The initialization function must have the following signature:
- int NAME(const OSSL_PROVIDER *provider,
+ int NAME(const OSSL_CORE_HANDLE *handle,
const OSSL_DISPATCH *in, const OSSL_DISPATCH **out,
void **provctx);
-I<provider> is the OpenSSL library object for the provider, and works
+I<handle> is the OpenSSL library object for the provider, and works
as a handle for everything the OpenSSL libraries need to know about
the provider.
-For the provider itself, it may hold some interesting information,
-and is also passed to some of the functions given in the dispatch
-array I<in>.
+For the provider itself, it is passed to some of the functions given in the
+dispatch array I<in>.
I<in> is a dispatch array of base functions offered by the OpenSSL
libraries, and the available functions are further described in
The functions the provider can offer are described in
L<provider-keyexch(7)>
-=item Serialization
+=item Asymmetric Ciphers
In the OpenSSL libraries, the corresponding method object is
-B<OSSL_SERIALIZER>.
-The number for this operation is B<OSSL_OP_SERIALIZER>.
+B<EVP_ASYM_CIPHER>.
+The number for this operation is B<OSSL_OP_ASYM_CIPHER>.
The functions the provider can offer are described in
-L<provider-serializer(7)>
+L<provider-asym_cipher(7)>
+
+=item Encoding
+
+In the OpenSSL libraries, the corresponding method object is
+B<OSSL_ENCODER>.
+The number for this operation is B<OSSL_OP_ENCODER>.
+The functions the provider can offer are described in
+L<provider-encoder(7)>
=back
The default provider is built in as part of the F<libcrypto> library.
Should it be needed (if other providers are loaded and offer
implementations of the same algorithms), the property "provider=default"
+can be used as a search criterion for these implementations. The default
+provider includes all the functionality of the base provider below.
+
+=head2 Base provider
+
+The base provider is built in as part of the F<libcrypto> library.
+Should it be needed (if other providers are loaded and offer
+implementations of the same algorithms), the property "provider=base"
can be used as a search criterion for these implementations. Some
-non-cryptographic algorithms (such as serializers for loading keys and
+non-cryptographic algorithms (such as encoders for loading keys and
parameters from files) are not FIPS algorithm implementations in themselves but
support algorithms from the FIPS provider and are allowed for use in "FIPS
mode". The property "fips=yes" can be used to select such algorithms.
(see L<config(5)>).
Should it be needed (if other providers are loaded and offer
implementations of the same algorithms), the property "provider=fips" can
-be used as a search criterion for these implementations. All algorithm
+be used as a search criterion for these implementations. All approved algorithm
implementations in the FIPS provider can also be selected with the property
-"fips=yes".
+"fips=yes". The FIPS provider also contains a number of non-approved algorithm
+implementations and these can be selected with the property "fips=no".
=head2 Legacy provider
implementations of the same algorithms), the property "provider=legacy" can be
used as a search criterion for these implementations.
+=head2 Null provider
+
+The null provider is built in as part of the F<libcrypto> library. It contains
+no algorithms in it at all. When fetching algorithms the default provider will
+be automatically loaded if no other provider has been explicitly loaded. To
+prevent that from happening you can explicitly load the null provider.
+
=head1 EXAMPLES
=head2 Fetching
=head1 COPYRIGHT
-Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
projects / thirdparty / openssl.git / blobdiff