From fb61722e9ddf5e96fd9af2b4b6f0b08bb453f9d1 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 10 Nov 2023 15:33:21 +0000 Subject: Update the provider documentation Make the documentation match reality. Add lots of missing algorithms. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/22694) (cherry picked from commit ae14f38cc990f65e5982109d0ef419123285c60f) --- doc/man7/OSSL_PROVIDER-FIPS.pod | 40 ++++++++++++- doc/man7/OSSL_PROVIDER-base.pod | 86 +++++++++++++++++++++++--- doc/man7/OSSL_PROVIDER-default.pod | 120 +++++++++++++++++++++++++++++++++---- doc/man7/OSSL_PROVIDER-legacy.pod | 2 + 4 files changed, 226 insertions(+), 22 deletions(-) diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 449d5624e0..485c4c6341 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -72,6 +72,8 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item KECCAK-KMAC, see L +=item SHAKE, see L + =back =head2 Symmetric Ciphers @@ -80,6 +82,10 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item AES, see L +=item 3DES, see L + +This is an unapproved algorithm. + =back =head2 Message Authentication Code (MAC) @@ -134,6 +140,10 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item X448, see L +=item TLS1-PRF + +=item HKDF + =back =head2 Asymmetric Signature @@ -142,9 +152,17 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item RSA, see L -=item X25519, see L +=item DSA, see L + +=item ED25519, see L + +This is an unapproved algorithm. + +=item ED448, see L + +This is an unapproved algorithm. -=item X448, see L +=item ECDSA, see L =item HMAC, see L @@ -180,12 +198,30 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item RSA, see L +=item RSA-PSS + =item EC, see L =item X25519, see L =item X448, see L +=item ED25519, see L + +This is an unapproved algorithm. + +=item ED448, see L + +This is an unapproved algorithm. + +=item TLS1-PRF + +=item HKDF + +=item HMAC, see L + +=item CMAC, see L + =back =head2 Random Number Generation diff --git a/doc/man7/OSSL_PROVIDER-base.pod b/doc/man7/OSSL_PROVIDER-base.pod index c51adbde1e..24d610f28c 100644 --- a/doc/man7/OSSL_PROVIDER-base.pod +++ b/doc/man7/OSSL_PROVIDER-base.pod @@ -57,28 +57,96 @@ currently permitted. The OpenSSL base provider supports these operations and algorithms: +=head2 Random Number Generation + +=over 4 + +=item SEED-SRC, see L + +=back + +In addition to this provider, the "SEED-SRC" algorithm is also available in the +default provider. + =head2 Asymmetric Key Encoder -In addition to "provider=base", some of these encoders define the -property "fips=yes", to allow them to be used together with the FIPS -provider. +=over 4 + +=item RSA + +=item RSA-PSS + +=item DH + +=item DHX + +=item DSA + +=item EC + +=item ED25519 + +=item ED448 + +=item X25519 + +=item X448 + +=item SM2 + +=back + +In addition to this provider, all of these encoding algorithms are also +available in the default provider. Some of these algorithms may be used in +combination with the FIPS provider. + +=head2 Asymmetric Key Decoder =over 4 -=item RSA, see L +=item RSA + +=item RSA-PSS + +=item DH + +=item DHX + +=item DSA + +=item EC + +=item ED25519 -=item DH, see L +=item ED448 -=item DSA, see L +=item X25519 -=item EC, see L +=item X448 -=item X25519, see L +=item SM2 -=item X448, see L +=item DER =back +In addition to this provider, all of these decoding algorithms are also +available in the default provider. Some of these algorithms may be used in +combination with the FIPS provider. + +=head2 Stores + +=over 4 + +=item file + +=item org.openssl.winstore + +=back + +In addition to this provider, all of these store algorithms are also +available in the default provider. + =head1 SEE ALSO L, L, diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod index 603fd06331..feba00aa76 100644 --- a/doc/man7/OSSL_PROVIDER-default.pod +++ b/doc/man7/OSSL_PROVIDER-default.pod @@ -89,8 +89,6 @@ The OpenSSL default provider supports these operations and algorithms: =item 3DES, see L -=item SEED, see L - =item SM4, see L =item ChaCha20, see L @@ -127,6 +125,8 @@ The OpenSSL default provider supports these operations and algorithms: =item HKDF, see L +=item TLS13-KDF, see L + =item SSKDF, see L =item PBKDF2, see L @@ -167,6 +167,12 @@ The OpenSSL default provider supports these operations and algorithms: =item X448, see L +=item TLS1-PRF + +=item HKDF + +=item SCRYPT + =back =head2 Asymmetric Signature @@ -177,6 +183,14 @@ The OpenSSL default provider supports these operations and algorithms: =item RSA, see L +=item ED25519, see L + +=item ED448, see L + +=item ECDSA, see L + +=item SM2 + =item HMAC, see L =item SIPHASH, see L @@ -205,6 +219,8 @@ The OpenSSL default provider supports these operations and algorithms: =item X25519, see L +=item X448, see L + =item EC, see L =back @@ -221,12 +237,34 @@ The OpenSSL default provider supports these operations and algorithms: =item RSA, see L +=item RSA-PSS + =item EC, see L =item X25519, see L =item X448, see L +=item ED25519, see L + +=item ED448, see L + +=item TLS1-PRF + +=item HKDF + +=item SCRYPT + +=item HMAC, see L + +=item SIPHASH, see L + +=item POLY1305, see L + +=item CMAC, see L + +=item SM2, see L + =back =head2 Random Number Generation @@ -245,28 +283,88 @@ The OpenSSL default provider supports these operations and algorithms: =back +In addition to this provider, the "SEED-SRC" algorithm is also available in the +base provider. + =head2 Asymmetric Key Encoder -The default provider also includes all of the encoding algorithms -present in the base provider. Some of these have the property "fips=yes", -to allow them to be used together with the FIPS provider. +=over 4 + +=item RSA + +=item RSA-PSS + +=item DH + +=item DHX + +=item DSA + +=item EC + +=item ED25519 + +=item ED448 + +=item X25519 + +=item X448 + +=item SM2 + +=back + +In addition to this provider, all of these encoding algorithms are also +available in the base provider. Some of these algorithms may be used in +combination with the FIPS provider. + +=head2 Asymmetric Key Decoder =over 4 -=item RSA, see L +=item RSA + +=item RSA-PSS + +=item DH -=item DH, see L +=item DHX -=item DSA, see L +=item DSA -=item EC, see L +=item EC -=item X25519, see L +=item ED25519 -=item X448, see L +=item ED448 + +=item X25519 + +=item X448 + +=item SM2 + +=item DER =back +In addition to this provider, all of these decoding algorithms are also +available in the base provider. Some of these algorithms may be used in +combination with the FIPS provider. + +=head2 Stores + +=over 4 + +=item file + +=item org.openssl.winstore + +=back + +In addition to this provider, all of these store algorithms are also +available in the base provider. + =head1 SEE ALSO L, L, L, diff --git a/doc/man7/OSSL_PROVIDER-legacy.pod b/doc/man7/OSSL_PROVIDER-legacy.pod index 82781a09b2..d70de3682f 100644 --- a/doc/man7/OSSL_PROVIDER-legacy.pod +++ b/doc/man7/OSSL_PROVIDER-legacy.pod @@ -42,6 +42,8 @@ The OpenSSL legacy provider supports these operations and algorithms: =item MD2, see L +Disabled by default. Use I config option to enable. + =item MD4, see L =item MDC2, see L -- cgit v1.2.3