Abathuthukisi bephrojekthi ye-OpenBSD basanda kumemezela ukukhishwa kwenguqulo ephathekayo yephakheji. "FreeSSL 3.8.0", inguqulo lapho izinguquko ezimbalwa kanye nokuthuthukiswa okugxile ekuzinzeni nasekuhambisaneni kwenziwe.
Kulabo abangazi nge-LibreSSL, kufanele wazi ukuthi lokhu iwukusebenzisa umthombo ovulekile yephrothokholi I-TLS ithuthukisa imfoloko ye-OpenSSL okuhloswe ngayo ukunikeza izinga eliphezulu lokuphepha. I-LibreSSL ekuqaleni yathuthukiswa njengokuhloswe ukuthi imiselele i-OpenSSL ku-OpenBSD, futhi yathuthelwa kwezinye izinkundla lapho inguqulo yelabhulali ekhishiwe isizinzile.
Iphrojekthi ye-LibreSSL igxile ekusekelweni kwekhwalithi ephezulu kwezivumelwano ze-SSL/TLS ngokususa izici ezingadingekile, ukwengeza izici zokuphepha ezengeziwe, nokuhlanza okubalulekile nokusebenza kabusha kwe-codebase.
Izici ezintsha eziphambili ze-LibreSSL 3.8.0
Inguqulo ye-LibreSSL 3.8.0 kuthathwa njengenguqulo yokuhlola ethuthukisa imisebenzi ezofakwa ne-OpenBSD 7.4. Ngesikhathi esifanayo, izinguqulo ezizinzile ze-LibreSSL 3.6.3 ne-3.7.3 zakhiwe, lapho izimbungulu ezihlukahlukene zalungiswa khona.
Kule nguqulo entsha ye-LibreSSL 3.8.0, kugqanyiswe lokho ukuhambisana okuthuthukisiwe kwe-endian.h ne-hto* kanye *nama-toh macros, Ngaphezu kokwengeza i- ukusekelwa kwe-SHA-2 ne-SHA-3 kuncishisiwe futhi inqubo yangaphakathi yokuhlanza ikhodi ye-SHA kanye nokusebenza kabusha isiqalile.
Olunye ushintsho oluphawulekayo imisebenzi yangaphakathi ebhalwe kabusha ethi BN_exp() kanye ne-BN_copy(), kanye nokufaka esikhundleni sokusetshenziswa komsebenzi we-BN_mod_sqrt().
Ngaphezu kwalokhu, kubuye kugqanyiswe ukuthi imiyalelo yengeziwe assembler for architecture I-AMD64 isebenzisa imiyalelo ye-endbr64 (Yeka Igatsha Elingaqondile).
Kuyaziwa futhi ukuthi ingeziwe ukulungiswa koshintsho olungacatshangwanga kahle ku-OpenSSL 3 oluphule ukusekelwa kokuhlukaniswa kwamalungelo kuma-libtl, Ngaphezu kwalokho, ikhodi ye-BoringSSL yafakwa ukuze kuqinisekiswe imithetho echazwe ku-RFC 5280 futhi ukuhumusha kwe-libcrypto kuyaqhubeka nokusebenzisa i-CBB (bytebuilder) kanye ne-CBS (bytestring) yokuxhumana.
Ngakolunye uhlangothi, kugqanyiswe ukuthi ikhodi yokuqinisekisa inqubomgomo ye-BoringSSL RFC 5280 yangeniswa futhi yasetshenziswa.
ukufaka esikhundleni sekhodi yesikhathi yomchazi omdala, ngaphezu kokususa usekelo lwe-GF2m:BIGNUM njengoba ingasisekeli isandiso esinambambili, isusa iningi lamasimbuli asesidlangalaleni aye ahoxiswa ku-OpenSSL 0.9.8.
Kwezinye izinguquko okuvelele kule nguqulo entsha:
- Kususwe i-X9.31 public API (RSA_X931_PADDING isatholakala).
- Kukhishwe imodi yokweba i-ciphertext.
- Kususwe usekelo lwe-SXNET ne-NETSCAPE_CERT_SEQUENCE, okuhlanganisa
openssl(1) umyalo nseq. - Isitifiketi sommeleli esiwisiwe (RFC 3820) sisekela.
- I-POLICY_TREE kanye nezakhiwo zayo ezihlobene nama-API kususiwe.
- Kulungiswe ukuhlolwa kwesiphazamisi kwe-i2d_ECDSA_SIG() ku-ossl_ecdsa_sign().
- Ukutholwa okugxilile kokusebenza okunwetshiwe (XOP) kuhadiwe ye-AMD.
- Kulungiswe ukuphathwa kwephutha kokuthi tls_check_common_name().
- Kwengezwe ukungasebenzi kwesikhombi esingekho kokuthi SSL_free().
- I-X509err() elungisiwe kanye ne-X509V3err() nezinguqulo zayo zangaphakathi.
- Ukufakwa kokuhlolwa okuthuthuke kakhulu kwe-BN_mod_sqrt() ne-GCD.
- Njengenjwayelo, ukufakwa kokuhlola okusha kuyengezwa njengoba kulungiswa iziphazamisi namasistimu angaphansi
ziyahlanzwa.
Ekugcineni, uma unentshisekelo yokwazi kabanzi ngakho, ungaxhumana nemininingwane Kulesi sixhumanisi esilandelayo.
Ungayifaka kanjani inguqulo entsha ye-LibreSSL?
Kulabo abanentshisekelo yokukwazi ukufaka le nguqulo entsha, kufanele bazi ukuthi okwamanje ayikafinyeleli ekusabalaliseni okuningi kwe-Linux, ngakho ukufakwa okutholakalayo njengamanje uhlanganise iphakheji uwedwa.
Kepha ungakhathazeki, i-LibreSSL yakha Kulula kakhulu futhi lokhu kufanele uvule kuphela ukuphela bese usebenzisa imiyalo elandelayo (kufanele ube nokuncika okulandelayo okuzenzakalelayo, i-autoconf, i-git, i-libtool, i-perl ne-git).
Into yokuqala ukuthola ikhodi yomthombo, ongayenza ngalo myalo:
git clone https://github.com/libressl/portable.git
Uma lokhu sekwenziwe, manje sizolungisa indlela yokwenza ukuhlanganiswa, ngoba lokhu sifaka ifolda equkethe ikhodi yomthombo ye-LibreSSL futhi sizobhala:
cd ephathekayo ./autogen.sh ./dist.sh
Uma lokhu sekwenziwe, siyaqhubeka nokuhlanganisa:
./configure yenza isheke faka
Noma uma ukhetha ukukwenza nge-CMake:
mkdir yakha i-cd yakha i-cmake .. yenza ukuhlola