xref: /openssl-master/doc/man7/crypto.pod

47 A provider in OpenSSL is a component that collects together algorithm
49 provider loaded that contains an implementation of it. OpenSSL comes with a
51 don't load a provider explicitly (either in program code or via config) then the
52 OpenSSL built-in "default" provider will be automatically loaded.
57 options take effect. When a provider is loaded, it is only loaded within the
114 "provider=default" could be used to force the selection to only consider
115 algorithm implementations in the default provider.
128 Users of the OpenSSL libraries never query a provider directly for an algorithm
148 no provider has been loaded in this library context then the default provider
194 Fetch the operation type implementation from any provider given a library
197 If the provider of the operation type implementation is different from the
198 provider of the L<EVP_PKEY(3)>'s L<EVP_KEYMGMT(3)> implementation, try to
199 fetch a L<EVP_KEYMGMT(3)> implementation in the same provider as the operation
208 provider as the original L<EVP_PKEY(3)>'s L<EVP_KEYMGMT(3)>, still using the
231 Fetch an implementation of SHA2-256 from the default provider in the default
234  EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider=default");
238 Fetch an implementation of SHA2-256 that is not from the default provider in the
241  EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider!=default");
245 Fetch an implementation of SHA2-256 from the default provider in the specified
248  EVP_MD *md = EVP_MD_fetch(ctx, "SHA2-256", "provider=default");
252 Load the legacy provider into the default context and then fetch an
258  EVP_MD *md = EVP_MD_fetch(NULL, "WHIRLPOOL", "provider=legacy");
262 Note that in the above example the property string "provider=legacy" is optional
264 the "whirlpool" algorithm is in the "legacy" provider. Also note that the
265 default provider should be explicitly loaded if it is required in addition to
287 algorithm identifier to the appropriate fetching function. Also see the provider
292 For information on writing a provider see L<provider(7)>.
294 =head2 Default provider
296 The default provider is built in as part of the F<libcrypto> library and
299 algorithms), the property query string "provider=default" can be used as a
300 search criterion for these implementations.  The default provider includes all
301 of the functionality in the base provider below.
303 If you don't load any providers at all then the "default" provider will be
304 automatically loaded. If you explicitly load any provider then the "default"
305 provider would also need to be explicitly loaded if it is required.
309 =head2 Base provider
311 The base provider is built in as part of the F<libcrypto> library and contains
315 "provider=base" can be used as a search criterion for these implementations.
317 implementations in themselves but support algorithms from the FIPS provider and
323 =head2 FIPS provider
325 The FIPS provider is a dynamically loadable module, and must therefore
330 property query string "provider=fips" can be used as a search criterion for
332 provider can also be selected with the property "fips=yes". The FIPS provider
338 =head2 Legacy provider
340 The legacy provider is a dynamically loadable module, and must therefore
345 the property "provider=legacy" can be used as a search criterion for these
350 =head2 Null provider
352 The null provider is built in as part of the F<libcrypto> library. It contains
353 no algorithms in it at all. When fetching algorithms the default provider will
354 be automatically loaded if no other provider has been explicitly loaded. To
355 prevent that from happening you can explicitly load the null provider.
463 provider. They are also duplicated in the base provider.
496 L<openssl-glossary(7)>, L<provider(7)>

Last Index update Sun Aug 20 00:18:20 CST 2023