Update the provider documentation

Make the documentation match reality. Add lots of missing algorithms. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22694) (cherry picked from commit ae14f38cc990f65e5982109d0ef419123285c60f)
author: Matt Caswell <matt@openssl.org> 2023-11-10 15:33:21 +0000
committer: Richard Levitte <levitte@openssl.org> 2023-11-22 10:45:30 +0100
commit: fb61722e9ddf5e96fd9af2b4b6f0b08bb453f9d1 (patch)
tree: da8959987621c2da8d22114bb7bc94a31504d982
parent: bcb488d3a5f7e24667c739c5fe5fa4ac6d10ca87 (diff)
4 files changed, 226 insertions, 22 deletions
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index 449d5624e0..485c4c6341 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -72,6 +72,8 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item KECCAK-KMAC, see L<EVP_MD-KECCAK-KMAC(7)>
 
+=item SHAKE, see L<EVP_MD-SHAKE(7)>
+
 =back
 
 =head2 Symmetric Ciphers
@@ -80,6 +82,10 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item AES, see L<EVP_CIPHER-AES(7)>
 
+=item 3DES, see L<EVP_CIPHER-DES(7)>
+
+This is an unapproved algorithm.
+
 =back
 
 =head2 Message Authentication Code (MAC)
@@ -134,6 +140,10 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item X448, see L<EVP_KEYEXCH-X448(7)>
 
+=item TLS1-PRF
+
+=item HKDF
+
 =back
 
 =head2 Asymmetric Signature
@@ -142,9 +152,17 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item RSA, see L<EVP_SIGNATURE-RSA(7)>
 
-=item X25519, see L<EVP_SIGNATURE-ED25519(7)>
+=item DSA, see L<EVP_SIGNATURE-DSA(7)>
+
+=item ED25519, see L<EVP_SIGNATURE-ED25519(7)>
+
+This is an unapproved algorithm.
+
+=item ED448, see L<EVP_SIGNATURE-ED448(7)>
+
+This is an unapproved algorithm.
 
-=item X448, see L<EVP_SIGNATURE-ED448(7)>
+=item ECDSA, see L<EVP_SIGNATURE-ECDSA(7)>
 
 =item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
 
@@ -180,12 +198,30 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item RSA, see L<EVP_KEYMGMT-RSA(7)>
 
+=item RSA-PSS
+
 =item EC, see L<EVP_KEYMGMT-EC(7)>
 
 =item X25519, see L<EVP_KEYMGMT-X25519(7)>
 
 =item X448, see L<EVP_KEYMGMT-X448(7)>
 
+=item ED25519, see L<EVP_KEYMGMT-ED25519(7)>
+
+This is an unapproved algorithm.
+
+=item ED448, see L<EVP_KEYMGMT-ED448(7)>
+
+This is an unapproved algorithm.
+
+=item TLS1-PRF
+
+=item HKDF
+
+=item HMAC, see L<EVP_KEYMGMT-HMAC(7)>
+
+=item CMAC, see L<EVP_KEYMGMT-CMAC(7)>
+
 =back
 
 =head2 Random Number Generation
diff --git a/doc/man7/OSSL_PROVIDER-base.pod b/doc/man7/OSSL_PROVIDER-base.pod
index c51adbde1e..24d610f28c 100644
--- a/doc/man7/OSSL_PROVIDER-base.pod
+++ b/doc/man7/OSSL_PROVIDER-base.pod
@@ -57,28 +57,96 @@ currently permitted.
 
 The OpenSSL base provider supports these operations and algorithms:
 
+=head2 Random Number Generation
+
+=over 4
+
+=item SEED-SRC,  see L<EVP_RAND-SEED-SRC(7)>
+
+=back
+
+In addition to this provider, the "SEED-SRC" algorithm is also available in the
+default provider.
+
 =head2 Asymmetric Key Encoder
 
-In addition to "provider=base", some of these encoders define the
-property "fips=yes", to allow them to be used together with the FIPS
-provider.
+=over 4
+
+=item RSA
+
+=item RSA-PSS
+
+=item DH
+
+=item DHX
+
+=item DSA
+
+=item EC
+
+=item ED25519
+
+=item ED448
+
+=item X25519
+
+=item X448
+
+=item SM2
+
+=back
+
+In addition to this provider, all of these encoding algorithms are also
+available in the default provider. Some of these algorithms may be used in
+combination with the FIPS provider.
+
+=head2 Asymmetric Key Decoder
 
 =over 4
 
-=item RSA, see L<OSSL_ENCODER-RSA(7)>
+=item RSA
+
+=item RSA-PSS
+
+=item DH
+
+=item DHX
+
+=item DSA
+
+=item EC
+
+=item ED25519
 
-=item DH, see L<OSSL_ENCODER-DH(7)>
+=item ED448
 
-=item DSA, see L<OSSL_ENCODER-DSA(7)>
+=item X25519
 
-=item EC, see L<OSSL_ENCODER-EC(7)>
+=item X448
 
-=item X25519, see L<OSSL_ENCODER-X25519(7)>
+=item SM2
 
-=item X448, see L<OSSL_ENCODER-X448(7)>
+=item DER
 
 =back
 
+In addition to this provider, all of these decoding algorithms are also
+available in the default provider. Some of these algorithms may be used in
+combination with the FIPS provider.
+
+=head2 Stores
+
+=over 4
+
+=item file
+
+=item org.openssl.winstore
+
+=back
+
+In addition to this provider, all of these store algorithms are also
+available in the default provider.
+
 =head1 SEE ALSO
 
 L<OSSL_PROVIDER-default(7)>, L<openssl-core.h(7)>,
diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod
index 603fd06331..feba00aa76 100644
--- a/doc/man7/OSSL_PROVIDER-default.pod
+++ b/doc/man7/OSSL_PROVIDER-default.pod
@@ -89,8 +89,6 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item 3DES, see L<EVP_CIPHER-DES(7)>
 
-=item SEED, see L<EVP_CIPHER-SEED(7)>
-
 =item SM4, see L<EVP_CIPHER-SM4(7)>
 
 =item ChaCha20, see L<EVP_CIPHER-CHACHA(7)>
@@ -127,6 +125,8 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item HKDF, see L<EVP_KDF-HKDF(7)>
 
+=item TLS13-KDF, see L<EVP_KDF-TLS13_KDF(7)>
+
 =item SSKDF, see L<EVP_KDF-SS(7)>
 
 =item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
@@ -167,6 +167,12 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item X448, see L<EVP_KEYEXCH-X448(7)>
 
+=item TLS1-PRF
+
+=item HKDF
+
+=item SCRYPT
+
 =back
 
 =head2 Asymmetric Signature
@@ -177,6 +183,14 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item RSA, see L<EVP_SIGNATURE-RSA(7)>
 
+=item ED25519, see L<EVP_SIGNATURE-ED25519(7)>
+
+=item ED448, see L<EVP_SIGNATURE-ED448(7)>
+
+=item ECDSA, see L<EVP_SIGNATURE-ECDSA(7)>
+
+=item SM2
+
 =item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
 
 =item SIPHASH, see L<EVP_SIGNATURE-Siphash(7)>
@@ -205,6 +219,8 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item X25519, see L<EVP_KEM-X25519(7)>
 
+=item X448, see L<EVP_KEM-X448(7)>
+
 =item EC, see L<EVP_KEM-EC(7)>
 
 =back
@@ -221,12 +237,34 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item RSA, see L<EVP_KEYMGMT-RSA(7)>
 
+=item RSA-PSS
+
 =item EC, see L<EVP_KEYMGMT-EC(7)>
 
 =item X25519, see L<EVP_KEYMGMT-X25519(7)>
 
 =item X448, see L<EVP_KEYMGMT-X448(7)>
 
+=item ED25519, see L<EVP_KEYMGMT-ED25519(7)>
+
+=item ED448, see L<EVP_KEYMGMT-ED448(7)>
+
+=item TLS1-PRF
+
+=item HKDF
+
+=item SCRYPT
+
+=item HMAC, see L<EVP_KEYMGMT-HMAC(7)>
+
+=item SIPHASH, see L<EVP_KEYMGMT-Siphash(7)>
+
+=item POLY1305, see L<EVP_KEYMGMT-Poly1305(7)>
+
+=item CMAC, see L<EVP_KEYMGMT-CMAC(7)>
+
+=item SM2, see L<EVP_KEYMGMT-SM2(7)>
+
 =back
 
 =head2 Random Number Generation
@@ -245,28 +283,88 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =back
 
+In addition to this provider, the "SEED-SRC" algorithm is also available in the
+base provider.
+
 =head2 Asymmetric Key Encoder
 
-The default provider also includes all of the encoding algorithms
-present in the base provider.  Some of these have the property "fips=yes",
-to allow them to be used together with the FIPS provider.
+=over 4
+
+=item RSA
+
+=item RSA-PSS
+
+=item DH
+
+=item DHX
+
+=item DSA
+
+=item EC
+
+=item ED25519
+
+=item ED448
+
+=item X25519
+
+=item X448
+
+=item SM2
+
+=back
+
+In addition to this provider, all of these encoding algorithms are also
+available in the base provider. Some of these algorithms may be used in
+combination with the FIPS provider.
+
+=head2 Asymmetric Key Decoder
 
 =over 4
 
-=item RSA, see L<OSSL_ENCODER-RSA(7)>
+=item RSA
+
+=item RSA-PSS
+
+=item DH
 
-=item DH, see L<OSSL_ENCODER-DH(7)>
+=item DHX
 
-=item DSA, see L<OSSL_ENCODER-DSA(7)>
+=item DSA
 
-=item EC, see L<OSSL_ENCODER-EC(7)>
+=item EC
 
-=item X25519, see L<OSSL_ENCODER-X25519(7)>
+=item ED25519
 
-=item X448, see L<OSSL_ENCODER-X448(7)>
+=item ED448
+
+=item X25519
+
+=item X448
+
+=item SM2
+
+=item DER
 
 =back
 
+In addition to this provider, all of these decoding algorithms are also
+available in the base provider. Some of these algorithms may be used in
+combination with the FIPS provider.
+
+=head2 Stores
+
+=over 4
+
+=item file
+
+=item org.openssl.winstore
+
+=back
+
+In addition to this provider, all of these store algorithms are also
+available in the base provider.
+
 =head1 SEE ALSO
 
 L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, L<provider(7)>,
diff --git a/doc/man7/OSSL_PROVIDER-legacy.pod b/doc/man7/OSSL_PROVIDER-legacy.pod
index 82781a09b2..d70de3682f 100644
--- a/doc/man7/OSSL_PROVIDER-legacy.pod
+++ b/doc/man7/OSSL_PROVIDER-legacy.pod
@@ -42,6 +42,8 @@ The OpenSSL legacy provider supports these operations and algorithms:
 
 =item MD2, see L<EVP_MD-MD2(7)>
 
+Disabled by default. Use I<enable-md2> config option to enable.
+
 =item MD4, see L<EVP_MD-MD4(7)>
 
 =item MDC2, see L<EVP_MD-MDC2(7)>
author	Matt Caswell <matt@openssl.org>	2023-11-10 15:33:21 +0000
committer	Richard Levitte <levitte@openssl.org>	2023-11-22 10:45:30 +0100
commit	fb61722e9ddf5e96fd9af2b4b6f0b08bb453f9d1 (patch)
tree	da8959987621c2da8d22114bb7bc94a31504d982
parent	bcb488d3a5f7e24667c739c5fe5fa4ac6d10ca87 (diff)