OpenSSL 3.0.0 inouya neyakawandisa shanduko huru uye zvinowedzera

Darkcrizt

4 maminitsi

Mushure memakore matatu ekuvandudza uye gumi neshanu ekuedzwa shanduro kuburitswa kweshanduro nyowani yeOpenSSL 3.0.0 kwakaziviswa nguva pfupi yadarika izvo ine zvinopfuura 7500 shanduko yakapihwa nevakagadziri mazana matatu uye izvo zvakare zvinomiririra shanduko yakakosha muhuwandu hweshanduro uye izvo zvinokonzeresa kuchinjira kuchinyakare kuverenga.

Kubva ikozvino zvichienda mberi, iyo yekutanga manhamba (Makuru) muiyo vhezheni nhamba inozochinja chete kana kuwirirana kuchityorwa padanho re API / ABI, uye wechipiri (Mudiki) kana mashandiro akawedzerwa pasina kushandura API / ABI. Kugadziridza kugadzirisa kunozotumira neyechitatu digit (chigamba) shanduko. Iyo nhamba 3.0.0 yakasarudzwa nekukurumidza mushure me1.1.1 kudzivirira kukonana neiyo module module iri kuvandudzwa yeOpenSSL, yaive nenhamba 2.x.

Shanduko yechipiri huru yeprojekiti yaive iyo shanduko kubva kuiri rezinesi (OpenSSL uye SSLeay) kune rezinesi reApache 2.0. Iyo yemuno OpenSSL rezinesi yakamboshandiswa yaive yakavakirwa panhaka yeApache 1.0 rezinesi uye yaida kutaurwa kwakajeka kweOpenSSL muzvigadzirwa zvekusimudzira kana uchishandisa raibhurari yeOpenSSL, uye chinyorwa chakakosha kana OpenSSL yakatumirwa nechigadzirwa.

Izvi zvinodiwa zvakaita kuti rezinesi rapfuura risaenderane neGPL, zvichiita kuti zviome kushandisa OpenSSL muzvirongwa zveGPL zvine rezinesi. Kudzora kusapindirana uku, zvirongwa zveGPL zvakamanikidzwa kuisa zvibvumirano zverezinesi, umo chinyorwa chikuru cheGPL chakawedzerwa nechikamu chakanyatso bvumidza iko kunyorera kuti ubatanidze raibhurari yeOpenSSL uye uchitaura kuti GPL haishande pakusunga OpenSSL.

Chii chitsva muOpenSSL 3.0.0

Kune chikamu chezvinhu zvitsva zvinoratidzwa muOpenSSL 3.0.0 tinogona kuzviwana izvo module nyowani yeModhi yakurudzirwa, , que inosanganisira kuiswa kwe cryptographic algorithms inosangana neyakagadziriswa 140-2 standard chiyero (iyo module certification maitiro inorongwa kutanga mwedzi uno, uye FIPS 140-2 chitupa chinotarisirwa gore rinouya). Iyo module nyowani iri nyore kushandisa uye kubatanidza kune akawanda mafomu hakuzove kwakaoma kupfuura kuchinja iyo yekumisikidza faira. Nekutadza, FIPS yakaremara uye inoda iyo yekugonesa-fips sarudzo kuti igoneswe.

Mu libcrypto pfungwa yevakabatana masevhisi evashandi yakaitwa iyo yakatsiva pfungwa yeinjini (iyo ENGINE API yakadzikiswa). Nerubatsiro rwevatengesi, iwe unogona kuwedzera yako wega algorithm mashandiro ezvekuita senge encryption, decryption, kiyi yekugadzira, MAC kuverenga, kugadzira uye kuongorora kwemadhijitari edigital.

Izvo zvakare zvakasimbiswa izvo yakawedzera rutsigiro rweCMPque Inogona kushandiswa kukumbira zvitupa kubva kuCA server, kugadzirisa zvitupa, uye kudzosera zvitupa. Kushanda neCMP kunoitwa neiyo nyowani yekushandisa kuvhura-cmp, iyo zvakare inoshandisa rutsigiro rweCRMF fomati uye kufambiswa kwezvikumbiro pamusoro peHTTP / HTTPS.

Mukuwedzera Iyo nyowani yekuronga interface yechakakosha chizvarwa yakafemerwa: EVP_KDF (Key Derivation Function API), iyo inorerutsa kukwira kweKDF nyowani nePRF kuita. Iyo yekare EVP_PKEY API, kuburikidza neiyo scrypt algorithms, TLS1 PRF uye HKDF yaiwanikwa, yakagadziriswazve seyakaganhurirwa dura inoitwa pamusoro peEvP_KDF uye EVP_MAC APIs.

Uye mukuitwa kweprotocol TLS inopa kugona kushandisa iyo TLS mutengi uye server yakavakirwa muLinux kernel kukurumidzisa mashandiro. Kugonesa kuitiswa kweTLS kunopihwa neLinux kernel, sarudzo ye "SSL_OP_ENABLE_KTLS" kana iyo "enable-ktls" seti inofanira kupihwa mukana.

Kune rimwe divi zvinotaurwa izvo chikamu chakakosha cheAPI chaendeswa kuboka rakadzingwa- Uchishandisa kudzikisira kufona mukodhi yeprojekiti kuchagadzira yambiro panguva yekubatanidzwa. Iyo Yakadzika chikamu API yakabatana nemamwe algorithms zvakaziviswa zviri pamutemo kuti hazvichashandi.

Rutsigiro rwepamutemo muOpenSSL 3.0.0 parizvino rwapihwa chete kune epamusoro-chikamu EVP APIs, yakatorwa kubva kune mamwe marudzi ealgorithms (iyi API inosanganisira, semuenzaniso, iyo EVP_EncryptInit_ex, EVP_EncryptUpdate, uye EVP_EncryptFinal mabasa). MaAPI asingachashandi anozobviswa mune imwe yeinotevera kuburitswa kukuru. Maitiro ealgorithm algorithm, akadai seMDC2 neDES, anowanikwa kuburikidza neEVP API, akaendeswa kune imwe "nhaka" module, iyo yakaremara nekutadza.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako