Skip to content

fix: Update besu-native libraries to 1.5.0#10096

Merged
usmansaleem merged 2 commits intobesu-eth:mainfrom
usmansaleem:bump_besu_native
Mar 24, 2026
Merged

fix: Update besu-native libraries to 1.5.0#10096
usmansaleem merged 2 commits intobesu-eth:mainfrom
usmansaleem:bump_besu_native

Conversation

@usmansaleem
Copy link
Copy Markdown
Contributor

@usmansaleem usmansaleem commented Mar 24, 2026
edited
Loading

PR description

This fixes the issue of besu-native/secp256r1 exporting bundled OpenSSL symbols in JVM space which cause any plugins which are using native libraries (such as native hsm libraries) to incorrectly attempt to use secp256r1's bundled OpenSSL library instead of system OpenSSL library. This can result in JVM crash and/or hsm library's signing operation failure.

The fix is to use statically linked OpenSSL by the besu-native/secp256r1 .

Fixed Issue(s)

Thanks for sending a pull request! Have you done the following?

  • Checked out our contribution guidelines?
  • Considered documentation and added the doc-change-required label to this PR if updates are required.
  • Considered the changelog and included an update if required.
  • For database changes (e.g. KeyValueSegmentIdentifier) considered compatibility and performed forwards and backwards compatibility tests

Locally, you can run these tests to catch failures early:

  • spotless: ./gradlew spotlessApply
  • unit tests: ./gradlew build
  • acceptance tests: ./gradlew acceptanceTest
  • integration tests: ./gradlew integrationTest
  • reference tests: ./gradlew ethereum:referenceTests:referenceTests
  • hive tests: Engine or other RPCs modified?

@usmansaleem
fix: Update besu-native libraries to 1.5.0
6b9b536 
 This fixes the issue of secp256r1 native library exporting openssl
 symbols in jvm space which cause any plugins which are using native
 libraries (such as native hsm libraries) to incorrectly attempt to use
 secp256r1 bundled openssl library instead of system openssl library.

 The fix is to use statically linked openssl by secp256r1 native module.

Signed-off-by: Usman Saleem <usman@usmans.info>
Copilot AI review requested due to automatic review settings March 24, 2026 07:31
@usmansaleem usmansaleem self-assigned this Mar 24, 2026
@usmansaleem usmansaleem added non mainnet (private networks) not related to mainnet features - covers privacy, permissioning, IBFT2, QBFT plugins labels Mar 24, 2026
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates Besu’s besu-native dependency set to v1.5.0 to address OpenSSL symbol export conflicts from the secp256r1 native library, improving compatibility with other native-library-using plugins.

Changes:

  • Bumped org.hyperledger.besu:* native library dependencies from 1.4.2 to 1.5.0.
  • Added Gradle dependency verification metadata entries for the new 1.5.0 artifacts.
  • Recorded the upgrade and rationale in the changelog.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
platform/build.gradle Updates besu-native-related dependency versions to 1.5.0.
gradle/verification-metadata.xml Adds checksum metadata for the new 1.5.0 artifacts to keep dependency verification passing.
CHANGELOG.md Documents the upgrade and the OpenSSL symbol-export fix reference.

@usmansaleem
chore: Update changelog
2902488 
Signed-off-by: Usman Saleem <usman@usmans.info>
@usmansaleem usmansaleem merged commit 4aec2eb into besu-eth:main Mar 24, 2026
46 checks passed
@usmansaleem usmansaleem deleted the bump_besu_native branch March 24, 2026 09:09
usmansaleem added a commit to usmansaleem/besu-hsm-plugin that referenced this pull request Mar 24, 2026
@usmansaleem
feat: add QBFT 4-node integration test with HSM-backed signing
d7a23f7 
Add a Testcontainers-based integration test that spins up a 4-node
QBFT network where each validator signs blocks via PKCS#11 (SoftHSM2).
Tests verify block production, validator recognition, and pre-funded
account balance.

Uses Besu develop Docker tag pending a release that includes the
besu-native-ec static OpenSSL fix (besu-eth/besu#10096).

Signed-off-by: Usman Saleem <usman@usmans.info>
@usmansaleem usmansaleem mentioned this pull request Mar 24, 2026
Closed
2 tasks
ahamlat pushed a commit to daniellehrner/besu that referenced this pull request Mar 25, 2026
@usmansaleem @ahamlat
fix: Update besu-native libraries to 1.5.0 (besu-eth#10096)
f9bd9d8 
This fixes the issue of besu-native/secp256r1 exporting bundled OpenSSL symbols in JVM space which cause any plugins which are using native libraries (such as native hsm libraries) to incorrectly attempt to use secp256r1's bundled OpenSSL library instead of system OpenSSL library. This can result in JVM crash and/or hsm library's signing operation failure. The fix is to use statically linked OpenSSL by secp256r1 native module.

---------

Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@daniellehrner daniellehrner daniellehrner approved these changes

Assignees

@usmansaleem usmansaleem

Labels

non mainnet (private networks) not related to mainnet features - covers privacy, permissioning, IBFT2, QBFT plugins

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@usmansaleem @daniellehrner