{
    "mode": "info",
    "parameter": "PROVIDER",
    "section": "",
    "url": "https://www.chedong.com/phpMan.php/info/PROVIDER/json",
    "generated": "2026-07-05T23:42:42Z",
    "synopsis": "#include <openssl/provider.h>",
    "sections": {
        "NAME": {
            "content": "provider - OpenSSL operation implementation providers\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "#include <openssl/provider.h>\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "General\nThis page contains information useful to provider authors.\n\nA provider, in OpenSSL terms, is a unit of code that provides one or\nmore implementations for various operations for diverse algorithms that\none might want to perform.\n\nAn operation is something one wants to do, such as encryption and\ndecryption, key derivation, MAC calculation, signing and verification,\netc.\n\nAn algorithm is a named method to perform an operation.  Very often,\nthe algorithms revolve around cryptographic operations, but may also\nrevolve around other types of operation, such as managing certain types\nof objects.\n\nSee crypto(7) for further details.\n\nProvider\nA provider offers an initialization function, as a set of base\nfunctions in the form of an OSSLDISPATCH array, and by extension, a\nset of OSSLALGORITHMs (see openssl-core.h(7)).  It may be a\ndynamically loadable module, or may be built-in, in OpenSSL libraries\nor in the application.  If it's a dynamically loadable module, the\ninitialization function must be named \"OSSLproviderinit\" and must be\nexported.  If it's built-in, the initialization function may have any\nname.\n\nThe initialization function must have the following signature:\n\nint NAME(const OSSLCOREHANDLE *handle,\nconst OSSLDISPATCH *in, const OSSLDISPATCH out,\nvoid provctx);\n\nhandle is the OpenSSL library object for the provider, and works as a\nhandle for everything the OpenSSL libraries need to know about the\nprovider.  For the provider itself, it is passed to some of the\nfunctions given in the dispatch array in.\n\nin is a dispatch array of base functions offered by the OpenSSL\nlibraries, and the available functions are further described in\nprovider-base(7).\n\n*out must be assigned a dispatch array of base functions that the\nprovider offers to the OpenSSL libraries.  The functions that may be\noffered are further described in provider-base(7), and they are the\ncentral means of communication between the OpenSSL libraries and the\nprovider.\n\n*provctx should be assigned a provider specific context to allow the\nprovider multiple simultaneous uses.  This pointer will be passed to\nvarious operation functions offered by the provider.\n\nNote that the provider will not be made available for applications to\nuse until the initialization function has completed and returned\nsuccessfully.\n\nOne of the functions the provider offers to the OpenSSL libraries is\nthe central mechanism for the OpenSSL libraries to get access to\noperation implementations for diverse algorithms.  Its referred to with\nthe number OSSLFUNCPROVIDERQUERYOPERATION and has the following\nsignature:\n\nconst OSSLALGORITHM *providerqueryoperation(void *provctx,\nint operationid,\nconst int *nostore);\n\nprovctx is the provider specific context that was passed back by the\ninitialization function.\n\noperationid is an operation identity (see \"Operations\" below).\n\nnostore is a flag back to the OpenSSL libraries which, when nonzero,\nsignifies that the OpenSSL libraries will not store a reference to the\nreturned data in their internal store of implementations.\n\nThe returned OSSLALGORITHM is the foundation of any OpenSSL library\nAPI that uses providers for their implementation, most commonly in the\nfetching type of functions (see \"ALGORITHM FETCHING\" in crypto(7)).\n\nOperations\nOperations are referred to with numbers, via macros with names starting\nwith \"OSSLOP\".\n\nWith each operation comes a set of defined function types that a\nprovider may or may not offer, depending on its needs.\n\nCurrently available operations are:\n\nDigests\nIn the OpenSSL libraries, the corresponding method object is\nEVPMD.  The number for this operation is OSSLOPDIGEST.  The\nfunctions the provider can offer are described in\nprovider-digest(7)\n\nSymmetric ciphers\nIn the OpenSSL libraries, the corresponding method object is\nEVPCIPHER.  The number for this operation is OSSLOPCIPHER.  The\nfunctions the provider can offer are described in\nprovider-cipher(7)\n\nMessage Authentication Code (MAC)\nIn the OpenSSL libraries, the corresponding method object is\nEVPMAC.  The number for this operation is OSSLOPMAC.  The\nfunctions the provider can offer are described in provider-mac(7)\n\nKey Derivation Function (KDF)\nIn the OpenSSL libraries, the corresponding method object is\nEVPKDF.  The number for this operation is OSSLOPKDF.  The\nfunctions the provider can offer are described in provider-kdf(7)\n\nKey Exchange\nIn the OpenSSL libraries, the corresponding method object is\nEVPKEYEXCH.  The number for this operation is OSSLOPKEYEXCH.\nThe functions the provider can offer are described in\nprovider-keyexch(7)\n\nAsymmetric Ciphers\nIn the OpenSSL libraries, the corresponding method object is\nEVPASYMCIPHER.  The number for this operation is\nOSSLOPASYMCIPHER.  The functions the provider can offer are\ndescribed in provider-asymcipher(7)\n\nAsymmetric Key Encapsulation\nIn the OpenSSL libraries, the corresponding method object is\nEVPKEM.  The number for this operation is OSSLOPKEM.  The\nfunctions the provider can offer are described in provider-kem(7)\n\nEncoding\nIn the OpenSSL libraries, the corresponding method object is\nOSSLENCODER.  The number for this operation is OSSLOPENCODER.\nThe functions the provider can offer are described in\nprovider-encoder(7)\n\nAlgorithm naming\n\nAlgorithm names are case insensitive. Any particular algorithm can have\nmultiple aliases associated with it. The canonical OpenSSL naming\nscheme follows this format:\n\nALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]\n\nVERSION is only present if there are multiple versions of an algorithm\n(e.g.  MD2, MD4, MD5).  It may be omitted if there is only one version.\n\nSUBNAME may be present where multiple algorithms are combined together,\ne.g. MD5-SHA1.\n\nSIZE is only present if multiple versions of an algorithm exist with\ndifferent sizes (e.g. AES-128-CBC, AES-256-CBC)\n\nMODE is only present where applicable.\n\nOther aliases may exist for example where standards bodies or common\npractice use alternative names or names that OpenSSL has used\nhistorically.\n",
            "subsections": []
        },
        "OPENSSL PROVIDERS": {
            "content": "OpenSSL provides a number of its own providers. These are the default,\nbase, fips, legacy and null providers. See crypto(7) for an overview of\nthese providers.\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "EVPDigestInitex(3), EVPEncryptInitex(3), OSSLLIBCTX(3),\nEVPsetdefaultproperties(3), EVPMDfetch(3), EVPCIPHERfetch(3),\nEVPKEYMGMTfetch(3), openssl-core.h(7), provider-base(7),\nprovider-digest(7), provider-cipher(7), provider-keyexch(7)\n",
            "subsections": []
        },
        "HISTORY": {
            "content": "The concept of providers and everything surrounding them was introduced\nin OpenSSL 3.0.\n",
            "subsections": []
        },
        "COPYRIGHT": {
            "content": "Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\").  You may not use\nthis file except in compliance with the License.  You can obtain a copy\nin the file LICENSE in the source distribution or at\n<https://www.openssl.org/source/license.html>.\n\n3.0.2                             2026-06-02                    PROVIDER(7SSL)",
            "subsections": []
        }
    },
    "summary": "provider - OpenSSL operation implementation providers",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "EVPDigestInitex",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPDigestInitex/3/json"
        },
        {
            "name": "EVPEncryptInitex",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPEncryptInitex/3/json"
        },
        {
            "name": "OSSLLIBCTX",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/OSSLLIBCTX/3/json"
        },
        {
            "name": "EVPsetdefaultproperties",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPsetdefaultproperties/3/json"
        },
        {
            "name": "EVPMDfetch",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPMDfetch/3/json"
        },
        {
            "name": "EVPCIPHERfetch",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPCIPHERfetch/3/json"
        },
        {
            "name": "EVPKEYMGMTfetch",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKEYMGMTfetch/3/json"
        },
        {
            "name": "openssl-core.h",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/openssl-core.h/7/json"
        },
        {
            "name": "provider-base",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/provider-base/7/json"
        },
        {
            "name": "provider-digest",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/provider-digest/7/json"
        },
        {
            "name": "provider-cipher",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/provider-cipher/7/json"
        },
        {
            "name": "provider-keyexch",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/provider-keyexch/7/json"
        }
    ]
}