1=pod
2
3=head1 NAME
4
5OSSL_PROVIDER-default - OpenSSL default provider
6
7=head1 DESCRIPTION
8
9The OpenSSL default provider supplies the majority of OpenSSL's diverse
10algorithm implementations. If an application doesn't specify anything else
11explicitly (e.g. in the application or via config), then this is the
12provider that will be used as fallback: It is loaded automatically the
13first time that an algorithm is fetched from a provider or a function
14acting on providers is called and no other provider has been loaded yet.
15
16If an attempt to load a provider has already been made (whether successful
17or not) then the default provider won't be loaded automatically. Therefore
18if the default provider is to be used in conjunction with other providers
19then it must be loaded explicitly. Automatic loading of the default
20provider only occurs a maximum of once; if the default provider is
21explicitly unloaded then the default provider will not be automatically
22loaded again.
23
24=head2 Properties
25
26The implementations in this provider specifically have this property
27defined:
28
29=over 4
30
31=item "provider=default"
32
33=back
34
35It may be used in a property query string with fetching functions such as
36L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>, as well as with other
37functions that take a property query string, such as
38L<EVP_PKEY_CTX_new_from_name(3)>.
39
40It isn't mandatory to query for this property, except to make sure to get
41implementations of this provider and none other.
42
43Some implementations may define additional properties.  Exact information is
44listed below
45
46=head1 OPERATIONS AND ALGORITHMS
47
48The OpenSSL default provider supports these operations and algorithms:
49
50=head2 Hashing Algorithms / Message Digests
51
52=over 4
53
54=item SHA1, see L<EVP_MD-SHA1(7)>
55
56=item SHA2, see L<EVP_MD-SHA2(7)>
57
58=item SHA3, see L<EVP_MD-SHA3(7)>
59
60=item KECCAK, see L<EVP_MD-KECCAK(7)>
61
62=item KECCAK-KMAC, see L<EVP_MD-KECCAK-KMAC(7)>
63
64=item SHAKE, see L<EVP_MD-SHAKE(7)>
65
66=item BLAKE2, see L<EVP_MD-BLAKE2(7)>
67
68=item SM3, see L<EVP_MD-SM3(7)>
69
70=item MD5, see L<EVP_MD-MD5(7)>
71
72=item MD5-SHA1, see L<EVP_MD-MD5-SHA1(7)>
73
74=item RIPEMD160, see L<EVP_MD-RIPEMD160(7)>
75
76=item NULL, see L<EVP_MD-NULL(7)>
77
78=back
79
80=head2 Symmetric Ciphers
81
82=over 4
83
84=item AES, see L<EVP_CIPHER-AES(7)>
85
86=item ARIA, see L<EVP_CIPHER-ARIA(7)>
87
88=item CAMELLIA, see L<EVP_CIPHER-CAMELLIA(7)>
89
90=item 3DES, see L<EVP_CIPHER-DES(7)>
91
92=item SM4, see L<EVP_CIPHER-SM4(7)>
93
94=item ChaCha20, see L<EVP_CIPHER-CHACHA(7)>
95
96=item ChaCha20-Poly1305, see L<EVP_CIPHER-CHACHA(7)>
97
98=item NULL, see L<EVP_CIPHER-NULL(7)>
99
100=back
101
102=head2 Message Authentication Code (MAC)
103
104=over 4
105
106=item BLAKE2, see L<EVP_MAC-BLAKE2(7)>
107
108=item CMAC, see L<EVP_MAC-CMAC(7)>
109
110=item GMAC, see L<EVP_MAC-GMAC(7)>
111
112=item HMAC, see L<EVP_MAC-HMAC(7)>
113
114=item KMAC, see L<EVP_MAC-KMAC(7)>
115
116=item SIPHASH, see L<EVP_MAC-Siphash(7)>
117
118=item POLY1305, see L<EVP_MAC-Poly1305(7)>
119
120=back
121
122=head2 Key Derivation Function (KDF)
123
124=over 4
125
126=item HKDF, see L<EVP_KDF-HKDF(7)>
127
128=item HKDF-SHA256, see L<EVP_KDF-HKDF(7)>
129
130=item HKDF-SHA384, see L<EVP_KDF-HKDF(7)>
131
132=item HKDF-SHA512, see L<EVP_KDF-HKDF(7)>
133
134=item TLS13-KDF, see L<EVP_KDF-TLS13_KDF(7)>
135
136=item SSKDF, see L<EVP_KDF-SS(7)>
137
138=item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
139
140=item PKCS12KDF, see L<EVP_KDF-PKCS12KDF(7)>
141
142=item SSHKDF, see L<EVP_KDF-SSHKDF(7)>
143
144=item TLS1-PRF, see L<EVP_KDF-TLS1_PRF(7)>
145
146=item KBKDF, see L<EVP_KDF-KB(7)>
147
148=item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
149
150=item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
151
152=item X963KDF, see L<EVP_KDF-X963(7)>
153
154=item SCRYPT, see L<EVP_KDF-SCRYPT(7)>
155
156=item KRB5KDF, see L<EVP_KDF-KRB5KDF(7)>
157
158=item HMAC-DRBG, see L<EVP_KDF-HMAC-DRBG(7)>
159
160=item ARGON2, see L<EVP_KDF-ARGON2(7)>
161
162=back
163
164=head2 Key Exchange
165
166=over 4
167
168=item DH, see L<EVP_KEYEXCH-DH(7)>
169
170=item ECDH, see L<EVP_KEYEXCH-ECDH(7)>
171
172=item X25519, see L<EVP_KEYEXCH-X25519(7)>
173
174=item X448, see L<EVP_KEYEXCH-X448(7)>
175
176=item ML-KEM-512, see L<EVP_KEM-ML-KEM-512(7)>
177
178=item ML-KEM-768, see L<EVP_KEM-ML-KEM-768(7)>
179
180=item ML-KEM-1024, see L<EVP_KEM-ML-KEM-1024(7)>
181
182=item TLS1-PRF
183
184=item HKDF
185
186=item SCRYPT
187
188=back
189
190=head2 Asymmetric Signature
191
192=over 4
193
194=item DSA, see L<EVP_SIGNATURE-DSA(7)>
195
196=item RSA, see L<EVP_SIGNATURE-RSA(7)>
197
198=item ED25519, see L<EVP_SIGNATURE-ED25519(7)>
199
200=item ED448, see L<EVP_SIGNATURE-ED448(7)>
201
202=item ECDSA, see L<EVP_SIGNATURE-ECDSA(7)>
203
204=item SM2
205
206=item LMS, see L<EVP_SIGNATURE-LMS(7)>
207
208=item ML-DSA-44, see L<EVP_SIGNATURE-ML-DSA(7)>
209
210=item ML-DSA-65, see L<EVP_SIGNATURE-ML-DSA(7)>
211
212=item ML-DSA-87, see L<EVP_SIGNATURE-ML-DSA(7)>
213
214=item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
215
216=item SIPHASH, see L<EVP_SIGNATURE-Siphash(7)>
217
218=item POLY1305, see L<EVP_SIGNATURE-Poly1305(7)>
219
220=item CMAC, see L<EVP_SIGNATURE-CMAC(7)>
221
222=item SLH-DSA-SHA2-128s, see L<EVP_SIGNATURE-SLH-DSA(7)>
223
224=item SLH-DSA-SHA2-128f, see L<EVP_SIGNATURE-SLH-DSA(7)>
225
226=item SLH-DSA-SHA2-192s, see L<EVP_SIGNATURE-SLH-DSA(7)>
227
228=item SLH-DSA-SHA2-192f, see L<EVP_SIGNATURE-SLH-DSA(7)>
229
230=item SLH-DSA-SHA2-256s, see L<EVP_SIGNATURE-SLH-DSA(7)>
231
232=item SLH-DSA-SHA2-256f, see L<EVP_SIGNATURE-SLH-DSA(7)>
233
234=item SLH-DSA-SHAKE-128s, see L<EVP_SIGNATURE-SLH-DSA(7)>
235
236=item SLH-DSA-SHAKE-128f, see L<EVP_SIGNATURE-SLH-DSA(7)>
237
238=item SLH-DSA-SHAKE-192s, see L<EVP_SIGNATURE-SLH-DSA(7)>
239
240=item SLH-DSA-SHAKE-192f, see L<EVP_SIGNATURE-SLH-DSA(7)>
241
242=item SLH-DSA-SHAKE-256s, see L<EVP_SIGNATURE-SLH-DSA(7)>
243
244=item SLH-DSA-SHAKE-256f, see L<EVP_SIGNATURE-SLH-DSA(7)>
245
246=back
247
248=head2 Asymmetric Cipher
249
250=over 4
251
252=item RSA, see L<EVP_ASYM_CIPHER-RSA(7)>
253
254=item SM2, see L<EVP_ASYM_CIPHER-SM2(7)>
255
256=back
257
258=head2 Asymmetric Key Encapsulation
259
260=over 4
261
262=item RSA, see L<EVP_KEM-RSA(7)>
263
264=item X25519, see L<EVP_KEM-X25519(7)>
265
266=item X448, see L<EVP_KEM-X448(7)>
267
268=item EC, see L<EVP_KEM-EC(7)>
269
270=item ML-KEM-512, see L<EVP_KEM-ML-KEM-512(7)>
271
272=item ML-KEM-768, see L<EVP_KEM-ML-KEM-768(7)>
273
274=item ML-KEM-1024, see L<EVP_KEM-ML-KEM-1024(7)>
275
276=back
277
278=head2 Asymmetric Key Management
279
280=over 4
281
282=item DSA, see L<EVP_KEYMGMT-DSA(7)>
283
284=item RSA, see L<EVP_KEYMGMT-RSA(7)>
285
286=item RSA-PSS
287
288=item EC, see L<EVP_KEYMGMT-EC(7)>
289
290=item ED25519, see L<EVP_KEYMGMT-ED25519(7)>
291
292=item ED448, see L<EVP_KEYMGMT-ED448(7)>
293
294=item SM2, see L<EVP_KEYMGMT-SM2(7)>
295
296=item DH, see L<EVP_KEYMGMT-DH(7)>
297
298=item DHX, see L<EVP_KEYMGMT-DHX(7)>
299
300=item X25519, see L<EVP_KEYMGMT-X25519(7)>
301
302=item X448, see L<EVP_KEYMGMT-X448(7)>
303
304=item ML-DSA-44, see L<EVP_KEYMGMT-ML-DSA(7)>
305
306=item ML-DSA-65, see L<EVP_KEYMGMT-ML-DSA(7)>
307
308=item ML-DSA-87, see L<EVP_KEYMGMT-ML-DSA(7)>
309
310=item MK-KEM-512, see L<EVP_KEYMGMT-ML-KEM-512(7)>
311
312=item MK-KEM-768, see L<EVP_KEYMGMT-ML-KEM-768(7)>
313
314=item MK-KEM-1024, see L<EVP_KEYMGMT-ML-KEM-1024(7)>
315
316=item SLH-DSA-SHA2-128s, see L<EVP_KEYMGMT-SLH-DSA(7)>
317
318=item SLH-DSA-SHA2-128f, see L<EVP_KEYMGMT-SLH-DSA(7)>
319
320=item SLH-DSA-SHA2-192s, see L<EVP_KEYMGMT-SLH-DSA(7)>
321
322=item SLH-DSA-SHA2-192f, see L<EVP_KEYMGMT-SLH-DSA(7)>
323
324=item SLH-DSA-SHA2-256s, see L<EVP_KEYMGMT-SLH-DSA(7)>
325
326=item SLH-DSA-SHA2-256f, see L<EVP_KEYMGMT-SLH-DSA(7)>
327
328=item SLH-DSA-SHAKE-128s, see L<EVP_KEYMGMT-SLH-DSA(7)>
329
330=item SLH-DSA-SHAKE-128f, see L<EVP_KEYMGMT-SLH-DSA(7)>
331
332=item SLH-DSA-SHAKE-192s, see L<EVP_KEYMGMT-SLH-DSA(7)>
333
334=item SLH-DSA-SHAKE-192f, see L<EVP_KEYMGMT-SLH-DSA(7)>
335
336=item SLH-DSA-SHAKE-256s, see L<EVP_KEYMGMT-SLH-DSA(7)>
337
338=item SLH-DSA-SHAKE-256f, see L<EVP_KEYMGMT-SLH-DSA(7)>
339
340=item TLS1-PRF
341
342=item HKDF
343
344=item SCRYPT
345
346=item HMAC, see L<EVP_KEYMGMT-HMAC(7)>
347
348=item SIPHASH, see L<EVP_KEYMGMT-Siphash(7)>
349
350=item POLY1305, see L<EVP_KEYMGMT-Poly1305(7)>
351
352=item CMAC, see L<EVP_KEYMGMT-CMAC(7)>
353
354=back
355
356=head2 Random Number Generation
357
358=over 4
359
360=item CTR-DRBG, see L<EVP_RAND-CTR-DRBG(7)>
361
362=item HASH-DRBG, see L<EVP_RAND-HASH-DRBG(7)>
363
364=item HMAC-DRBG, see L<EVP_RAND-HMAC-DRBG(7)>
365
366=item SEED-SRC,  see L<EVP_RAND-SEED-SRC(7)>
367
368=item JITTER,  see L<EVP_RAND-JITTER(7)>
369
370=item TEST-RAND, see L<EVP_RAND-TEST-RAND(7)>
371
372=back
373
374In addition to this provider, the "SEED-SRC" and "JITTER" algorithms
375are also available in the base provider.
376
377=head2 Asymmetric Key Encoder
378
379=over 4
380
381=item RSA
382
383=item RSA-PSS
384
385=item DH
386
387=item DHX
388
389=item DSA
390
391=item EC
392
393=item ED25519
394
395=item ED448
396
397=item X25519
398
399=item X448
400
401=item SM2
402
403=item ML-DSA-44
404
405=item ML-DSA-65
406
407=item ML-DSA-87
408
409=item ML-KEM-512
410
411=item ML-KEM-768
412
413=item ML-KEM-1024
414
415=item SLH-DSA-SHA2-128s
416
417=item SLH-DSA-SHA2-128f
418
419=item SLH-DSA-SHA2-192s
420
421=item SLH-DSA-SHA2-192f
422
423=item SLH-DSA-SHA2-256s
424
425=item SLH-DSA-SHA2-256f
426
427=item SLH-DSA-SHAKE-128s
428
429=item SLH-DSA-SHAKE-128f
430
431=item SLH-DSA-SHAKE-192s
432
433=item SLH-DSA-SHAKE-192f
434
435=item SLH-DSA-SHAKE-256s
436
437=item SLH-DSA-SHAKE-256f
438
439=back
440
441In addition to this provider, all of these encoding algorithms are also
442available in the base provider. Some of these algorithms may be used in
443combination with the FIPS provider.
444
445=head2 Asymmetric Key Decoder
446
447=over 4
448
449=item RSA
450
451=item RSA-PSS
452
453=item DH
454
455=item DHX
456
457=item DSA
458
459=item EC
460
461=item ED25519
462
463=item ED448
464
465=item X25519
466
467=item X448
468
469=item SM2
470
471=item ML-DSA-44
472
473=item ML-DSA-65
474
475=item ML-DSA-87
476
477=item ML-KEM-512
478
479=item ML-KEM-768
480
481=item ML-KEM-1024
482
483=item SLH-DSA-SHA2-128s
484
485=item SLH-DSA-SHA2-128f
486
487=item SLH-DSA-SHA2-192s
488
489=item SLH-DSA-SHA2-192f
490
491=item SLH-DSA-SHA2-256s
492
493=item SLH-DSA-SHA2-256f
494
495=item SLH-DSA-SHAKE-128s
496
497=item SLH-DSA-SHAKE-128f
498
499=item SLH-DSA-SHAKE-192s
500
501=item SLH-DSA-SHAKE-192f
502
503=item SLH-DSA-SHAKE-256s
504
505=item SLH-DSA-SHAKE-256f
506
507=back
508
509In addition to this provider, all of these decoding algorithms are also
510available in the base provider. Some of these algorithms may be used in
511combination with the FIPS provider.
512
513=head2 Stores
514
515=over 4
516
517=item file
518
519=item org.openssl.winstore, see L<OSSL_STORE-winstore(7)>
520
521=back
522
523In addition to this provider, all of these store algorithms are also
524available in the base provider.
525
526=head1 SEE ALSO
527
528L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, L<provider(7)>,
529L<OSSL_PROVIDER-base(7)>
530
531=head1 HISTORY
532
533The RIPEMD160 digest was added to the default provider in OpenSSL 3.0.7.
534
535The HKDF-SHA256, HKDF-SHA384 and HKDF-SHA512 algorithms were added in OpenSSL 3.6.
536
537All other functionality was added in OpenSSL 3.0.
538
539=head1 COPYRIGHT
540
541Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
542
543Licensed under the Apache License 2.0 (the "License").  You may not use
544this file except in compliance with the License.  You can obtain a copy
545in the file LICENSE in the source distribution or at
546L<https://www.openssl.org/source/license.html>.
547
548=cut
549