I-LibreSSL 3.8.0 ifika nezinguquko eziningi nentuthuko

Darkcrizt

Imizuzu ye-4

Mahhala

I-LibreSSL iyimfoloko ye-OpenSSL eyakhiwe iphrojekthi ye-OpenBSD.

Abathuthukisi bephrojekthi ye-OpenBSD basanda kumemezela ukukhishwa kwenguqulo ephathekayo yephakheji. "FreeSSL 3.8.0", inguqulo lapho izinguquko ezimbalwa kanye nokuthuthukiswa okugxile ekuzinzeni nasekuhambisaneni kwenziwe.

Kulabo abangazi nge-LibreSSL, kufanele wazi ukuthi lokhu iwukusebenzisa umthombo ovulekile yephrothokholi I-TLS ithuthukisa imfoloko ye-OpenSSL okuhloswe ngayo ukunikeza izinga eliphezulu lokuphepha. I-LibreSSL ekuqaleni yathuthukiswa njengokuhloswe ukuthi imiselele i-OpenSSL ku-OpenBSD, futhi yathuthelwa kwezinye izinkundla lapho inguqulo yelabhulali ekhishiwe isizinzile.

Iphrojekthi ye-LibreSSL igxile ekusekelweni kwekhwalithi ephezulu kwezivumelwano ze-SSL/TLS ngokususa izici ezingadingekile, ukwengeza izici zokuphepha ezengeziwe, nokuhlanza okubalulekile nokusebenza kabusha kwe-codebase.

Izici ezintsha eziphambili ze-LibreSSL 3.8.0

Inguqulo ye-LibreSSL 3.8.0 kuthathwa njengenguqulo yokuhlola ethuthukisa imisebenzi ezofakwa ne-OpenBSD 7.4. Ngesikhathi esifanayo, izinguqulo ezizinzile ze-LibreSSL 3.6.3 ne-3.7.3 zakhiwe, lapho izimbungulu ezihlukahlukene zalungiswa khona.

Kule nguqulo entsha ye-LibreSSL 3.8.0, kugqanyiswe lokho ukuhambisana okuthuthukisiwe kwe-endian.h ne-hto* kanye *nama-toh macros, Ngaphezu kokwengeza i- ukusekelwa kwe-SHA-2 ne-SHA-3 kuncishisiwe futhi inqubo yangaphakathi yokuhlanza ikhodi ye-SHA kanye nokusebenza kabusha isiqalile.

Olunye ushintsho oluphawulekayo imisebenzi yangaphakathi ebhalwe kabusha ethi BN_exp() kanye ne-BN_copy(), kanye nokufaka esikhundleni sokusetshenziswa komsebenzi we-BN_mod_sqrt().

Ngaphezu kwalokhu, kubuye kugqanyiswe ukuthi imiyalelo yengeziwe assembler for architecture I-AMD64 isebenzisa imiyalelo ye-endbr64 (Yeka Igatsha Elingaqondile).

Kuyaziwa futhi ukuthi ingeziwe ukulungiswa koshintsho olungacatshangwanga kahle ku-OpenSSL 3 oluphule ukusekelwa kokuhlukaniswa kwamalungelo kuma-libtl, Ngaphezu kwalokho, ikhodi ye-BoringSSL yafakwa ukuze kuqinisekiswe imithetho echazwe ku-RFC 5280 futhi ukuhumusha kwe-libcrypto kuyaqhubeka nokusebenzisa i-CBB (bytebuilder) kanye ne-CBS (bytestring) yokuxhumana.

Ngakolunye uhlangothi, kugqanyiswe ukuthi ikhodi yokuqinisekisa inqubomgomo ye-BoringSSL RFC 5280 yangeniswa futhi yasetshenziswa.
ukufaka esikhundleni sekhodi yesikhathi yomchazi omdala, ngaphezu kokususa usekelo lwe-GF2m:BIGNUM njengoba ingasisekeli isandiso esinambambili, isusa iningi lamasimbuli asesidlangalaleni aye ahoxiswa ku-OpenSSL 0.9.8.

Kwezinye izinguquko okuvelele kule nguqulo entsha:

  • Kususwe i-X9.31 public API (RSA_X931_PADDING isatholakala).
  • Kukhishwe imodi yokweba i-ciphertext.
  • Kususwe usekelo lwe-SXNET ne-NETSCAPE_CERT_SEQUENCE, okuhlanganisa
    openssl(1) umyalo nseq.
  • Isitifiketi sommeleli esiwisiwe (RFC 3820) sisekela.
  • I-POLICY_TREE kanye nezakhiwo zayo ezihlobene nama-API kususiwe.
  • Kulungiswe ukuhlolwa kwesiphazamisi kwe-i2d_ECDSA_SIG() ku-ossl_ecdsa_sign().
  • Ukutholwa okugxilile kokusebenza okunwetshiwe (XOP) kuhadiwe ye-AMD.
  • Kulungiswe ukuphathwa kwephutha kokuthi tls_check_common_name().
  • Kwengezwe ukungasebenzi kwesikhombi esingekho kokuthi SSL_free().
  • I-X509err() elungisiwe kanye ne-X509V3err() nezinguqulo zayo zangaphakathi.
  • Ukufakwa kokuhlolwa okuthuthuke kakhulu kwe-BN_mod_sqrt() ne-GCD.
  • Njengenjwayelo, ukufakwa kokuhlola okusha kuyengezwa njengoba kulungiswa iziphazamisi namasistimu angaphansi
    ziyahlanzwa.

Ekugcineni, uma unentshisekelo yokwazi kabanzi ngakho, ungaxhumana nemininingwane Kulesi sixhumanisi esilandelayo.

Ungayifaka kanjani inguqulo entsha ye-LibreSSL?

Kulabo abanentshisekelo yokukwazi ukufaka le nguqulo entsha, kufanele bazi ukuthi okwamanje ayikafinyeleli ekusabalaliseni okuningi kwe-Linux, ngakho ukufakwa okutholakalayo njengamanje uhlanganise iphakheji uwedwa.

Kepha ungakhathazeki, i-LibreSSL yakha Kulula kakhulu futhi lokhu kufanele uvule kuphela ukuphela bese usebenzisa imiyalo elandelayo (kufanele ube nokuncika okulandelayo okuzenzakalelayo, i-autoconf, i-git, i-libtool, i-perl ne-git).

Into yokuqala ukuthola ikhodi yomthombo, ongayenza ngalo myalo:

git clone https://github.com/libressl/portable.git

Uma lokhu sekwenziwe, manje sizolungisa indlela yokwenza ukuhlanganiswa, ngoba lokhu sifaka ifolda equkethe ikhodi yomthombo ye-LibreSSL futhi sizobhala:

cd ephathekayo ./autogen.sh ./dist.sh

Uma lokhu sekwenziwe, siyaqhubeka nokuhlanganisa:

./configure yenza isheke faka

Noma uma ukhetha ukukwenza nge-CMake:

mkdir yakha i-cd yakha i-cmake .. yenza ukuhlola

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.