{ "content": [ { "type": "text", "text": "# provider (man)\n\n## NAME\n\nprovider - OpenSSL operation implementation providers\n\n## SYNOPSIS\n\n#include \n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION** (3 subsections)\n- **OPENSSL PROVIDERS**\n- **SEE ALSO**\n- **HISTORY**\n- **COPYRIGHT**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "provider", "section": "", "mode": "man", "summary": "provider - OpenSSL operation implementation providers", "synopsis": "#include ", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [ { "name": "EVPDigestInitex", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPDigestInitex/3/json" }, { "name": "EVPEncryptInitex", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPEncryptInitex/3/json" }, { "name": "OSSLLIBCTX", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/OSSLLIBCTX/3/json" }, { "name": "EVPsetdefaultproperties", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPsetdefaultproperties/3/json" }, { "name": "EVPMDfetch", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPMDfetch/3/json" }, { "name": "EVPCIPHERfetch", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPCIPHERfetch/3/json" }, { "name": "EVPKEYMGMTfetch", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKEYMGMTfetch/3/json" }, { "name": "openssl-core.h", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/openssl-core.h/7/json" }, { "name": "provider-base", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/provider-base/7/json" }, { "name": "provider-digest", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/provider-digest/7/json" }, { "name": "provider-cipher", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/provider-cipher/7/json" }, { "name": "provider-keyexch", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/provider-keyexch/7/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 2, "subsections": [] }, { "name": "DESCRIPTION", "lines": 1, "subsections": [ { "name": "General", "lines": 14 }, { "name": "Provider", "lines": 53 }, { "name": "Operations", "lines": 67 } ] }, { "name": "OPENSSL PROVIDERS", "lines": 3, "subsections": [] }, { "name": "SEE ALSO", "lines": 4, "subsections": [] }, { "name": "HISTORY", "lines": 2, "subsections": [] }, { "name": "COPYRIGHT", "lines": 9, "subsections": [] } ], "sections": { "NAME": { "content": "provider - OpenSSL operation implementation providers\n", "subsections": [] }, "SYNOPSIS": { "content": "#include \n", "subsections": [] }, "DESCRIPTION": { "content": "", "subsections": [ { "name": "General", "content": "This page contains information useful to provider authors.\n\nA provider, in OpenSSL terms, is a unit of code that provides one or more implementations for\nvarious operations for diverse algorithms that one might want to perform.\n\nAn operation is something one wants to do, such as encryption and decryption, key derivation,\nMAC calculation, signing and verification, etc.\n\nAn algorithm is a named method to perform an operation. Very often, the algorithms revolve\naround cryptographic operations, but may also revolve around other types of operation, such\nas managing certain types of objects.\n\nSee crypto(7) for further details.\n" }, { "name": "Provider", "content": "A provider offers an initialization function, as a set of base functions in the form of an\nOSSLDISPATCH array, and by extension, a set of OSSLALGORITHMs (see openssl-core.h(7)). It\nmay be a dynamically loadable module, or may be built-in, in OpenSSL libraries or in the\napplication. If it's a dynamically loadable module, the initialization function must be\nnamed \"OSSLproviderinit\" and must be exported. If it's built-in, the initialization\nfunction may have any name.\n\nThe initialization function must have the following signature:\n\nint NAME(const OSSLCOREHANDLE *handle,\nconst OSSLDISPATCH *in, const OSSLDISPATCH out,\nvoid provctx);\n\nhandle is the OpenSSL library object for the provider, and works as a handle for everything\nthe OpenSSL libraries need to know about the provider. For the provider itself, it is passed\nto some of the functions given in the dispatch array in.\n\nin is a dispatch array of base functions offered by the OpenSSL libraries, and the available\nfunctions are further described in provider-base(7).\n\n*out must be assigned a dispatch array of base functions that the provider offers to the\nOpenSSL libraries. The functions that may be offered are further described in\nprovider-base(7), and they are the central means of communication between the OpenSSL\nlibraries and the provider.\n\n*provctx should be assigned a provider specific context to allow the provider multiple\nsimultaneous uses. This pointer will be passed to various operation functions offered by the\nprovider.\n\nNote that the provider will not be made available for applications to use until the\ninitialization function has completed and returned successfully.\n\nOne of the functions the provider offers to the OpenSSL libraries is the central mechanism\nfor the OpenSSL libraries to get access to operation implementations for diverse algorithms.\nIts referred to with the number OSSLFUNCPROVIDERQUERYOPERATION and has the following\nsignature:\n\nconst OSSLALGORITHM *providerqueryoperation(void *provctx,\nint operationid,\nconst int *nostore);\n\nprovctx is the provider specific context that was passed back by the initialization function.\n\noperationid is an operation identity (see \"Operations\" below).\n\nnostore is a flag back to the OpenSSL libraries which, when nonzero, signifies that the\nOpenSSL libraries will not store a reference to the returned data in their internal store of\nimplementations.\n\nThe returned OSSLALGORITHM is the foundation of any OpenSSL library API that uses providers\nfor their implementation, most commonly in the fetching type of functions (see \"ALGORITHM\nFETCHING\" in crypto(7)).\n" }, { "name": "Operations", "content": "Operations are referred to with numbers, via macros with names starting with \"OSSLOP\".\n\nWith each operation comes a set of defined function types that a provider may or may not\noffer, depending on its needs.\n\nCurrently available operations are:\n\nDigests\nIn the OpenSSL libraries, the corresponding method object is EVPMD. The number for this\noperation is OSSLOPDIGEST. The functions the provider can offer are described in\nprovider-digest(7)\n\nSymmetric ciphers\nIn the OpenSSL libraries, the corresponding method object is EVPCIPHER. The number for\nthis operation is OSSLOPCIPHER. The functions the provider can offer are described in\nprovider-cipher(7)\n\nMessage Authentication Code (MAC)\nIn the OpenSSL libraries, the corresponding method object is EVPMAC. The number for\nthis operation is OSSLOPMAC. The functions the provider can offer are described in\nprovider-mac(7)\n\nKey Derivation Function (KDF)\nIn the OpenSSL libraries, the corresponding method object is EVPKDF. The number for\nthis operation is OSSLOPKDF. The functions the provider can offer are described in\nprovider-kdf(7)\n\nKey Exchange\nIn the OpenSSL libraries, the corresponding method object is EVPKEYEXCH. The number for\nthis operation is OSSLOPKEYEXCH. The functions the provider can offer are described in\nprovider-keyexch(7)\n\nAsymmetric Ciphers\nIn the OpenSSL libraries, the corresponding method object is EVPASYMCIPHER. The number\nfor this operation is OSSLOPASYMCIPHER. The functions the provider can offer are\ndescribed in provider-asymcipher(7)\n\nAsymmetric Key Encapsulation\nIn the OpenSSL libraries, the corresponding method object is EVPKEM. The number for\nthis operation is OSSLOPKEM. The functions the provider can offer are described in\nprovider-kem(7)\n\nEncoding\nIn the OpenSSL libraries, the corresponding method object is OSSLENCODER. The number\nfor this operation is OSSLOPENCODER. The functions the provider can offer are\ndescribed in provider-encoder(7)\n\nAlgorithm naming\n\nAlgorithm names are case insensitive. Any particular algorithm can have multiple aliases\nassociated with it. The canonical OpenSSL naming scheme follows this format:\n\nALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]\n\nVERSION is only present if there are multiple versions of an algorithm (e.g. MD2, MD4, MD5).\nIt may be omitted if there is only one version.\n\nSUBNAME may be present where multiple algorithms are combined together, e.g. MD5-SHA1.\n\nSIZE is only present if multiple versions of an algorithm exist with different sizes (e.g.\nAES-128-CBC, AES-256-CBC)\n\nMODE is only present where applicable.\n\nOther aliases may exist for example where standards bodies or common practice use alternative\nnames or names that OpenSSL has used historically.\n" } ] }, "OPENSSL PROVIDERS": { "content": "OpenSSL provides a number of its own providers. These are the default, base, fips, legacy and\nnull providers. See crypto(7) for an overview of these providers.\n", "subsections": [] }, "SEE ALSO": { "content": "EVPDigestInitex(3), EVPEncryptInitex(3), OSSLLIBCTX(3), EVPsetdefaultproperties(3),\nEVPMDfetch(3), EVPCIPHERfetch(3), EVPKEYMGMTfetch(3), openssl-core.h(7),\nprovider-base(7), provider-digest(7), provider-cipher(7), provider-keyexch(7)\n", "subsections": [] }, "HISTORY": { "content": "The concept of providers and everything surrounding them was introduced in OpenSSL 3.0.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-06-02 PROVIDER(7SSL)", "subsections": [] } } } }