From 7008df2ba5089ab39543c5b519ad3b8f6eed633f Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 25 Mar 2021 15:54:56 +0000
Subject: Add additional glossary entries

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)
---
 doc/man7/openssl-glossary.pod | 131 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 131 insertions(+)

diff --git a/doc/man7/openssl-glossary.pod b/doc/man7/openssl-glossary.pod
index 7aa71ea7a5..5f92a8403c 100644
--- a/doc/man7/openssl-glossary.pod
+++ b/doc/man7/openssl-glossary.pod
@@ -10,6 +10,14 @@ openssl-glossary - An OpenSSL Glossary
 
 =over 4
 
+=item Algorithm
+
+Cryptograpic primitives such as the SHA256 digest, or AES encryption are
+referred to in OpenSSL as "algorithms". There can be more than one
+implementation for any given algorithm available for use.
+
+L<crypto(7)>
+
 =item ASN.1, ASN1
 
 ASN.1 ("Abstract Syntax Notation One") is a notation for describing abstract
@@ -20,6 +28,30 @@ L<https://www.itu.int/rec/T-REC-X.681>,
 L<https://www.itu.int/rec/T-REC-X.682>,
 L<https://www.itu.int/rec/T-REC-X.683>
 
+=item Base Provider
+
+An OpenSSL Provider that contains encoders and decoders for OpenSSL keys.  All
+the algorithm implementations in the Base Provider are also available in the
+Default Provider.
+
+L<OSSL_PROVIDER-base(7)>
+
+=item Decoder
+
+A decoder is a type of algorithm used for decoding keys and parameters from some
+external format such as PEM or DER.
+
+L<OSSL_DECODER_CTX_new_for_pkey(3)>
+
+=item Default Provider
+
+An OpenSSL Provider that contains the most commmon OpenSSL algorithm
+implementations. It is loaded by default if no other provider is available. All
+the algorithm implementations in the Base Provider are also available in the
+Default Provider.
+
+L<OSSL_PROVIDER-default(7)>
+
 =item DER ("Distinguished Encoding Rules")
 
 DER is a binary encoding of data, structured according to an ASN.1
@@ -30,11 +62,81 @@ It is defined in ITU-T document X.690:
 
 L<https://www.itu.int/rec/T-REC-X.690>
 
+=item Encoder
+
+An encoder is a type of algorithm used for encoding keys and parameters to some
+external format such as PEM or DER.
+
+L<OSSL_ENCODER_CTX_new_for_pkey(3)>
+
+=item Explicit Fetching
+
+Explicit Fetching is a type of Fetching (see Fetching). Explicit Fetching is
+where a function call is made to obtain an algorithm object representing an
+implementation such as L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>
+
+=item Fetching
+
+Fetching is the process of looking through the available algorithm
+implementations, applying selection criteria (via a property query string), and
+finally choosing the implementation that will be used.
+
+Also see Explicit Fetching and Implict Fetching.
+
+L<crypto(7)>
+
+=item FIPS Provider
+
+An OpenSSL Provider that contains OpenSSL algorithm implementations that have
+been validated according to the FIPS 140-2 standard.
+
+L<OSSL_PROVIDER-FIPS(7)>
+
+=item Implicit Fetching
+
+Implicit Fetching is a type of Fetching (see Fetching). Implicit Fetching is
+where an algorithm object with no associated implementation is used such as the
+return value from L<EVP_sha256(3)> or L<EVP_aes_128_cbc(3)>. With implicit
+fetching an implementation is fetched automatically using default selection
+criteria the first time the algorithm is used.
+
+=item Legacy Provider
+
+An OpenSSL Provider that contains algorithm implementations that are considered
+insecure or are no longer in common use.
+
+L<OSSL_PROVIDER-legacy(7)>
+
+=item Library Context
+
+A Library Context in OpenSSL is represented by the type B<OSSL_LIB_CTX>. It can
+be thought of as a scope within which configuration options apply. If an
+application does not explicitly create a library context then the "default"
+one is used. Many OpenSSL functions can take a library context as an argument.
+A NULL value can always be passed to indicate the default library context.
+
+L<OSSL_LIB_CTX(3)>
+
 =item MSBLOB
 
 MSBLOB is a Microsoft specific binary format for RSA and DSA keys, both
 private and public.  This form is never passphrase protected.
 
+=item Null Provider
+
+An OpenSSL Provider that contains no algorithm implementations. This can be
+useful to prevent the default provider from being automatically loaded in a
+library context.
+
+L<OSSL_PROVIDER-null(7)>
+
+=item Operation
+
+An operation is a group of OpenSSL functions with a common purpose such as 
+encryption, or digesting.
+
+L<crypto(7)>
+
 =item PEM ("Privacy Enhanced Message")
 
 PEM is a format used for encoding of binary content into a mail and ASCII
@@ -66,6 +168,35 @@ This is specified in RFC 5208:
 
 L<https://tools.ietf.org/html/rfc5208>
 
+=item Property
+
+A property is a way of classifying and selecting algorithm implementations.
+A property is a key/value pair expressed as a string. For example all algorithm
+implementations in the default provider have the property "provider=default".
+An algorithm implementation can have multiple properties defined against it.
+
+Also see Property Query String.
+
+L<property(7)>
+
+=item Property Query String
+
+A property query string is a string containing a sequence of properties that
+can be used to select an algorithm implementation. For example the query string
+"provider=example,foo=bar" will select algorithms from the "example" provider
+that have a "foo" property defined for them with a value of "bar".
+
+Property Query Strings are used during fetching. See Fetching.
+
+L<property(7)>
+
+=item Provider
+
+A provider in OpenSSL is a component that groups together algorithm
+implementations. Providers can come from OpenSSL itself or from third parties.
+
+L<provider(7)>
+
 =item PVK
 
 PVK is a Microsoft specific binary format for RSA and DSA private keys.
-- 
cgit v1.2.3