Update the provider documentation

Make the documentation match reality. Add lots of missing algorithms.
mattcaswell · Nov 10, 2023 · d1dbd2a · d1dbd2a
1 parent 9489892
commit d1dbd2a
Show file tree

Hide file tree

Showing 4 changed files with 226 additions and 22 deletions.
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -72,6 +72,8 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item KECCAK-KMAC, see L<EVP_MD-KECCAK-KMAC(7)>
 
+=item SHAKE, see L<EVP_MD-SHAKE(7)>
+
 =back
 
 =head2 Symmetric Ciphers
@@ -80,6 +82,10 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item AES, see L<EVP_CIPHER-AES(7)>
 
+=item 3DES, see L<EVP_CIPHER-DES(7)>
+
+This is an unapproved algorithm
+
 =back
 
 =head2 Message Authentication Code (MAC)
@@ -134,6 +140,10 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item X448, see L<EVP_KEYEXCH-X448(7)>
 
+=item TLS1-PRF
+
+=item HKDF
+
 =back
 
 =head2 Asymmetric Signature
@@ -142,9 +152,17 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item RSA, see L<EVP_SIGNATURE-RSA(7)>
 
-=item X25519, see L<EVP_SIGNATURE-ED25519(7)>
+=item DSA, see L<EVP_SIGNATURE-DSA(7)>
+
+=item ED25519, see L<EVP_SIGNATURE-ED25519(7)>
+
+This is an unapproved algorithm
+
+=item ED448, see L<EVP_SIGNATURE-ED448(7)>
+
+This is an unapproved algorithm
 
-=item X448, see L<EVP_SIGNATURE-ED448(7)>
+=item ECDSA, see L<EVP_SIGNATURE-ECDSA(7)>
 
 =item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
 
@@ -180,12 +198,30 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item RSA, see L<EVP_KEYMGMT-RSA(7)>
 
+=item RSA-PSS
+
 =item EC, see L<EVP_KEYMGMT-EC(7)>
 
 =item X25519, see L<EVP_KEYMGMT-X25519(7)>
 
 =item X448, see L<EVP_KEYMGMT-X448(7)>
 
+=item ED25519, see L<EVP_KEYMGMT-ED25519(7)>
+
+This is an unapproved algorithm
+
+=item ED448, see L<EVP_KEYMGMT-ED448(7)>
+
+This is an unapproved algorithm
+
+=item TLS1-PRF
+
+=item HKDF
+
+=item HMAC, see L<EVP_KEYMGMT-HMAC(7)>
+
+=item CMAC, see L<EVP_KEYMGMT-CMAC(7)>
+
 =back
 
 =head2 Random Number Generation

diff --git a/doc/man7/OSSL_PROVIDER-base.pod b/doc/man7/OSSL_PROVIDER-base.pod
@@ -57,25 +57,93 @@ currently permitted.
 
 The OpenSSL base provider supports these operations and algorithms:
 
+=head2 Random Number Generation
+
+The default provider all includes the "SEED-SRC" algorithm, which has the
+property "fips=yes", to allow it to be used together with the FIPS provider.
+
+=over 4
+
+=item SEED-SRC,  see L<EVP_RAND-SEED-SRC(7)>
+
+=back
+
 =head2 Asymmetric Key Encoder
 
-In addition to "provider=base", some of these encoders define the
-property "fips=yes", to allow them to be used together with the FIPS
-provider.
+The default provider also includes all of these encoding algorithms . Some of
+these have the property "fips=yes", to allow them to be used together with the
+FIPS provider.
 
 =over 4
 
-=item RSA, see L<OSSL_ENCODER-RSA(7)>
+=item RSA
+
+=item RSA-PSS
+
+=item DH
+
+=item DHX
 
-=item DH, see L<OSSL_ENCODER-DH(7)>
+=item DSA
 
-=item DSA, see L<OSSL_ENCODER-DSA(7)>
+=item EC
 
-=item EC, see L<OSSL_ENCODER-EC(7)>
+=item ED25519
+
+=item ED448
+
+=item X25519
+
+=item X448
+
+=item SM2
+
+=back
+
+=head2 Asymmetric Key Decoder
+
+The default provider also includes all of these decoding algorithms . Some of
+thesehave the property "fips=yes", to allow them to be used together with the
+FIPS provider.
+
+=over 4
+
+=item RSA
+
+=item RSA-PSS
+
+=item DH
+
+=item DHX
+
+=item DSA
+
+=item EC
+
+=item ED25519
+
+=item ED448
+
+=item X25519
+
+=item X448
+
+=item SM2
+
+=item DER
+
+=back
+
+
+=head2 Stores
+
+The default provider also includes all of these store algorithms.
+
+=over 4
 
-=item X25519, see L<OSSL_ENCODER-X25519(7)>
+=item file
 
-=item X448, see L<OSSL_ENCODER-X448(7)>
+=item org.openssl.winstore
 
 =back
 

diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod
@@ -89,8 +89,6 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item 3DES, see L<EVP_CIPHER-DES(7)>
 
-=item SEED, see L<EVP_CIPHER-SEED(7)>
-
 =item SM4, see L<EVP_CIPHER-SM4(7)>
 
 =item ChaCha20, see L<EVP_CIPHER-CHACHA(7)>
@@ -127,6 +125,8 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item HKDF, see L<EVP_KDF-HKDF(7)>
 
+=item TLS13-KDF, see L<EVP_KDF-TLS13_KDF(7)>
+
 =item SSKDF, see L<EVP_KDF-SS(7)>
 
 =item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
@@ -167,6 +167,12 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item X448, see L<EVP_KEYEXCH-X448(7)>
 
+=item TLS1-PRF
+
+=item HKDF
+
+=item SCRYPT
+
 =back
 
 =head2 Asymmetric Signature
@@ -177,6 +183,14 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item RSA, see L<EVP_SIGNATURE-RSA(7)>
 
+=item ED25519, see L<EVP_SIGNATURE-ED25519(7)>
+
+=item ED448, see L<EVP_SIGNATURE-ED448(7)>
+
+=item ECDSA, see L<EVP_SIGNATURE-ECDSA(7)>
+
+=item SM2
+
 =item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
 
 =item SIPHASH, see L<EVP_SIGNATURE-Siphash(7)>
@@ -205,6 +219,8 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item X25519, see L<EVP_KEM-X25519(7)>
 
+=item X448, see L<EVP_KEM-X448(7)>
+
 =item EC, see L<EVP_KEM-EC(7)>
 
 =back
@@ -221,16 +237,41 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item RSA, see L<EVP_KEYMGMT-RSA(7)>
 
+=item RSA-PSS
+
 =item EC, see L<EVP_KEYMGMT-EC(7)>
 
 =item X25519, see L<EVP_KEYMGMT-X25519(7)>
 
 =item X448, see L<EVP_KEYMGMT-X448(7)>
 
+=item ED25519, see L<EVP_KEYMGMT-ED25519(7)>
+
+=item ED448, see L<EVP_KEYMGMT-ED448(7)>
+
+=item TLS1-PRF
+
+=item HKDF
+
+=item SCRYPT
+
+=item HMAC, see L<EVP_KEYMGMT-HMAC(7)>
+
+=item SIPHASH, see L<EVP_KEYMGMT-Siphash(7)>
+
+=item POLY1305, see L<EVP_KEYMGMT-Poly1305(7)>
+
+=item CMAC, see L<EVP_KEYMGMT-CMAC(7)>
+
+=item SM2, see L<EVP_KEYMGMT-SM2(7)>
+
 =back
 
 =head2 Random Number Generation
 
+The base provider all includes the "SEED-SRC" algorithm, which has the property
+"fips=yes", to allow it to be used together with the FIPS provider.
+
 =over 4
 
 =item CTR-DRBG, see L<EVP_RAND-CTR-DRBG(7)>
@@ -247,23 +288,80 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =head2 Asymmetric Key Encoder
 
-The default provider also includes all of the encoding algorithms
-present in the base provider.  Some of these have the property "fips=yes",
-to allow them to be used together with the FIPS provider.
+The base provider also includes all of these encoding algorithms . Some of these
+have the property "fips=yes", to allow them to be used together with the FIPS
+provider.
+
+=over 4
+
+=item RSA
+
+=item RSA-PSS
+
+=item DH
+
+=item DHX
+
+=item DSA
+
+=item EC
+
+=item ED25519
+
+=item ED448
+
+=item X25519
+
+=item X448
+
+=item SM2
+
+=back
+
+=head2 Asymmetric Key Decoder
+
+The base provider also includes all of these decoding algorithms . Some of these
+have the property "fips=yes", to allow them to be used together with the FIPS
+provider.
 
 =over 4
 
-=item RSA, see L<OSSL_ENCODER-RSA(7)>
+=item RSA
+
+=item RSA-PSS
+
+=item DH
 
-=item DH, see L<OSSL_ENCODER-DH(7)>
+=item DHX
 
-=item DSA, see L<OSSL_ENCODER-DSA(7)>
+=item DSA
 
-=item EC, see L<OSSL_ENCODER-EC(7)>
+=item EC
+
+=item ED25519
+
+=item ED448
+
+=item X25519
+
+=item X448
+
+=item SM2
+
+=item DER
+
+=back
+
+
+=head2 Stores
+
+The base provider also includes all of these store algorithms.
+
+=over 4
 
-=item X25519, see L<OSSL_ENCODER-X25519(7)>
+=item file
 
-=item X448, see L<OSSL_ENCODER-X448(7)>
+=item org.openssl.winstore
 
 =back
 

diff --git a/doc/man7/OSSL_PROVIDER-legacy.pod b/doc/man7/OSSL_PROVIDER-legacy.pod
@@ -42,6 +42,8 @@ The OpenSSL legacy provider supports these operations and algorithms:
 
 =item MD2, see L<EVP_MD-MD2(7)>
 
+Disabled by default. Use I<enable-md2> config option to enable.
+
 =item MD4, see L<EVP_MD-MD4(7)>
 
 =item MDC2, see L<EVP_MD-MDC2(7)>