From: <liezhi.yang@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [walnascar][PATCH 0/1] openssl: 3.4.2 -> 3.5.2
Date: Thu, 18 Sep 2025 19:55:07 -0700 [thread overview]
Message-ID: <cover.1758250424.git.liezhi.yang@windriver.com> (raw)
From: Robert Yang <liezhi.yang@windriver.com>
The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
save the maintenance time in the long run.
* New features:
- Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
- Support for server side QUIC (RFC 9000)
- Support for 3rd party QUIC stacks including 0-RTT support
- Support added for opaque symmetric key objects (EVP_SKEY)
- A new configuration option no-tls-deprecated-ec to disable support for TLS
groups deprecated in RFC8422
- A new configuration option enable-fips-jitter to make the FIPS provider to
use the JITTER seed source
- Support for central key generation in CMP
- Support for multiple TLS keyshares and improved TLS key establishment group
configurability
- API support for pipelining in provided cipher algorithms
- The full list of changes since OpenSSL 3.4:
https://github.com/openssl/openssl/blob/openssl-3.5/CHANGES.md#openssl-35
* Test info
$ bitbake world core-image-sato core-image-minimal
Works well
$ runqemu tmp/deploy/images/qemux86-64/core-image-sato-qemux86-64.rootfs.qemuboot.conf nographic kvm
$ ptest-runner openssl
All tests successful.
Files=341, Tests=4466, 206 wallclock secs (16.53 usr 1.34 sys + 582.73 cusr 109.85 csys = 710.45 CPU)
Result: PASS
DURATION: 206
END: /usr/lib/openssl/ptest
2025-09-18T10:17
STOP: ptest-runner
TOTAL: 1 FAIL: 0
All tests successful, the similar results to minimal image.
// Robert
The following changes since commit 575a4316f661392eb73d1d97300511e2bca24ada:
rust-target-config: Add has-thread-local option (2025-09-02 10:15:23 -0700)
are available in the Git repository at:
https://github.com/robertlinux/yocto rbt/openssl
https://github.com/robertlinux/yocto/tree/rbt/openssl
Robert Yang (1):
openssl: 3.4.2 -> 3.5.2
.../openssl/{openssl_3.4.2.bb => openssl_3.5.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_3.4.2.bb => openssl_3.5.2.bb} (99%)
--
2.49.0
next reply other threads:[~2025-09-19 2:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-19 2:55 liezhi.yang [this message]
2025-09-19 2:55 ` [PATCH 1/1] openssl: 3.4.2 -> 3.5.2 liezhi.yang
2025-09-19 10:21 ` [OE-core] " Alexander Kanavin
2025-09-19 14:00 ` Peter Kjellerstedt
2025-09-21 15:19 ` Robert Yang
2025-09-22 13:57 ` Steve Sakoman
2025-09-22 15:23 ` Robert Yang
2025-09-21 15:15 ` Robert Yang
2025-09-24 18:31 ` Randy MacLeod
2025-09-26 6:15 ` Robert Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1758250424.git.liezhi.yang@windriver.com \
--to=liezhi.yang@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.