]>
Commit | Line | Data |
---|---|---|
c5926e93 RL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | OSSL_PROVIDER-default - OpenSSL default provider | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | The OpenSSL default provider supplies the majority of OpenSSL's diverse | |
3bc061eb MB |
10 | algorithm implementations. If an application doesn't specify anything else |
11 | explicitly (e.g. in the application or via config), then this is the | |
12 | provider that will be used as fallback: It is loaded automatically the | |
13 | first time that an algorithm is fetched from a provider or a function | |
14 | acting on providers is called and no other provider has been loaded yet. | |
15 | ||
16 | If an attempt to load a provider has already been made (whether successful | |
17 | or not) then the default provider won't be loaded automatically. Therefore | |
18 | if the default provider is to be used in conjunction with other providers | |
19 | then it must be loaded explicitly. Automatic loading of the default | |
20 | provider only occurs a maximum of once; if the default provider is | |
21 | explicitly unloaded then the default provider will not be automatically | |
22 | loaded again. | |
c5926e93 RL |
23 | |
24 | =head2 Properties | |
25 | ||
26 | The implementations in this provider specifically have this property | |
27 | defined: | |
28 | ||
29 | =over 4 | |
30 | ||
b8086652 | 31 | =item "provider=default" |
c5926e93 RL |
32 | |
33 | =back | |
34 | ||
35 | It may be used in a property query string with fetching functions such as | |
36 | L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>, as well as with other | |
37 | functions that take a property query string, such as | |
38 | L<EVP_PKEY_CTX_new_from_name(3)>. | |
39 | ||
40 | It isn't mandatory to query for this property, except to make sure to get | |
41 | implementations of this provider and none other. | |
42 | ||
43 | Some implementations may define additional properties. Exact information is | |
44 | listed below | |
45 | ||
46 | =head1 OPERATIONS AND ALGORITHMS | |
47 | ||
48 | The OpenSSL default provider supports these operations and algorithms: | |
49 | ||
50 | =head2 Hashing Algorithms / Message Digests | |
51 | ||
52 | =over 4 | |
53 | ||
54 | =item SHA1, see L<EVP_MD-SHA1(7)> | |
55 | ||
56 | =item SHA2, see L<EVP_MD-SHA2(7)> | |
57 | ||
58 | =item SHA3, see L<EVP_MD-SHA3(7)> | |
59 | ||
524f1261 UM |
60 | =item KECCAK, see L<EVP_MD-KECCAK(7)> |
61 | ||
c5926e93 RL |
62 | =item KECCAK-KMAC, see L<EVP_MD-KECCAK-KMAC(7)> |
63 | ||
64 | =item SHAKE, see L<EVP_MD-SHAKE(7)> | |
65 | ||
66 | =item BLAKE2, see L<EVP_MD-BLAKE2(7)> | |
67 | ||
68 | =item SM3, see L<EVP_MD-SM3(7)> | |
69 | ||
70 | =item MD5, see L<EVP_MD-MD5(7)> | |
71 | ||
72 | =item MD5-SHA1, see L<EVP_MD-MD5-SHA1(7)> | |
73 | ||
fdc5043d P |
74 | =item RIPEMD160, see L<EVP_MD-RIPEMD160(7)> |
75 | ||
f7d76c3d | 76 | =item NULL, see L<EVP_MD-NULL(7)> |
77 | ||
c5926e93 RL |
78 | =back |
79 | ||
80 | =head2 Symmetric Ciphers | |
81 | ||
82 | =over 4 | |
83 | ||
84 | =item AES, see L<EVP_CIPHER-AES(7)> | |
85 | ||
86 | =item ARIA, see L<EVP_CIPHER-ARIA(7)> | |
87 | ||
88 | =item CAMELLIA, see L<EVP_CIPHER-CAMELLIA(7)> | |
89 | ||
d1550687 | 90 | =item 3DES, see L<EVP_CIPHER-DES(7)> |
c5926e93 RL |
91 | |
92 | =item SEED, see L<EVP_CIPHER-SEED(7)> | |
93 | ||
94 | =item SM4, see L<EVP_CIPHER-SM4(7)> | |
95 | ||
b9098d4e | 96 | =item ChaCha20, see L<EVP_CIPHER-CHACHA(7)> |
c5926e93 | 97 | |
b9098d4e | 98 | =item ChaCha20-Poly1305, see L<EVP_CIPHER-CHACHA(7)> |
c5926e93 | 99 | |
f7d76c3d | 100 | =item NULL, see L<EVP_CIPHER-NULL(7)> |
101 | ||
c5926e93 RL |
102 | =back |
103 | ||
104 | =head2 Message Authentication Code (MAC) | |
105 | ||
106 | =over 4 | |
107 | ||
108 | =item BLAKE2, see L<EVP_MAC-BLAKE2(7)> | |
109 | ||
110 | =item CMAC, see L<EVP_MAC-CMAC(7)> | |
111 | ||
112 | =item GMAC, see L<EVP_MAC-GMAC(7)> | |
113 | ||
114 | =item HMAC, see L<EVP_MAC-HMAC(7)> | |
115 | ||
116 | =item KMAC, see L<EVP_MAC-KMAC(7)> | |
117 | ||
118 | =item SIPHASH, see L<EVP_MAC-Siphash(7)> | |
119 | ||
120 | =item POLY1305, see L<EVP_MAC-Poly1305(7)> | |
121 | ||
122 | =back | |
123 | ||
124 | =head2 Key Derivation Function (KDF) | |
125 | ||
126 | =over 4 | |
127 | ||
128 | =item HKDF, see L<EVP_KDF-HKDF(7)> | |
129 | ||
130 | =item SSKDF, see L<EVP_KDF-SS(7)> | |
131 | ||
132 | =item PBKDF2, see L<EVP_KDF-PBKDF2(7)> | |
133 | ||
b7466c13 P |
134 | =item PKCS12KDF, see L<EVP_KDF-PKCS12KDF(7)> |
135 | ||
c5926e93 RL |
136 | =item SSHKDF, see L<EVP_KDF-SSHKDF(7)> |
137 | ||
138 | =item TLS1-PRF, see L<EVP_KDF-TLS1_PRF(7)> | |
139 | ||
140 | =item KBKDF, see L<EVP_KDF-KB(7)> | |
141 | ||
89cccbea SL |
142 | =item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)> |
143 | ||
144 | =item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)> | |
145 | ||
146 | =item X963KDF, see L<EVP_KDF-X963(7)> | |
c5926e93 RL |
147 | |
148 | =item SCRYPT, see L<EVP_KDF-SCRYPT(7)> | |
149 | ||
150 | =item KRB5KDF, see L<EVP_KDF-KRB5KDF(7)> | |
151 | ||
f3090fc7 | 152 | =item HMAC-DRBG, see L<EVP_KDF-HMAC-DRBG(7)> |
b8086652 | 153 | |
6dfa998f ČK |
154 | =item ARGON2, see L<EVP_KDF-ARGON2(7)> |
155 | ||
c5926e93 RL |
156 | =back |
157 | ||
158 | =head2 Key Exchange | |
159 | ||
160 | =over 4 | |
161 | ||
162 | =item DH, see L<EVP_KEYEXCH-DH(7)> | |
163 | ||
164 | =item ECDH, see L<EVP_KEYEXCH-ECDH(7)> | |
165 | ||
166 | =item X25519, see L<EVP_KEYEXCH-X25519(7)> | |
167 | ||
168 | =item X448, see L<EVP_KEYEXCH-X448(7)> | |
169 | ||
170 | =back | |
171 | ||
172 | =head2 Asymmetric Signature | |
173 | ||
174 | =over 4 | |
175 | ||
176 | =item DSA, see L<EVP_SIGNATURE-DSA(7)> | |
177 | ||
178 | =item RSA, see L<EVP_SIGNATURE-RSA(7)> | |
179 | ||
820d87bc MC |
180 | =item HMAC, see L<EVP_SIGNATURE-HMAC(7)> |
181 | ||
182 | =item SIPHASH, see L<EVP_SIGNATURE-Siphash(7)> | |
183 | ||
184 | =item POLY1305, see L<EVP_SIGNATURE-Poly1305(7)> | |
185 | ||
186 | =item CMAC, see L<EVP_SIGNATURE-CMAC(7)> | |
187 | ||
c5926e93 RL |
188 | =back |
189 | ||
190 | =head2 Asymmetric Cipher | |
191 | ||
192 | =over 4 | |
193 | ||
194 | =item RSA, see L<EVP_ASYM_CIPHER-RSA(7)> | |
195 | ||
a48309cb MC |
196 | =item SM2, see L<EVP_ASYM_CIPHER-SM2(7)> |
197 | ||
c5926e93 RL |
198 | =back |
199 | ||
80f4fd18 SL |
200 | =head2 Asymmetric Key Encapsulation |
201 | ||
202 | =over 4 | |
203 | ||
204 | =item RSA, see L<EVP_KEM-RSA(7)> | |
205 | ||
78c44b05 | 206 | =item X25519, see L<EVP_KEM-X25519(7)> |
207 | ||
208 | =item EC, see L<EVP_KEM-EC(7)> | |
209 | ||
80f4fd18 SL |
210 | =back |
211 | ||
c5926e93 RL |
212 | =head2 Asymmetric Key Management |
213 | ||
214 | =over 4 | |
215 | ||
216 | =item DH, see L<EVP_KEYMGMT-DH(7)> | |
217 | ||
0b3d2594 | 218 | =item DHX, see L<EVP_KEYMGMT-DHX(7)> |
219 | ||
c5926e93 RL |
220 | =item DSA, see L<EVP_KEYMGMT-DSA(7)> |
221 | ||
222 | =item RSA, see L<EVP_KEYMGMT-RSA(7)> | |
223 | ||
224 | =item EC, see L<EVP_KEYMGMT-EC(7)> | |
225 | ||
226 | =item X25519, see L<EVP_KEYMGMT-X25519(7)> | |
227 | ||
228 | =item X448, see L<EVP_KEYMGMT-X448(7)> | |
229 | ||
230 | =back | |
231 | ||
7066c57d | 232 | =head2 Random Number Generation |
233 | ||
234 | =over 4 | |
235 | ||
236 | =item CTR-DRBG, see L<EVP_RAND-CTR-DRBG(7)> | |
237 | ||
238 | =item HASH-DRBG, see L<EVP_RAND-HASH-DRBG(7)> | |
239 | ||
240 | =item HMAC-DRBG, see L<EVP_RAND-HMAC-DRBG(7)> | |
241 | ||
242 | =item SEED-SRC, see L<EVP_RAND-SEED-SRC(7)> | |
243 | ||
244 | =item TEST-RAND, see L<EVP_RAND-TEST-RAND(7)> | |
245 | ||
246 | =back | |
247 | ||
ece9304c | 248 | =head2 Asymmetric Key Encoder |
c5926e93 | 249 | |
ece9304c | 250 | The default provider also includes all of the encoding algorithms |
dfc0857d P |
251 | present in the base provider. Some of these have the property "fips=yes", |
252 | to allow them to be used together with the FIPS provider. | |
c5926e93 RL |
253 | |
254 | =over 4 | |
255 | ||
ece9304c | 256 | =item RSA, see L<OSSL_ENCODER-RSA(7)> |
c5926e93 | 257 | |
ece9304c | 258 | =item DH, see L<OSSL_ENCODER-DH(7)> |
c5926e93 | 259 | |
ece9304c | 260 | =item DSA, see L<OSSL_ENCODER-DSA(7)> |
c5926e93 | 261 | |
ece9304c | 262 | =item EC, see L<OSSL_ENCODER-EC(7)> |
c5926e93 | 263 | |
ece9304c | 264 | =item X25519, see L<OSSL_ENCODER-X25519(7)> |
c5926e93 | 265 | |
ece9304c | 266 | =item X448, see L<OSSL_ENCODER-X448(7)> |
c5926e93 RL |
267 | |
268 | =back | |
269 | ||
270 | =head1 SEE ALSO | |
271 | ||
dfc0857d P |
272 | L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, L<provider(7)>, |
273 | L<OSSL_PROVIDER-base(7)> | |
c5926e93 | 274 | |
fdc5043d P |
275 | =head1 HISTORY |
276 | ||
277 | The RIPEMD160 digest was added to the default provider in OpenSSL 3.0.7. | |
278 | ||
4741c80c | 279 | All other functionality was added in OpenSSL 3.0. |
280 | ||
c5926e93 RL |
281 | =head1 COPYRIGHT |
282 | ||
4333b89f | 283 | Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. |
c5926e93 RL |
284 | |
285 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
286 | this file except in compliance with the License. You can obtain a copy | |
287 | in the file LICENSE in the source distribution or at | |
288 | L<https://www.openssl.org/source/license.html>. | |
289 | ||
290 | =cut |