I-LibreSSL 3.8.0 ifika neenguqu ezininzi kunye nophuculo

Darkcrizt

Imizuzu ye4

I-FreeSSL

I-LibreSSL yifolokhwe ye-OpenSSL ephuhliswe yiprojekthi ye-OpenBSD.

Abaphuhlisi beprojekthi ye-OpenBSD kutshanje babhengeze ukukhutshwa koshicilelo oluphathwayo lwephakheji. "FreeSSL 3.8.0", inguqulelo apho utshintsho oluninzi kunye nophuculo olujoliswe kuzinzo kunye nokuhambelana luye lwenziwa.

Kwabo bangayazi i-LibreSSL, kuya kufuneka uyazi ukuba oku luphumezo lomthombo ovulekileyo yomgaqo I-TLS iphuhlisa ifolokhwe ye-OpenSSL kujongwe ukubonelela ngenqanaba eliphezulu lokhuseleko. I-LibreSSL yaqala yaphuhliswa njengenjongo yokutshintshwa kwe-OpenSSL kwi-OpenBSD, kwaye yathunyelwa kwamanye amaqonga kanye nje ukuba ithala leencwadi lizinzisiwe.

Iprojekthi ye-LibreSSL igxile kwinkxaso ephezulu ye-SSL / TLS protocol ngokususa iimpawu ezingadingekile, ukongeza iimpawu ezongezelelweyo zokhuseleko, kunye nokucoca okubalulekileyo kunye nokusebenza kwakhona kwesiseko sekhowudi.

Iimpawu ezintsha eziphambili ze-LibreSSL 3.8.0

LibreSSL uguqulelo 3.8.0 kuthathwa njengenguqulelo yovavanyo ephuhlisa imisebenzi eya kubandakanywa ne-OpenBSD 7.4. Ngelo xesha, iinguqulelo ezizinzileyo ze-LibreSSL 3.6.3 kunye ne-3.7.3 zenziwe, apho iibhugi ezahlukeneyo zalungiswa.

Kule nguqulo entsha ye-LibreSSL 3.8.0, igxininiswe ukuba ukuphuculwa kokuhambelana kwe-endian.h kunye nehto* kunye *toh macros, Ukongeza ukongeza i inkxaso ye-SHA-2 kunye ne-SHA-3 icutshiwe kwaye inkqubo yangaphakathi ye-SHA yokucoca kunye nenkqubo yokuphinda iqale.

Olunye utshintsho oluphawulekayo yimisebenzi yangaphakathi ebhalwe ngokutsha BN_exp () kunye ne-BN_copy (), kunye nokubuyisela ukuphunyezwa kwe-BN_mod_sqrt () umsebenzi.

Ukongeza koku, kukwagxininiswa ukuba imiyalelo yongezwa assembler yezokwakha I-AMD64 isebenzisa imiyalelo ye-endbr64 (Cima iSetyana elingathanga ngqo).

Kukwaphawulwe ukuba yongezwa ukulungiswa kotshintsho olungacingelwanga kakuhle kwi-OpenSSL 3 eye yaphula inkxaso yokwahlulwa kwamalungelo kwii-libtls, Ukongeza, ikhowudi ye-BoringSSL yafakwa ukuze kuqinisekiswe imigaqo echazwe kwi-RFC 5280 kunye nenguqulelo ye-libcrypto iyaqhubeka nokusebenzisa i-CBB (bytebuilder) kunye ne-CBS (bytestring) i-interfaces.

Kwelinye icala, kugxininiswe ukuba ikhowudi yokuqinisekisa umgaqo-nkqubo we-BoringSSL RFC 5280 yangeniswa kwaye yasetyenziswa.
ukubuyisela ikhowudi yexesha elidala lophawulo, ukongeza ekususeni inkxaso ye-GF2m:BIGNUM kuba ayiluxhasi ulwandiso lokubini, ukususa uninzi lweempawu zoluntu ebeziyehlisiwe kwi-OpenSSL 0.9.8.

Olunye utshintsho evelele kule nguqulo intsha:

  • Isusiwe X9.31 public API (RSA_X931_PADDING is still available).
  • Isusiwe imowudi yokubiwa kwe-ciphertext.
  • Isusiwe inkxaso ye-SXNET kunye ne-NETSCAPE_CERT_SEQUENCE, kuquka
    openssl(1) umyalelo nseq.
  • Isiqinisekiso sommeli esiwisiweyo (RFC 3820) inkxaso.
  • POLICY_TREE kunye nezakhiwo ezinxulumeneyo kunye nee-APIs zisusiwe.
  • Kulungiswe ibug check ye i2d_ECDSA_SIG() kwi ossl_ecdsa_sign().
  • Ubhaqo olusisigxina lwemisebenzi eyandisiweyo (XOP) kwi-AMD hardware.
  • Ukuphatha imposiso elungisiweyo kwi tls_check_common_name().
  • Kongezwe ukungasebenzi kwesalathisi kwi-SSL_free().
  • Fixed X509err () kunye X509V3err () kunye neenguqulelo zabo zangaphakathi.
  • Kuphuculwe kakhulu ukugqunywa kovavanyo lwe-BN_mod_sqrt() kunye ne-GCD.
  • Njengesiqhelo, ukhuselo lovavanyo olutsha longezwa njengoko iibugs kunye ne-subsystems zilungiswa
    ziyacocwa.

Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, unokujonga kwiinkcukacha Kule khonkco ilandelayo.

Uyifaka njani inguqulelo entsha yeLibreSSL?

Kwabo banomdla wokukwazi ukufaka olu guqulelo lutsha, kufuneka bazi ukuba okwangoku ayikafikeleli kunikezelo oluninzi lweLinux, ke ukufakela okukhoyo ngoku. uqokelele iphakheji ngokwakho.

Kodwa ungakhathazeki, i-LibreSSL yakha Kulula kakhulu kwaye oku kufuneka uvule kuphela i-terminal kwaye usebenzise le miyalelo ilandelayo (kufuneka ube nezi zixhomekeko zilandelayo automake, autoconf, git, libtool, perl kunye git).

Into yokuqala kukufumana ikhowudi yemvelaphi, onokuyenza ngalo myalelo:

git clone https://github.com/libressl/portable.git

Nje ukuba kwenziwe oku, ngoku siza kulungiselela indlela yokwenza udibaniso, kuba sifaka ifolda equlethe ikhowudi yomthombo weLibreSSL kwaye siza kuchwetheza:

cd ephathekayo ./autogen.sh ./dist.sh

Nje ukuba kwenziwe oku, siqhubela phambili nokuqokelela kunye:

./configure yenza itshekhi yenza ukuhlohla

Okanye ukuba ukhetha ukuyenza ngeCMake:

mkdir yakha i-cd yakha i-cmake .. yenza uvavanyo

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.