Open-Source Wikis

/

OpenSSL

/

Providers

/

Default provider

openssl/openssl

Default provider

Active contributors: Pauli, Tomas Mraz, slontis, Matt Caswell

Purpose

The default provider is the home of every standard-strength algorithm OpenSSL ships. If your application does not explicitly load any provider, the default provider is auto-loaded and serves all EVP_*_fetch calls. It is built into libcrypto (i.e. compiled and linked, not a separate .so).

Entry point: providers/defltprov.c. The 39 KB defltprov.c is mostly six big OSSL_ALGORITHM arrays — one per OSSL_OP_* — that map names and property strings to dispatch tables defined elsewhere in providers/implementations/.

What it offers

The catalogue is large. Run openssl list -all-algorithms against a build to enumerate everything. Highlights:

Digests (OSSL_OP_DIGEST, in providers/implementations/digests/):

  • SHA-1 (SHA1)
  • SHA-2 family (SHA2-{224,256,384,512,512/224,512/256})
  • SHA-3 family (SHA3-{224,256,384,512}, SHAKE-{128,256}, KECCAK-KMAC-{128,256}, KECCAK-{224,256,384,512})
  • BLAKE2s, BLAKE2b
  • SM3
  • cSHAKE-128/256
  • (Legacy: MD5, MD5-SHA1 are exposed by the default provider for SSL/TLS compat; MD2/4, MDC2, RIPEMD-160, Whirlpool live in legacy.)

Symmetric ciphers (OSSL_OP_CIPHER, in providers/implementations/ciphers/):

  • AES-{128,192,256} in CBC/CFB/CTR/ECB/OFB/GCM/CCM/XTS/OCB/SIV/GCM-SIV/WRAP/CBC-CTS modes
  • AES-{128,256}-CBC-HMAC-SHA1/256/512 (TLS stitched ciphers)
  • ARIA-{128,192,256} CBC/CFB/CTR/ECB/OFB/GCM/CCM
  • Camellia-{128,192,256} CBC/CFB/CTR/ECB/OFB
  • ChaCha20, ChaCha20-Poly1305
  • 3DES (3-key) in CBC/CFB/ECB/OFB/WRAP, plus DES-EDE
  • SM4-{ECB,CBC,CFB,CTR,OFB,GCM,CCM,XTS}
  • The AES TLS-stitched cipher family with HMAC-SHA1/256 ETM variants

MACs (OSSL_OP_MAC, in providers/implementations/macs/):

  • HMAC, CMAC, GMAC, KMAC-128, KMAC-256, Poly1305, SipHash, BLAKE2-MAC

KDFs (OSSL_OP_KDF, in providers/implementations/kdfs/):

  • HKDF, TLS1-PRF, PBKDF1, PBKDF2, scrypt, Argon2 (id, i, d), HMAC-DRBG-KDF, IKEv2-KDF, KB-KDF, KRB5-KDF, PKCS12-KDF, PVK-KDF, SCRYPT, SS-KDF, SSH-KDF, SRTP-KDF, X942-KDF, X963-KDF, SNMP-KDF

Public-key algorithms (OSSL_OP_KEYMGMT + signature/exchange/asym/kem):

  • RSA (PKCS#1, PSS, OAEP, KEM)
  • DSA, DH (FFDHE groups)
  • EC (NIST P-curves, secp curves, brainpool, sect/secp binary, …)
  • Ed25519, Ed448
  • X25519, X448
  • SM2 (signing and key exchange)
  • ML-KEM (FIPS 203)
  • ML-DSA (FIPS 204)
  • SLH-DSA (FIPS 205)
  • LMS (RFC 8554)

RNGs (OSSL_OP_RAND, in providers/implementations/rands/):

  • HMAC-DRBG, Hash-DRBG, CTR-DRBG (NIST SP 800-90A)
  • TEST-RAND (deterministic, only for tests)
  • A "SEED-SRC" pseudo-RAND that wraps the OS entropy source

Encoders/decoders (OSSL_OP_ENCODER / OSSL_OP_DECODER, in providers/implementations/encode_decode/):

  • Encode/decode every public-key algorithm to/from DER, PEM, OSSL_PARAM, and various structures (PKCS#8, SubjectPublicKeyInfo, type-specific PKCS#1, etc.).

Stores (OSSL_OP_STORE, in providers/implementations/storemgmt/):

  • file: URI loader (PEM / DER bundles).

Capabilities

providers/common/capabilities.c publishes capability tables that aren't algorithms in the EVP sense but still need provider routing:

  • TLS-GROUP — every TLS 1.3 named group with its (name, id, min/max version, kem-or-kex, …).
  • TLS-SIGALG — every TLS 1.3 SignatureScheme with its codepoint and the EVP signature primitives it maps to.

libssl queries these at handshake time. See features/tls.

Property strings

The default provider's algorithms are typically registered with provider=default. The default property query in a fresh libctx is empty, so any provider's algorithm matches. To prefer the default explicitly:

EVP_set_default_properties(libctx, "provider=default");
EVP_MD *md = EVP_MD_fetch(libctx, "SHA2-256", NULL);

To prefer the FIPS provider for FIPS-eligible algorithms but still use the default for others:

EVP_set_default_properties(libctx, "?fips=yes");   /* "soft" - prefer fips=yes */

How algorithms are listed in defltprov.c

Each OSSL_OP_* has its own table. Snippet (illustrative):

static const OSSL_ALGORITHM deflt_digests[] = {
    { PROV_NAMES_SHA1, "provider=default", ossl_sha1_functions, "Default Implementation of SHA1" },
    { PROV_NAMES_SHA2_256, "provider=default", ossl_sha256_functions, "..." },
    /* … */
    { NULL, NULL, NULL }
};

The PROV_NAMES_* macros (defined in providers/implementations/include/prov/names.h) expand to colon-separated lists like "SHA2-256:SHA-256:SHA256:2.16.840.1.101.3.4.2.1". The namemap stores all aliases, so users can fetch by any of them.

Where implementations live

The *_functions symbol in each row of defltprov.c resolves to a static const OSSL_DISPATCH[] defined in the implementation's .c file. Examples:

  • ossl_sha256_functionsproviders/implementations/digests/sha2_prov.c
  • ossl_aes256gcm_functionsproviders/implementations/ciphers/cipher_aes_gcm.c
  • ossl_rsa_signature_functionsproviders/implementations/signature/rsa_sig.c
  • ossl_ecdsa_signature_functionsproviders/implementations/signature/ecdsa_sig.c
  • ossl_hkdf_kdf_functionsproviders/implementations/kdfs/hkdf.c
  • ossl_ml_kem_keymgmt_functionsproviders/implementations/keymgmt/ml_kem_kmgmt.c

The cipher_*.h and cipher_*_hw.c files split the algorithm into a "logical" part and a hardware-accelerated low-level part. Per-architecture cipher_*_hw_*.inc files plug in AESNI, ARMv8 crypto, PowerPC, RISC-V Vector, S/390 KMA, etc. The same pattern repeats across digests/, signature/, etc.

Differences from the FIPS provider

Concern Default FIPS
Algorithm coverage Full standard set FIPS-validated subset
Self-tests on load None Mandatory KATs (providers/fips/self_test_kats.c)
Integrity check None HMAC-SHA-256 over module bytes against fingerprint in fipsmodule.cnf
Property provider=default provider=fips,fips=yes
Strength enforcement Permissive (securitycheck_default.c) Strict (securitycheck_fips.c)
Build artefact Built into libcrypto Separate fips.so

Entry points for modification

  • Adding a new algorithm to the default provider: implement it under providers/implementations/<area>/, declare OSSL_DISPATCH[], add a row to the appropriate table in providers/defltprov.c, define names in prov/names.h, write KATs and recipe.
  • Changing security policy (default): edit providers/common/securitycheck_default.c.
  • Adding a new operation type: requires changes to libcrypto (new EVP_* API) plus core_dispatch.h plus the provider tables. Coordinate with maintainers.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Default provider – OpenSSL wiki | Factory