Developers of the OpenBSD project introduced the release of the portable edition of the package libressl 3.7.0 , in which the Opensl Fork, aimed at ensuring a higher level of security. The Libressl project is focused on high -quality support for the SSL/TLS protocols with the removal of excessive functionality, the addition of additional protection tools and a significant cleaning and processing of the code base. The release of Libressl 3.7.0 is considered as experimental, in which the possibilities of OpenBSD 7.3.
are developing.
Features of Libressl 3.7.0:
- Added support for digital signature with an open key ed25519 developed by Daniel Bernstein and based on the use of the Elliptical curve of Curve25519 and Hash Shah-512 . Support ED25519 is available both in the form of a separate primitive and through the EVP interface.
- The EVP interface is added to the support of digital signatures X25519, which differ from the ED25519 signatures by using only coordinate “X” when manipulating points on an elliptical curve, which can significantly reduce the size of the code necessary to create and verify signatures.
- A low -level API compatible with Opensl 1.1 is implemented for working with open and private keys, supporting the keys EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519.
- Instead of the system function of Timegm () and GMTime () for transforming dates, Posix function from Boringssl.
- BN (Bignum) library cleaned the old and unused code working with simple numbers.
- Removen support for HMAC Private Key.
- processed internal code to create and verify the signatures DSA.
- Code is rewritten for the export of keys for TLSV1.2.
- cleaning and processing the old TLS stack.
- Bio_read () and bio_write () functions are close to Openssl 3.]
.
/Media reports cited above.