openssl/openssl
Default provider
Active contributors: Pauli, Tomas Mraz, slontis, Matt Caswell
Purpose
The default provider is the home of every standard-strength algorithm OpenSSL ships. If your application does not explicitly load any provider, the default provider is auto-loaded and serves all EVP_*_fetch calls. It is built into libcrypto (i.e. compiled and linked, not a separate .so).
Entry point: providers/defltprov.c. The 39 KB defltprov.c is mostly six big OSSL_ALGORITHM arrays — one per OSSL_OP_* — that map names and property strings to dispatch tables defined elsewhere in providers/implementations/.
What it offers
The catalogue is large. Run openssl list -all-algorithms against a build to enumerate everything. Highlights:
Digests (OSSL_OP_DIGEST, in providers/implementations/digests/):
- SHA-1 (
SHA1) - SHA-2 family (
SHA2-{224,256,384,512,512/224,512/256}) - SHA-3 family (
SHA3-{224,256,384,512},SHAKE-{128,256},KECCAK-KMAC-{128,256},KECCAK-{224,256,384,512}) - BLAKE2s, BLAKE2b
- SM3
- cSHAKE-128/256
- (Legacy: MD5, MD5-SHA1 are exposed by the default provider for SSL/TLS compat; MD2/4, MDC2, RIPEMD-160, Whirlpool live in legacy.)
Symmetric ciphers (OSSL_OP_CIPHER, in providers/implementations/ciphers/):
- AES-{128,192,256} in CBC/CFB/CTR/ECB/OFB/GCM/CCM/XTS/OCB/SIV/GCM-SIV/WRAP/CBC-CTS modes
- AES-{128,256}-CBC-HMAC-SHA1/256/512 (TLS stitched ciphers)
- ARIA-{128,192,256} CBC/CFB/CTR/ECB/OFB/GCM/CCM
- Camellia-{128,192,256} CBC/CFB/CTR/ECB/OFB
- ChaCha20, ChaCha20-Poly1305
- 3DES (3-key) in CBC/CFB/ECB/OFB/WRAP, plus DES-EDE
- SM4-{ECB,CBC,CFB,CTR,OFB,GCM,CCM,XTS}
- The AES TLS-stitched cipher family with HMAC-SHA1/256 ETM variants
MACs (OSSL_OP_MAC, in providers/implementations/macs/):
- HMAC, CMAC, GMAC, KMAC-128, KMAC-256, Poly1305, SipHash, BLAKE2-MAC
KDFs (OSSL_OP_KDF, in providers/implementations/kdfs/):
- HKDF, TLS1-PRF, PBKDF1, PBKDF2, scrypt, Argon2 (id, i, d), HMAC-DRBG-KDF, IKEv2-KDF, KB-KDF, KRB5-KDF, PKCS12-KDF, PVK-KDF, SCRYPT, SS-KDF, SSH-KDF, SRTP-KDF, X942-KDF, X963-KDF, SNMP-KDF
Public-key algorithms (OSSL_OP_KEYMGMT + signature/exchange/asym/kem):
- RSA (PKCS#1, PSS, OAEP, KEM)
- DSA, DH (FFDHE groups)
- EC (NIST P-curves, secp curves, brainpool, sect/secp binary, …)
- Ed25519, Ed448
- X25519, X448
- SM2 (signing and key exchange)
- ML-KEM (FIPS 203)
- ML-DSA (FIPS 204)
- SLH-DSA (FIPS 205)
- LMS (RFC 8554)
RNGs (OSSL_OP_RAND, in providers/implementations/rands/):
- HMAC-DRBG, Hash-DRBG, CTR-DRBG (NIST SP 800-90A)
- TEST-RAND (deterministic, only for tests)
- A "SEED-SRC" pseudo-RAND that wraps the OS entropy source
Encoders/decoders (OSSL_OP_ENCODER / OSSL_OP_DECODER, in providers/implementations/encode_decode/):
- Encode/decode every public-key algorithm to/from DER, PEM, OSSL_PARAM, and various structures (PKCS#8, SubjectPublicKeyInfo, type-specific PKCS#1, etc.).
Stores (OSSL_OP_STORE, in providers/implementations/storemgmt/):
file:URI loader (PEM / DER bundles).
Capabilities
providers/common/capabilities.c publishes capability tables that aren't algorithms in the EVP sense but still need provider routing:
TLS-GROUP— every TLS 1.3 named group with its (name, id, min/max version, kem-or-kex, …).TLS-SIGALG— every TLS 1.3 SignatureScheme with its codepoint and the EVP signature primitives it maps to.
libssl queries these at handshake time. See features/tls.
Property strings
The default provider's algorithms are typically registered with provider=default. The default property query in a fresh libctx is empty, so any provider's algorithm matches. To prefer the default explicitly:
EVP_set_default_properties(libctx, "provider=default");
EVP_MD *md = EVP_MD_fetch(libctx, "SHA2-256", NULL);To prefer the FIPS provider for FIPS-eligible algorithms but still use the default for others:
EVP_set_default_properties(libctx, "?fips=yes"); /* "soft" - prefer fips=yes */How algorithms are listed in defltprov.c
Each OSSL_OP_* has its own table. Snippet (illustrative):
static const OSSL_ALGORITHM deflt_digests[] = {
{ PROV_NAMES_SHA1, "provider=default", ossl_sha1_functions, "Default Implementation of SHA1" },
{ PROV_NAMES_SHA2_256, "provider=default", ossl_sha256_functions, "..." },
/* … */
{ NULL, NULL, NULL }
};The PROV_NAMES_* macros (defined in providers/implementations/include/prov/names.h) expand to colon-separated lists like "SHA2-256:SHA-256:SHA256:2.16.840.1.101.3.4.2.1". The namemap stores all aliases, so users can fetch by any of them.
Where implementations live
The *_functions symbol in each row of defltprov.c resolves to a static const OSSL_DISPATCH[] defined in the implementation's .c file. Examples:
ossl_sha256_functions→providers/implementations/digests/sha2_prov.cossl_aes256gcm_functions→providers/implementations/ciphers/cipher_aes_gcm.cossl_rsa_signature_functions→providers/implementations/signature/rsa_sig.cossl_ecdsa_signature_functions→providers/implementations/signature/ecdsa_sig.cossl_hkdf_kdf_functions→providers/implementations/kdfs/hkdf.cossl_ml_kem_keymgmt_functions→providers/implementations/keymgmt/ml_kem_kmgmt.c
The cipher_*.h and cipher_*_hw.c files split the algorithm into a "logical" part and a hardware-accelerated low-level part. Per-architecture cipher_*_hw_*.inc files plug in AESNI, ARMv8 crypto, PowerPC, RISC-V Vector, S/390 KMA, etc. The same pattern repeats across digests/, signature/, etc.
Differences from the FIPS provider
| Concern | Default | FIPS |
|---|---|---|
| Algorithm coverage | Full standard set | FIPS-validated subset |
| Self-tests on load | None | Mandatory KATs (providers/fips/self_test_kats.c) |
| Integrity check | None | HMAC-SHA-256 over module bytes against fingerprint in fipsmodule.cnf |
| Property | provider=default |
provider=fips,fips=yes |
| Strength enforcement | Permissive (securitycheck_default.c) |
Strict (securitycheck_fips.c) |
| Build artefact | Built into libcrypto | Separate fips.so |
Entry points for modification
- Adding a new algorithm to the default provider: implement it under
providers/implementations/<area>/, declareOSSL_DISPATCH[], add a row to the appropriate table inproviders/defltprov.c, define names inprov/names.h, write KATs and recipe. - Changing security policy (default): edit
providers/common/securitycheck_default.c. - Adding a new operation type: requires changes to libcrypto (new
EVP_*API) pluscore_dispatch.hplus the provider tables. Coordinate with maintainers.
Pages to read next
- subsystems/evp — the API surface that ends up calling these functions.
- providers/fips — what FIPS adds on top.
- providers/legacy — the algorithms the default provider deliberately doesn't include.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.