[PATCH v4] Add support for OpenSSL Provider API

Quentin Schulz quentin.schulz at cherry.de
Fri Jun 26 17:46:27 CEST 2026 

Hi Enric, Eddie,

On 6/17/26 10:19 AM, Enric Balletbo i Serra wrote:
> Hi Quentin,
> 
> On Tue, Jun 16, 2026 at 6:43 PM Quentin Schulz <quentin.schulz at cherry.de> wrote:
>>
>> Hi Enric,
>>
>> Thanks for chiming in.
>>
>> On 6/4/26 8:22 AM, Enric Balletbo i Serra wrote:
>>> Hi Quentin and Eddie,
>>>
>>> On Fri, May 22, 2026 at 4:38 PM Quentin Schulz <quentin.schulz at cherry.de> wrote:
>>>>
>>>> Hi Eddie,
>>>>
>>>> On 5/22/26 12:29 AM, Eddie Kovsky wrote:
>>>>> On 05/12/26, Quentin Schulz wrote:
>>>>>> Hi Eddie,
>>>>>>
>>>>>> On 4/29/26 8:02 PM, Eddie Kovsky wrote:
[...]
>>> Does it makes sense?
>>>
>>
>> Somewhat. I still don't understand the obsession with the Provider API
>> when the issue (as I understand it) is "I cannot compile OpenSSL engine
>> support and I don't need it".
>>
> 
> To clarify the "obsession" point, which I think is an unfortunate
> take, my impression was that this wasn't just about throwing a quick,
> blind hack at a Fedora compiler error. The build failure was simply
> the trigger.
> 

I think "no engine support anymore, so providers must be supported" was 
a shortcut many could have taken. I understand (and really appreciate) 
the intent of trying to improve the situation instead of "just" patching 
a build failure and be done with it (after all, I myself just installed 
openssl-devel-engine when I got the build error instead of putting in 
the work Eddie did).

> Eddie put significant effort into researching the modern OpenSSL 3.x
> API, studying how to phase out legacy, deprecated components, looking
> at the U-Boot's testing infrastructure, and trying to proactively
> modernize U-Boot's backend based on established upstream kernel
> patterns.
> 
> I agree, now, and this is the beauty of discussions, that the kernel
> approach is not enough due to its narrow scope. U-Boot’s edge cases
> make a full API migration heavier than expected. However, trying to
> actively clean up technical debt is a valuable goal, and
> characterizing it as a mere obsession with a build error can be quite
> discouraging for new contributors putting in real work to improve the
> codebase.
> 

I do realize that "obsession" was too strong of a word and I apologize 
to Eddie and you. I appreciate the feedback and will try to do better.

Cheers,
Quentin

More information about the U-Boot mailing list