xref: /freebsd/crypto/openssl/doc/man7/OSSL_PROVIDER-default.pod (revision 66fd12cf4896eb08ad8e7a2627537f84ead84dd3)
1=pod
2
3=head1 NAME
4
5OSSL_PROVIDER-default - OpenSSL default provider
6
7=head1 DESCRIPTION
8
9The OpenSSL default provider supplies the majority of OpenSSL's diverse
10algorithm implementations. If an application doesn't specify anything else
11explicitly (e.g. in the application or via config), then this is the
12provider that will be used as fallback: It is loaded automatically the
13first time that an algorithm is fetched from a provider or a function
14acting on providers is called and no other provider has been loaded yet.
15
16If an attempt to load a provider has already been made (whether successful
17or not) then the default provider won't be loaded automatically. Therefore
18if the default provider is to be used in conjunction with other providers
19then it must be loaded explicitly. Automatic loading of the default
20provider only occurs a maximum of once; if the default provider is
21explicitly unloaded then the default provider will not be automatically
22loaded again.
23
24=head2 Properties
25
26The implementations in this provider specifically have this property
27defined:
28
29=over 4
30
31=item "provider=default"
32
33=back
34
35It may be used in a property query string with fetching functions such as
36L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>, as well as with other
37functions that take a property query string, such as
38L<EVP_PKEY_CTX_new_from_name(3)>.
39
40It isn't mandatory to query for this property, except to make sure to get
41implementations of this provider and none other.
42
43Some implementations may define additional properties.  Exact information is
44listed below
45
46=head1 OPERATIONS AND ALGORITHMS
47
48The OpenSSL default provider supports these operations and algorithms:
49
50=head2 Hashing Algorithms / Message Digests
51
52=over 4
53
54=item SHA1, see L<EVP_MD-SHA1(7)>
55
56=item SHA2, see L<EVP_MD-SHA2(7)>
57
58=item SHA3, see L<EVP_MD-SHA3(7)>
59
60=item KECCAK-KMAC, see L<EVP_MD-KECCAK-KMAC(7)>
61
62=item SHAKE, see L<EVP_MD-SHAKE(7)>
63
64=item BLAKE2, see L<EVP_MD-BLAKE2(7)>
65
66=item SM3, see L<EVP_MD-SM3(7)>
67
68=item MD5, see L<EVP_MD-MD5(7)>
69
70=item MD5-SHA1, see L<EVP_MD-MD5-SHA1(7)>
71
72=item RIPEMD160, see L<EVP_MD-RIPEMD160(7)>
73
74=item NULL, see L<EVP_MD-NULL(7)>
75
76=back
77
78=head2 Symmetric Ciphers
79
80=over 4
81
82=item AES, see L<EVP_CIPHER-AES(7)>
83
84=item ARIA, see L<EVP_CIPHER-ARIA(7)>
85
86=item CAMELLIA, see L<EVP_CIPHER-CAMELLIA(7)>
87
88=item 3DES, see L<EVP_CIPHER-DES(7)>
89
90=item SEED, see L<EVP_CIPHER-SEED(7)>
91
92=item SM4, see L<EVP_CIPHER-SM4(7)>
93
94=item ChaCha20, see L<EVP_CIPHER-CHACHA(7)>
95
96=item ChaCha20-Poly1305, see L<EVP_CIPHER-CHACHA(7)>
97
98=item NULL, see L<EVP_CIPHER-NULL(7)>
99
100=back
101
102=head2 Message Authentication Code (MAC)
103
104=over 4
105
106=item BLAKE2, see L<EVP_MAC-BLAKE2(7)>
107
108=item CMAC, see L<EVP_MAC-CMAC(7)>
109
110=item GMAC, see L<EVP_MAC-GMAC(7)>
111
112=item HMAC, see L<EVP_MAC-HMAC(7)>
113
114=item KMAC, see L<EVP_MAC-KMAC(7)>
115
116=item SIPHASH, see L<EVP_MAC-Siphash(7)>
117
118=item POLY1305, see L<EVP_MAC-Poly1305(7)>
119
120=back
121
122=head2 Key Derivation Function (KDF)
123
124=over 4
125
126=item HKDF, see L<EVP_KDF-HKDF(7)>
127
128=item SSKDF, see L<EVP_KDF-SS(7)>
129
130=item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
131
132=item PKCS12KDF, see L<EVP_KDF-PKCS12KDF(7)>
133
134=item SSHKDF, see L<EVP_KDF-SSHKDF(7)>
135
136=item TLS1-PRF, see L<EVP_KDF-TLS1_PRF(7)>
137
138=item KBKDF, see L<EVP_KDF-KB(7)>
139
140=item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
141
142=item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
143
144=item X963KDF, see L<EVP_KDF-X963(7)>
145
146=item SCRYPT, see L<EVP_KDF-SCRYPT(7)>
147
148=item KRB5KDF, see L<EVP_KDF-KRB5KDF(7)>
149
150
151=back
152
153=head2 Key Exchange
154
155=over 4
156
157=item DH, see L<EVP_KEYEXCH-DH(7)>
158
159=item ECDH, see L<EVP_KEYEXCH-ECDH(7)>
160
161=item X25519, see L<EVP_KEYEXCH-X25519(7)>
162
163=item X448, see L<EVP_KEYEXCH-X448(7)>
164
165=back
166
167=head2 Asymmetric Signature
168
169=over 4
170
171=item DSA, see L<EVP_SIGNATURE-DSA(7)>
172
173=item RSA, see L<EVP_SIGNATURE-RSA(7)>
174
175=item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
176
177=item SIPHASH, see L<EVP_SIGNATURE-Siphash(7)>
178
179=item POLY1305, see L<EVP_SIGNATURE-Poly1305(7)>
180
181=item CMAC, see L<EVP_SIGNATURE-CMAC(7)>
182
183=back
184
185=head2 Asymmetric Cipher
186
187=over 4
188
189=item RSA, see L<EVP_ASYM_CIPHER-RSA(7)>
190
191=item SM2, see L<EVP_ASYM_CIPHER-SM2(7)>
192
193=back
194
195=head2 Asymmetric Key Encapsulation
196
197=over 4
198
199=item RSA, see L<EVP_KEM-RSA(7)>
200
201=back
202
203=head2 Asymmetric Key Management
204
205=over 4
206
207=item DH, see L<EVP_KEYMGMT-DH(7)>
208
209=item DHX, see L<EVP_KEYMGMT-DHX(7)>
210
211=item DSA, see L<EVP_KEYMGMT-DSA(7)>
212
213=item RSA, see L<EVP_KEYMGMT-RSA(7)>
214
215=item EC, see L<EVP_KEYMGMT-EC(7)>
216
217=item X25519, see L<EVP_KEYMGMT-X25519(7)>
218
219=item X448, see L<EVP_KEYMGMT-X448(7)>
220
221=back
222
223=head2 Random Number Generation
224
225=over 4
226
227=item CTR-DRBG, see L<EVP_RAND-CTR-DRBG(7)>
228
229=item HASH-DRBG, see L<EVP_RAND-HASH-DRBG(7)>
230
231=item HMAC-DRBG, see L<EVP_RAND-HMAC-DRBG(7)>
232
233=item SEED-SRC,  see L<EVP_RAND-SEED-SRC(7)>
234
235=item TEST-RAND, see L<EVP_RAND-TEST-RAND(7)>
236
237=back
238
239=head2 Asymmetric Key Encoder
240
241The default provider also includes all of the encoding algorithms
242present in the base provider.  Some of these have the property "fips=yes",
243to allow them to be used together with the FIPS provider.
244
245=over 4
246
247=item RSA, see L<OSSL_ENCODER-RSA(7)>
248
249=item DH, see L<OSSL_ENCODER-DH(7)>
250
251=item DSA, see L<OSSL_ENCODER-DSA(7)>
252
253=item EC, see L<OSSL_ENCODER-EC(7)>
254
255=item X25519, see L<OSSL_ENCODER-X25519(7)>
256
257=item X448, see L<OSSL_ENCODER-X448(7)>
258
259=back
260
261=head1 SEE ALSO
262
263L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, L<provider(7)>,
264L<OSSL_PROVIDER-base(7)>
265
266=head1 HISTORY
267
268The RIPEMD160 digest was added to the default provider in OpenSSL 3.0.7.
269
270All other functionality was added in OpenSSL 3.0.
271
272=head1 COPYRIGHT
273
274Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
275
276Licensed under the Apache License 2.0 (the "License").  You may not use
277this file except in compliance with the License.  You can obtain a copy
278in the file LICENSE in the source distribution or at
279L<https://www.openssl.org/source/license.html>.
280
281=cut
282