[{"id":3684505,"web_url":"http://patchwork.ozlabs.org/comment/3684505/","msgid":"<87cxzgevd2.fsf@kernel.org>","list_archive_url":null,"date":"2026-04-30T07:54:33","subject":"Re: [PATCH v4] Add support for OpenSSL Provider API","submitter":{"id":90582,"url":"http://patchwork.ozlabs.org/api/people/90582/","name":"Mattijs Korpershoek","email":"mkorpershoek@kernel.org"},"content":"Hi Eddie,\n\nThank you for the patch.\n\nOn Wed, Apr 29, 2026 at 12:02, Eddie Kovsky wrote:\n\n> The Engine API has been deprecated since the release of OpenSSL 3.0. End\n> users have been advised to migrate to the new Provider interface.\n> Several distributions have already removed support for engines, which is\n> preventing U-Boot from being compiled in those environments.\n>\n> Add support for the Provider API while continuing to support the existing\n> Engine API on distros shipping older releases of OpenSSL.\n>\n> This is based on similar work contributed by Jan Stancek updating Linux\n> to use the Provider interface.\n>\n> commit 558bdc45dfb2669e1741384a0c80be9c82fa052c\n> Author: Jan Stancek \n> Date: Fri Sep 20 19:52:48 2024 +0300\n>\n> sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3\n>\n> The changes have been tested with the FIT signature verification vboot\n> tests on Fedora 42 and Debian 13. All 30 tests pass with both the legacy\n> Engine library installed and with the Provider API.\n>\n> Tested-by Enric Balletbo i Serra \n> Tested-by Mark Kettenis \n> Signed-off-by: Eddie Kovsky \n\nReviewed-by: Mattijs Korpershoek \n\n> ---","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=JvOvCygd;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.b=\"JvOvCygd\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=pass (p=quarantine dis=none)\n header.from=kernel.org","phobos.denx.de;\n spf=pass smtp.mailfrom=mkorpershoek@kernel.org"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5mff0GrJz1yGq\n\tfor ; Thu, 30 Apr 2026 17:54:49 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 9765E84255;\n\tThu, 30 Apr 2026 09:54:41 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id EEFD7845C8; Thu, 30 Apr 2026 09:54:39 +0200 (CEST)","from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id C9CFE84198\n for ; Thu, 30 Apr 2026 09:54:37 +0200 (CEST)","from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])\n by sea.source.kernel.org (Postfix) with ESMTP id 36D9D4391B;\n Thu, 30 Apr 2026 07:54:36 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 9A6A9C2BCB3;\n Thu, 30 Apr 2026 07:54:35 +0000 (UTC)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n s=k20201202; t=1777535676;\n bh=qlAoV6V7+JIUog1ZjGZn5CWWDtKNiJxlaJbs3t+O79A=;\n h=From:To:Cc:Subject:In-Reply-To:References:Date:From;\n b=JvOvCygd/VpDgN+dWThxBb6mKqW+1xPS7/GqlnKMSJePbeHx6FTeLuRblRRvL2uEU\n RrKcWjoCRfDfPhWZ0tUFg8ahBEOtoSFgKLFNpD5eYIsxN0iOxb7UUjwHHv3LccrxNC\n 2K1y7U9FUA+fKQTt8vZNng171ljB/7AdXlh+q+Rwga00y4/DkPbj4yB4SABCJoboBu\n m1VrA8Z4GaWJqVu0IL07DaiexvJg1ea5fykdFBtGAK0aUsxXhp9yccP5LGDUpMR4n+\n FuaOpC6ZZdarogVHp4hADkXif9pzwjlUbRRVhKnq9HdvFeuGip3Wj6AK56M6xbKOGJ\n QNVS5kbBTtF3A==","From":"Mattijs Korpershoek ","To":"Eddie Kovsky , Tom Rini , Tobias\n Olausson , Paul HENRYS ,\n Simon Glass , Jan Stancek , Enric\n Balletbo i Serra , a.fatoum@pengutronix.de,\n mark.kettenis@xs4all.nl, Mattijs Korpershoek ","Cc":"u-boot@lists.denx.de","Subject":"Re: [PATCH v4] Add support for OpenSSL Provider API","In-Reply-To":"<20260429180247.83091-1-ekovsky@redhat.com>","References":"<20260429180247.83091-1-ekovsky@redhat.com>","Date":"Thu, 30 Apr 2026 09:54:33 +0200","Message-ID":"<87cxzgevd2.fsf@kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" ","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"}}]