia meej meej tso cai rau daim ntawv thov txuas rau OpenSSL lub tsev qiv ntawv thiab hais tias GPL tsis siv rau kev khi rau OpenSSL .

Dab tsi tshiab hauv OpenSSL 3.0.0

Rau ib feem ntawm qhov tshiab uas tau nthuav tawm hauv OpenSSL 3.0.0 peb tuaj yeem pom qhov ntawd ib qho tshiab FIPS module tau thov, que suav nrog kev ua tiav ntawm cryptographic algorithms uas ua tau raws li FIPS 140-2 kev nyab xeeb tus qauv (txheej txheem ntawv pov thawj txheej txheem tau npaj yuav pib rau lub hlis no, thiab FIPS 140-2 daim ntawv pov thawj xav tau nyob rau xyoo tom ntej). Tus qauv tshiab yog siv tau yooj yim dua thiab txuas rau ntau daim ntawv thov yuav tsis nyuaj dua li hloov pauv cov ntawv teeb tsa. Los ntawm lub neej ntawd, FIPS yog neeg xiam oob khab thiab xav kom muaj peev xwm-fips xaiv kom qhib tau.

Hauv libcrypto lub tswv yim ntawm cov chaw muab kev pabcuam sib txuas tau ua tiav uas hloov lub tswv yim ntawm cov cav (ENGINE API tau tsis pom zoo). Nrog kev pab los ntawm cov neeg muag khoom, koj tuaj yeem ntxiv koj tus kheej cov txheej txheem kev teeb tsa rau kev ua haujlwm xws li encryption, decryption, tseem ceeb tiam, MAC suav, tsim thiab pov thawj ntawm cov kos npe digital.

Nws tseem hais txog qhov ntawd ntxiv kev txhawb nqa rau CMP, que Nws tuaj yeem siv los thov daim ntawv pov thawj los ntawm CA server, txuas ntxiv daim ntawv pov thawj, thiab thim daim ntawv pov thawj. Ua haujlwm nrog CMP tau ua tiav los ntawm cov cuab yeej siv tshiab openssl-cmp, uas tseem siv kev txhawb nqa rau CRMF hom ntawv thiab xa cov lus thov hla HTTP / HTTPS.

Tsis tas li ntawd Kev tsim kho lub ntsej muag tshiab rau cov cim tseem ceeb tau npaj tseg: EVP_KDF (Key Derivation Function API), uas yooj yim rau kev koom nrog KDF tshiab thiab PRF kev coj ua. Lub qub EVP_PKEY API, dhau los ntawm qhov scrypt, TLS1 PRF thiab HKDF cov txheej txheem tau muaj, tau rov tsim dua los ua txheej txheej nruab nrab siv rau saum EVP_KDF thiab EVP_MAC APIs.

Thiab hauv kev ua raws li cov txheej txheem TLS muab lub peev xwm los siv TLS tus thov thiab server ua rau hauv Linux kernel kom ceev cov haujlwm. Txhawm rau ua kom TLS siv los ntawm Linux kernel, "SSL_OP_ENABLE_KTLS" xaiv lossis "enable-ktls" teeb tsa yuav tsum tau qhib.

Ntawm qhov tod tes nws tau hais tias ib feem tseem ceeb ntawm API tau raug hloov mus rau pawg tsis pom zoo- Kev siv cov lus tsis txaus ntseeg hauv txoj haujlwm yuav ua rau muaj lus ceeb toom thaum muab tso ua ke. Cov Qib qis API txuas rau qee yam algorithms tau raug tshaj tawm tias tsis siv sijhawm.

Kev txhawb nqa raug cai hauv OpenSSL 3.0.0 tam sim no tsuas yog muab rau qib siab EVP APIs, kos los ntawm qee yam ntawm cov txheej txheem (cov API no suav nrog, piv txwv li, EVP_EncryptInit_ex, EVP_EncryptUpdate, thiab EVP_EncryptFinal functions). Cov APIs uas tsis siv lawm yuav raug tshem tawm hauv ib qho ntawm cov ntawv tshaj tawm tom ntej. Kev siv cov txheej txheem qub txeeg qub teg, xws li MD2 thiab DES, muaj los ntawm EVP API, tau raug tsiv mus rau qhov sib cais "legacy" module, uas yog xiam oob qhab los ntawm lub neej ntawd.

Thaum kawg yog koj xav paub txog ntxiv, koj tuaj yeem tshawb xyuas cov ntsiab lus Hauv txuas hauv qab no.


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

Yog thawj tus tuaj tawm tswv yim

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm. Yuav tsum tau teb cov cim nrog *

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.