5 OSSL_PROVIDER-default - OpenSSL default provider
9 The OpenSSL default provider supplies the majority of OpenSSL's diverse
10 algorithm implementations. If an application doesn't specify anything else
11 explicitly (e.g. in the application or via config), then this is the
12 provider that will be used as fallback: It is loaded automatically the
13 first time that an algorithm is fetched from a provider or a function
14 acting on providers is called and no other provider has been loaded yet.
16 If an attempt to load a provider has already been made (whether successful
17 or not) then the default provider won't be loaded automatically. Therefore
18 if the default provider is to be used in conjunction with other providers
19 then it must be loaded explicitly. Automatic loading of the default
20 provider only occurs a maximum of once; if the default provider is
21 explicitly unloaded then the default provider will not be automatically
26 The implementations in this provider specifically have this property
31 =item "provider=default"
35 It may be used in a property query string with fetching functions such as
36 L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>, as well as with other
37 functions that take a property query string, such as
38 L<EVP_PKEY_CTX_new_from_name(3)>.
40 It isn't mandatory to query for this property, except to make sure to get
41 implementations of this provider and none other.
43 Some implementations may define additional properties. Exact information is
46 =head1 OPERATIONS AND ALGORITHMS
48 The OpenSSL default provider supports these operations and algorithms:
50 =head2 Hashing Algorithms / Message Digests
54 =item SHA1, see L<EVP_MD-SHA1(7)>
56 =item SHA2, see L<EVP_MD-SHA2(7)>
58 =item SHA3, see L<EVP_MD-SHA3(7)>
60 =item KECCAK, see L<EVP_MD-KECCAK(7)>
62 =item KECCAK-KMAC, see L<EVP_MD-KECCAK-KMAC(7)>
64 =item SHAKE, see L<EVP_MD-SHAKE(7)>
66 =item BLAKE2, see L<EVP_MD-BLAKE2(7)>
68 =item SM3, see L<EVP_MD-SM3(7)>
70 =item MD5, see L<EVP_MD-MD5(7)>
72 =item MD5-SHA1, see L<EVP_MD-MD5-SHA1(7)>
74 =item RIPEMD160, see L<EVP_MD-RIPEMD160(7)>
76 =item NULL, see L<EVP_MD-NULL(7)>
80 =head2 Symmetric Ciphers
84 =item AES, see L<EVP_CIPHER-AES(7)>
86 =item ARIA, see L<EVP_CIPHER-ARIA(7)>
88 =item CAMELLIA, see L<EVP_CIPHER-CAMELLIA(7)>
90 =item 3DES, see L<EVP_CIPHER-DES(7)>
92 =item SEED, see L<EVP_CIPHER-SEED(7)>
94 =item SM4, see L<EVP_CIPHER-SM4(7)>
96 =item ChaCha20, see L<EVP_CIPHER-CHACHA(7)>
98 =item ChaCha20-Poly1305, see L<EVP_CIPHER-CHACHA(7)>
100 =item NULL, see L<EVP_CIPHER-NULL(7)>
104 =head2 Message Authentication Code (MAC)
108 =item BLAKE2, see L<EVP_MAC-BLAKE2(7)>
110 =item CMAC, see L<EVP_MAC-CMAC(7)>
112 =item GMAC, see L<EVP_MAC-GMAC(7)>
114 =item HMAC, see L<EVP_MAC-HMAC(7)>
116 =item KMAC, see L<EVP_MAC-KMAC(7)>
118 =item SIPHASH, see L<EVP_MAC-Siphash(7)>
120 =item POLY1305, see L<EVP_MAC-Poly1305(7)>
124 =head2 Key Derivation Function (KDF)
128 =item HKDF, see L<EVP_KDF-HKDF(7)>
130 =item SSKDF, see L<EVP_KDF-SS(7)>
132 =item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
134 =item PKCS12KDF, see L<EVP_KDF-PKCS12KDF(7)>
136 =item SSHKDF, see L<EVP_KDF-SSHKDF(7)>
138 =item TLS1-PRF, see L<EVP_KDF-TLS1_PRF(7)>
140 =item KBKDF, see L<EVP_KDF-KB(7)>
142 =item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
144 =item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
146 =item X963KDF, see L<EVP_KDF-X963(7)>
148 =item SCRYPT, see L<EVP_KDF-SCRYPT(7)>
150 =item KRB5KDF, see L<EVP_KDF-KRB5KDF(7)>
152 =item HMAC-DRBG, see L<EVP_KDF-HMAC-DRBG(7)>
160 =item DH, see L<EVP_KEYEXCH-DH(7)>
162 =item ECDH, see L<EVP_KEYEXCH-ECDH(7)>
164 =item X25519, see L<EVP_KEYEXCH-X25519(7)>
166 =item X448, see L<EVP_KEYEXCH-X448(7)>
170 =head2 Asymmetric Signature
174 =item DSA, see L<EVP_SIGNATURE-DSA(7)>
176 =item RSA, see L<EVP_SIGNATURE-RSA(7)>
178 =item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
180 =item SIPHASH, see L<EVP_SIGNATURE-Siphash(7)>
182 =item POLY1305, see L<EVP_SIGNATURE-Poly1305(7)>
184 =item CMAC, see L<EVP_SIGNATURE-CMAC(7)>
188 =head2 Asymmetric Cipher
192 =item RSA, see L<EVP_ASYM_CIPHER-RSA(7)>
194 =item SM2, see L<EVP_ASYM_CIPHER-SM2(7)>
198 =head2 Asymmetric Key Encapsulation
202 =item RSA, see L<EVP_KEM-RSA(7)>
204 =item X25519, see L<EVP_KEM-X25519(7)>
206 =item EC, see L<EVP_KEM-EC(7)>
210 =head2 Asymmetric Key Management
214 =item DH, see L<EVP_KEYMGMT-DH(7)>
216 =item DHX, see L<EVP_KEYMGMT-DHX(7)>
218 =item DSA, see L<EVP_KEYMGMT-DSA(7)>
220 =item RSA, see L<EVP_KEYMGMT-RSA(7)>
222 =item EC, see L<EVP_KEYMGMT-EC(7)>
224 =item X25519, see L<EVP_KEYMGMT-X25519(7)>
226 =item X448, see L<EVP_KEYMGMT-X448(7)>
230 =head2 Random Number Generation
234 =item CTR-DRBG, see L<EVP_RAND-CTR-DRBG(7)>
236 =item HASH-DRBG, see L<EVP_RAND-HASH-DRBG(7)>
238 =item HMAC-DRBG, see L<EVP_RAND-HMAC-DRBG(7)>
240 =item SEED-SRC, see L<EVP_RAND-SEED-SRC(7)>
242 =item TEST-RAND, see L<EVP_RAND-TEST-RAND(7)>
246 =head2 Asymmetric Key Encoder
248 The default provider also includes all of the encoding algorithms
249 present in the base provider. Some of these have the property "fips=yes",
250 to allow them to be used together with the FIPS provider.
254 =item RSA, see L<OSSL_ENCODER-RSA(7)>
256 =item DH, see L<OSSL_ENCODER-DH(7)>
258 =item DSA, see L<OSSL_ENCODER-DSA(7)>
260 =item EC, see L<OSSL_ENCODER-EC(7)>
262 =item X25519, see L<OSSL_ENCODER-X25519(7)>
264 =item X448, see L<OSSL_ENCODER-X448(7)>
270 L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, L<provider(7)>,
271 L<OSSL_PROVIDER-base(7)>
275 The RIPEMD160 digest was added to the default provider in OpenSSL 3.0.7.
277 All other functionality was added in OpenSSL 3.0.
281 Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
283 Licensed under the Apache License 2.0 (the "License"). You may not use
284 this file except in compliance with the License. You can obtain a copy
285 in the file LICENSE in the source distribution or at
286 L<https://www.openssl.org/source/license.html>.
projects / thirdparty / openssl.git / blob