* [walnascar][PATCH 0/1] openssl: 3.4.2 -> 3.5.2
@ 2025-09-19 2:55 liezhi.yang
2025-09-19 2:55 ` [PATCH 1/1] " liezhi.yang
0 siblings, 1 reply; 10+ messages in thread
From: liezhi.yang @ 2025-09-19 2:55 UTC (permalink / raw)
To: openembedded-core
From: Robert Yang <liezhi.yang@windriver.com>
The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
save the maintenance time in the long run.
* New features:
- Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
- Support for server side QUIC (RFC 9000)
- Support for 3rd party QUIC stacks including 0-RTT support
- Support added for opaque symmetric key objects (EVP_SKEY)
- A new configuration option no-tls-deprecated-ec to disable support for TLS
groups deprecated in RFC8422
- A new configuration option enable-fips-jitter to make the FIPS provider to
use the JITTER seed source
- Support for central key generation in CMP
- Support for multiple TLS keyshares and improved TLS key establishment group
configurability
- API support for pipelining in provided cipher algorithms
- The full list of changes since OpenSSL 3.4:
https://github.com/openssl/openssl/blob/openssl-3.5/CHANGES.md#openssl-35
* Test info
$ bitbake world core-image-sato core-image-minimal
Works well
$ runqemu tmp/deploy/images/qemux86-64/core-image-sato-qemux86-64.rootfs.qemuboot.conf nographic kvm
$ ptest-runner openssl
All tests successful.
Files=341, Tests=4466, 206 wallclock secs (16.53 usr 1.34 sys + 582.73 cusr 109.85 csys = 710.45 CPU)
Result: PASS
DURATION: 206
END: /usr/lib/openssl/ptest
2025-09-18T10:17
STOP: ptest-runner
TOTAL: 1 FAIL: 0
All tests successful, the similar results to minimal image.
// Robert
The following changes since commit 575a4316f661392eb73d1d97300511e2bca24ada:
rust-target-config: Add has-thread-local option (2025-09-02 10:15:23 -0700)
are available in the Git repository at:
https://github.com/robertlinux/yocto rbt/openssl
https://github.com/robertlinux/yocto/tree/rbt/openssl
Robert Yang (1):
openssl: 3.4.2 -> 3.5.2
.../openssl/{openssl_3.4.2.bb => openssl_3.5.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_3.4.2.bb => openssl_3.5.2.bb} (99%)
--
2.49.0
^ permalink raw reply [flat|nested] 10+ messages in thread* [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-19 2:55 [walnascar][PATCH 0/1] openssl: 3.4.2 -> 3.5.2 liezhi.yang
@ 2025-09-19 2:55 ` liezhi.yang
2025-09-19 10:21 ` [OE-core] " Alexander Kanavin
0 siblings, 1 reply; 10+ messages in thread
From: liezhi.yang @ 2025-09-19 2:55 UTC (permalink / raw)
To: openembedded-core
From: Robert Yang <liezhi.yang@windriver.com>
The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
save the maintenance time in the long run.
* New features:
- Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
- Support for server side QUIC (RFC 9000)
- Support for 3rd party QUIC stacks including 0-RTT support
- Support added for opaque symmetric key objects (EVP_SKEY)
- A new configuration option no-tls-deprecated-ec to disable support for TLS
groups deprecated in RFC8422
- A new configuration option enable-fips-jitter to make the FIPS provider to
use the JITTER seed source
- Support for central key generation in CMP
- Support for multiple TLS keyshares and improved TLS key establishment group
configurability
- API support for pipelining in provided cipher algorithms
- The full list of changes since OpenSSL 3.4:
https://github.com/openssl/openssl/blob/openssl-3.5/CHANGES.md#openssl-35
* Test info
$ bitbake world core-image-sato core-image-minimal
Works well
$ runqemu tmp/deploy/images/qemux86-64/core-image-sato-qemux86-64.rootfs.qemuboot.conf nographic kvm
$ ptest-runner openssl
All tests successful.
Files=341, Tests=4466, 206 wallclock secs (16.53 usr 1.34 sys + 582.73 cusr 109.85 csys = 710.45 CPU)
Result: PASS
DURATION: 206
END: /usr/lib/openssl/ptest
2025-09-18T10:17
STOP: ptest-runner
TOTAL: 1 FAIL: 0
All tests successful, the similar results to minimal image.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
.../openssl/{openssl_3.4.2.bb => openssl_3.5.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_3.4.2.bb => openssl_3.5.2.bb} (99%)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.4.2.bb b/meta/recipes-connectivity/openssl/openssl_3.5.2.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.4.2.bb
rename to meta/recipes-connectivity/openssl/openssl_3.5.2.bb
index 2998e37e758..cd0d22e48ad 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.4.2.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.2.bb
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "17b02459fc28be415470cccaae7434f3496cac1306b86b52c83886580e82834c"
+SRC_URI[sha256sum] = "c53a47e5e441c930c3928cf7bf6fb00e5d129b630e0aa873b08258656e7345ec"
inherit lib_package multilib_header multilib_script ptest perlnative manpages
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.49.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-19 2:55 ` [PATCH 1/1] " liezhi.yang
@ 2025-09-19 10:21 ` Alexander Kanavin
2025-09-19 14:00 ` Peter Kjellerstedt
2025-09-21 15:15 ` Robert Yang
0 siblings, 2 replies; 10+ messages in thread
From: Alexander Kanavin @ 2025-09-19 10:21 UTC (permalink / raw)
To: liezhi.yang; +Cc: openembedded-core
On Fri, 19 Sept 2025 at 04:55, Robert Yang via lists.openembedded.org
<liezhi.yang=windriver.com@lists.openembedded.org> wrote:
> The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
> save the maintenance time in the long run.
Yes, and it also add new features, breaking the promise the project
makes to its users.
This update cannot be done without TSC approval. You need to get that first.
Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* RE: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-19 10:21 ` [OE-core] " Alexander Kanavin
@ 2025-09-19 14:00 ` Peter Kjellerstedt
2025-09-21 15:19 ` Robert Yang
2025-09-21 15:15 ` Robert Yang
1 sibling, 1 reply; 10+ messages in thread
From: Peter Kjellerstedt @ 2025-09-19 14:00 UTC (permalink / raw)
To: alex.kanavin@gmail.com, liezhi.yang@windriver.com
Cc: openembedded-core@lists.openembedded.org
> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Alexander Kanavin via lists.openembedded.org
> Sent: den 19 september 2025 12:21
> To: liezhi.yang@windriver.com
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
>
> On Fri, 19 Sept 2025 at 04:55, Robert Yang via lists.openembedded.org <liezhi.yang=windriver.com@lists.openembedded.org> wrote:
> > The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
> > save the maintenance time in the long run.
>
> Yes, and it also add new features, breaking the promise the project
> makes to its users.
>
> This update cannot be done without TSC approval. You need to get that
> first.
>
> Alex
Also, this proposal was for Walnascar, which will be EoL after the
next release (or two). Thus updating OpenSSL to a new minor version
now makes no sense.
If it had been suggested for Scarthgap and the meta-lts-mixins layer,
then I would have more understood it.
//Peter
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-19 14:00 ` Peter Kjellerstedt
@ 2025-09-21 15:19 ` Robert Yang
2025-09-22 13:57 ` Steve Sakoman
0 siblings, 1 reply; 10+ messages in thread
From: Robert Yang @ 2025-09-21 15:19 UTC (permalink / raw)
To: Peter Kjellerstedt, alex.kanavin@gmail.com
Cc: openembedded-core@lists.openembedded.org
On 9/19/25 22:00, Peter Kjellerstedt wrote:
>> -----Original Message-----
>> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Alexander Kanavin via lists.openembedded.org
>> Sent: den 19 september 2025 12:21
>> To: liezhi.yang@windriver.com
>> Cc: openembedded-core@lists.openembedded.org
>> Subject: Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
>>
>> On Fri, 19 Sept 2025 at 04:55, Robert Yang via lists.openembedded.org <liezhi.yang=windriver.com@lists.openembedded.org> wrote:
>>> The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
>>> save the maintenance time in the long run.
>>
>> Yes, and it also add new features, breaking the promise the project
>> makes to its users.
>>
>> This update cannot be done without TSC approval. You need to get that
>> first.
>>
>> Alex
>
> Also, this proposal was for Walnascar, which will be EoL after the
> next release (or two). Thus updating OpenSSL to a new minor version
> now makes no sense.
> > If it had been suggested for Scarthgap and the meta-lts-mixins layer,
> then I would have more understood it.
I haven't tested it for Scarthgap, I think we need do it firstly for Walnascar,
then Scarthgap if it works.
// Robert
>
> //Peter
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-21 15:19 ` Robert Yang
@ 2025-09-22 13:57 ` Steve Sakoman
2025-09-22 15:23 ` Robert Yang
0 siblings, 1 reply; 10+ messages in thread
From: Steve Sakoman @ 2025-09-22 13:57 UTC (permalink / raw)
To: liezhi.yang
Cc: Peter Kjellerstedt, alex.kanavin@gmail.com,
openembedded-core@lists.openembedded.org
On Sun, Sep 21, 2025 at 8:19 AM Robert Yang via lists.openembedded.org
<liezhi.yang=windriver.com@lists.openembedded.org> wrote:
>
>
>
> On 9/19/25 22:00, Peter Kjellerstedt wrote:
> >> -----Original Message-----
> >> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Alexander Kanavin via lists.openembedded.org
> >> Sent: den 19 september 2025 12:21
> >> To: liezhi.yang@windriver.com
> >> Cc: openembedded-core@lists.openembedded.org
> >> Subject: Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
> >>
> >> On Fri, 19 Sept 2025 at 04:55, Robert Yang via lists.openembedded.org <liezhi.yang=windriver.com@lists.openembedded.org> wrote:
> >>> The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
> >>> save the maintenance time in the long run.
> >>
> >> Yes, and it also add new features, breaking the promise the project
> >> makes to its users.
> >>
> >> This update cannot be done without TSC approval. You need to get that
> >> first.
> >>
> >> Alex
> >
> > Also, this proposal was for Walnascar, which will be EoL after the
> > next release (or two). Thus updating OpenSSL to a new minor version
> > now makes no sense.
> > > If it had been suggested for Scarthgap and the meta-lts-mixins layer,
> > then I would have more understood it.
>
> I haven't tested it for Scarthgap, I think we need do it firstly for Walnascar,
> then Scarthgap if it works.
I will be building the final walnascar release on Friday.
I don't feel comfortable doing this just prior to EOL with minimal
testing and bake time.
The TSC can of course decide to do it, but I'd push for scheduling at
least one more release afterwards to deal with any breakage.
Steve
>
> // Robert
>
> >
> > //Peter
> >
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#223801): https://lists.openembedded.org/g/openembedded-core/message/223801
> Mute This Topic: https://lists.openembedded.org/mt/115322467/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-22 13:57 ` Steve Sakoman
@ 2025-09-22 15:23 ` Robert Yang
0 siblings, 0 replies; 10+ messages in thread
From: Robert Yang @ 2025-09-22 15:23 UTC (permalink / raw)
To: Steve Sakoman
Cc: Peter Kjellerstedt, alex.kanavin@gmail.com,
openembedded-core@lists.openembedded.org
On 9/22/25 21:57, Steve Sakoman wrote:
> On Sun, Sep 21, 2025 at 8:19 AM Robert Yang via lists.openembedded.org
> <liezhi.yang=windriver.com@lists.openembedded.org> wrote:
>>
>>
>>
>> On 9/19/25 22:00, Peter Kjellerstedt wrote:
>>>> -----Original Message-----
>>>> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Alexander Kanavin via lists.openembedded.org
>>>> Sent: den 19 september 2025 12:21
>>>> To: liezhi.yang@windriver.com
>>>> Cc: openembedded-core@lists.openembedded.org
>>>> Subject: Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
>>>>
>>>> On Fri, 19 Sept 2025 at 04:55, Robert Yang via lists.openembedded.org <liezhi.yang=windriver.com@lists.openembedded.org> wrote:
>>>>> The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
>>>>> save the maintenance time in the long run.
>>>>
>>>> Yes, and it also add new features, breaking the promise the project
>>>> makes to its users.
>>>>
>>>> This update cannot be done without TSC approval. You need to get that
>>>> first.
>>>>
>>>> Alex
>>>
>>> Also, this proposal was for Walnascar, which will be EoL after the
>>> next release (or two). Thus updating OpenSSL to a new minor version
>>> now makes no sense.
>> > > If it had been suggested for Scarthgap and the meta-lts-mixins layer,
>>> then I would have more understood it.
>>
>> I haven't tested it for Scarthgap, I think we need do it firstly for Walnascar,
>> then Scarthgap if it works.
>
> I will be building the final walnascar release on Friday.
>
> I don't feel comfortable doing this just prior to EOL with minimal
> testing and bake time.
>
> The TSC can of course decide to do it, but I'd push for scheduling at
> least one more release afterwards to deal with any breakage.
Yes, delay it makes sense to me.
// Robert
>
> Steve
>
>>
>> // Robert
>>
>>>
>>> //Peter
>>>
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#223801): https://lists.openembedded.org/g/openembedded-core/message/223801
>> Mute This Topic: https://lists.openembedded.org/mt/115322467/3620601
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-19 10:21 ` [OE-core] " Alexander Kanavin
2025-09-19 14:00 ` Peter Kjellerstedt
@ 2025-09-21 15:15 ` Robert Yang
2025-09-24 18:31 ` Randy MacLeod
1 sibling, 1 reply; 10+ messages in thread
From: Robert Yang @ 2025-09-21 15:15 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: openembedded-core
Hi Alex,
On 9/19/25 18:21, Alexander Kanavin wrote:
> On Fri, 19 Sept 2025 at 04:55, Robert Yang via lists.openembedded.org
> <liezhi.yang=windriver.com@lists.openembedded.org> wrote:
>> The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
>> save the maintenance time in the long run.
>
> Yes, and it also add new features, breaking the promise the project
> makes to its users.
>
> This update cannot be done without TSC approval. You need to get that first.
This has been talked on TSC, but not approved yet, so I sent the patch out.
// Robert
>
> Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-21 15:15 ` Robert Yang
@ 2025-09-24 18:31 ` Randy MacLeod
2025-09-26 6:15 ` Robert Yang
0 siblings, 1 reply; 10+ messages in thread
From: Randy MacLeod @ 2025-09-24 18:31 UTC (permalink / raw)
To: liezhi.yang, Alexander Kanavin, Adrian Freihofer; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1555 bytes --]
On 2025-09-21 11:15 a.m., Robert Yang via lists.openembedded.org wrote:
> Hi Alex,
>
> On 9/19/25 18:21, Alexander Kanavin wrote:
>> On Fri, 19 Sept 2025 at 04:55, Robert Yang via lists.openembedded.org
>> <liezhi.yang=windriver.com@lists.openembedded.org> wrote:
>>> The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030,
>>> which can
>>> save the maintenance time in the long run.
>>
>> Yes, and it also add new features, breaking the promise the project
>> makes to its users.
>>
>> This update cannot be done without TSC approval. You need to get that
>> first.
>
> This has been talked on TSC, but not approved yet, so I sent the patch
> out.
>
>
Hi Robert,
Richard was saying that the TSC needs a formal email proposal
with pros, cons and some data about testing in order to discuss this idea.
Can you gather that and send an email to:
tsc@lists.openembedded.org ?
I think that Adrian, who I've CCed, is also interested so maybe he can help
to review the email? Just send a draft here to the list if you like.
../Randy
>
> // Robert
>
>>
>> Alex
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#223800):https://lists.openembedded.org/g/openembedded-core/message/223800
> Mute This Topic:https://lists.openembedded.org/mt/115322467/3616765
> Group Owner:openembedded-core+owner@lists.openembedded.org
> Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
# Randy MacLeod
# Wind River Linux
[-- Attachment #2: Type: text/html, Size: 3456 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [OE-core] [PATCH 1/1] openssl: 3.4.2 -> 3.5.2
2025-09-24 18:31 ` Randy MacLeod
@ 2025-09-26 6:15 ` Robert Yang
0 siblings, 0 replies; 10+ messages in thread
From: Robert Yang @ 2025-09-26 6:15 UTC (permalink / raw)
To: Randy MacLeod, Alexander Kanavin, Adrian Freihofer; +Cc: openembedded-core
On 9/25/25 02:31, Randy MacLeod wrote:
> On 2025-09-21 11:15 a.m., Robert Yang via lists.openembedded.org wrote:
>> Hi Alex,
>>
>> On 9/19/25 18:21, Alexander Kanavin wrote:
>>> On Fri, 19 Sept 2025 at 04:55, Robert Yang via lists.openembedded.org
>>> <liezhi.yang=windriver.com@lists.openembedded.org> wrote:
>>>> The benefit of OpenSSL 3.5 is that it is an LTS supported to 2030, which can
>>>> save the maintenance time in the long run.
>>>
>>> Yes, and it also add new features, breaking the promise the project
>>> makes to its users.
>>>
>>> This update cannot be done without TSC approval. You need to get that first.
>>
>> This has been talked on TSC, but not approved yet, so I sent the patch out.
>>
>>
> Hi Robert,
>
>
> Richard was saying that the TSC needs a formal email proposal
> with pros, cons and some data about testing in order to discuss this idea.
Since walnascar will be EOL in about 2 months, so I'm leaning to drop this patch.
// Robert
>
> Can you gather that and send an email to:
> tsc@lists.openembedded.org ?
> I think that Adrian, who I've CCed, is also interested so maybe he can help
> to review the email? Just send a draft here to the list if you like.
>
> ../Randy
>
>
>
>>
>> // Robert
>>
>>>
>>> Alex
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#223800):https://lists.openembedded.org/g/openembedded-core/message/223800
>> Mute This Topic:https://lists.openembedded.org/mt/115322467/3616765
>> Group Owner:openembedded-core+owner@lists.openembedded.org
>> Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
>
> --
> # Randy MacLeod
> # Wind River Linux
>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-09-26 6:15 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-19 2:55 [walnascar][PATCH 0/1] openssl: 3.4.2 -> 3.5.2 liezhi.yang
2025-09-19 2:55 ` [PATCH 1/1] " liezhi.yang
2025-09-19 10:21 ` [OE-core] " Alexander Kanavin
2025-09-19 14:00 ` Peter Kjellerstedt
2025-09-21 15:19 ` Robert Yang
2025-09-22 13:57 ` Steve Sakoman
2025-09-22 15:23 ` Robert Yang
2025-09-21 15:15 ` Robert Yang
2025-09-24 18:31 ` Randy MacLeod
2025-09-26 6:15 ` Robert Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox