- [The Null Provider](#the-null-provider)
- [Loading Providers](#loading-providers)
-
Standard Providers
==================
Providers are containers for algorithm implementations. Whenever a cryptographic
algorithm is used via the high level APIs a provider is selected. It is that
provider implementation that actually does the required work. There are five
-providers distributed with OpenSSL. In the future we expect third parties to
+providers distributed with OpenSSL. In the future, we expect third parties to
distribute their own providers which can be added to OpenSSL dynamically.
Documentation about writing providers is available on the [provider(7)]
manual page.
- [provider(7)]: https://www.openssl.org/docs/manmaster/man7/provider.html
-
+ [provider(7)]: https://www.openssl.org/docs/man3.0/man7/provider.html
The Default Provider
--------------------
that will be used. It is loaded automatically the first time that we try to
get an algorithm from a provider if no other provider has been loaded yet.
If another provider has already been loaded then it won't be loaded
-automatically. Therefore if you want to use it in conjunction with other
-providers then you must load it explicitly.
+automatically. Therefore, if you want to use it in conjunction with other
+providers, then you must load it explicitly.
-This is a "built-in" provider which means that it is compiled and linked
+This is a "built-in" provider, which means that it is compiled and linked
into the libcrypto library and does not exist as a separate standalone module.
The Legacy Provider
from the default provider, consisting of algorithms conforming to FIPS standards.
It is intended that this provider will be FIPS140-2 validated.
-In some cases there may be minor behavioural differences between algorithm
+In some cases, there may be minor behavioural differences between algorithm
implementations in this provider compared to the equivalent algorithm in the
default provider. This is typically in order to conform to FIPS standards.
This can be useful if you are using non-default library contexts and want
to ensure that the default library context is never used unintentionally.
-
Loading Providers
=================
-
Providers to be loaded can be specified in the OpenSSL config file.
See the [config(5)] manual page for information about how to configure
providers via the config file, and how to automatically activate them.
- [config(5)]: https://www.openssl.org/docs/manmaster/man5/config.html
+ [config(5)]: https://www.openssl.org/docs/man3.0/man5/config.html
The following is a minimal config file example to load and activate both
the legacy and the default provider in the default library context.
[legacy_sect]
activate = 1
-
It is also possible to load providers programmatically. For example you can
load the legacy provider into the default library context as shown below.
Note that once you have explicitly loaded a provider into the library context
the default provider will no longer be automatically loaded. Therefore you will
often also want to explicitly load the default provider, as is done here:
-
#include <stdio.h>
#include <stdlib.h>
projects / openssl.git / blobdiff