Index: doc/cryptography.html
==================================================================
--- doc/cryptography.html
+++ doc/cryptography.html
@@ -28,10 +28,12 @@
 	    <dd><b>tls::macs</b></dd>
 	    <dd><b>tls::protocols</b></dd>
 	    <dd><b>tls::version</b></dd>
 	    <dt>&nbsp;</dt>
 	    <dd><b>tls::cmac</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
+	    <dd><b>tls::digest</b> <b>-digest</b> <em>name ?options?</em></dd>
+	    <dd><b>tls::hash</b> <b>-digest</b> <em>name ?options?</em></dd>
 	    <dd><b>tls::hmac</b> <b>-digest</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
 	    <dd><b>tls::md</b> <b>-digest</b> <em>name ?options?</em></dd>
 	    <dd><b>tls::md4</b> <em>data</em></dd>
 	    <dd><b>tls::md5</b> <em>data</em></dd>
 	    <dd><b>tls::sha1</b> <em>data</em></dd>
@@ -45,10 +47,12 @@
 	    <dd><b>tls::hkdf -digest</b> <em>digest</em> <b>-key</b> <em>key ?options?</em></dd>
 	    <dd><b>tls::pbkdf2 -size</b> <em>length</em> <b>-digest</b> <em>digest ?options?</em></dd>
 	    <dd><b>tls::scrypt -password</b> <em>string</em> <b>-salt</b> <em>string ?options?</em></dd>
 	    <dt>&nbsp;</dt>
 	    <dd><b>tls::random</b> <em>?</em><b>-private</b><em>? length</em></dd>
+	    <dt>&nbsp;</dt>
+	    <dd><b>tls::provider</b> <em>name</em></dd>
 	</dl>
     </dd>
     <dd><a href="#OPTIONS">OPTIONS</a></dd>
     <dd><a href="#COMMANDS">COMMANDS</a></dd>
     <dd><a href="#GLOSSARY">GLOSSARY</a> </dd>
@@ -82,10 +86,12 @@
 <a href="#tls::macs"><b>tls::macs</b></a><br>
 <a href="#tls::protocols"><b>tls::protocols</b></a><br>
 <a href="#tls::version"><b>tls::version</b></a><br>
 <br>
 <a href="#tls::cmac"><b>tls::cmac</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br>
+<a href="#tls::digest"><b>tls::digest</b> <b>-digest</b> <i>name ?options?</i></a><br>
+<a href="#tls::hash"><b>tls::hash</b> <b>-digest</b> <i>name ?options?</i></a><br>
 <a href="#tls::hmac"><b>tls::hmac</b> <b>-digest</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br>
 <a href="#tls::md"><b>tls::md</b> <b>-digest</b> <i>name ?options?</i></a><br>
 <a href="#tls::md4"><b>tls::md4</b> <i>data</i></a><br>
 <a href="#tls::md5"><b>tls::md5</b> <i>data</i></a><br>
 <a href="#tls::sha1"><b>tls::sha1</b> <i>data</i></a><br>
@@ -99,10 +105,12 @@
 <a href="#tls::hkdf"><b>tls::hkdf -digest</b> <i>digest</i> <b>-key</b> <i>key ?options?</i></a><br>
 <a href="#tls::pbkdf2"><b>tls::pbkdf2 -size</b> <i>length</i> <b>-digest</b> <i>digest ?options?</i></a><br>
 <a href="#tls::scrypt"><b>tls::scrypt -password</b> <i>string</i> <b>-salt</b> <i>string ?options?</i></a><br>
 <br>
 <a href="#tls::random"><b>tls::random</b> <i>?</i><b>-private</b><i>? length</i></a><br>
+<br>
+<a href="#tls::provider"><b>tls::provider</b> <i>name</i></a><br>
 
 </p>
 
 <br>
 <h3><a name="OPTIONS">OPTIONS</a></h3>
@@ -408,10 +416,18 @@
     <dd>Calculate the Cipher-based Message Authentication Code (CMAC) where
 	<em>key</em> is a shared key and output the result per the I/O options
 	in the specified format. MACs are used to ensure authenticity and the
 	integrity of data. See <a href="#OPTIONS"><b>options</b></a> for usage
 	info. Option <b>-key</b> is only used for some ciphers.</dd>
+
+    <dt><a name="tls::digest"><strong>tls::digest</strong>
+	<em>option value ...</em></a></dt>
+    <dd>Alias for <b>tls::md</b>.</dd>
+
+    <dt><a name="tls::hash"><strong>tls::hash</strong>
+	<em>option value ...</em></a></dt>
+    <dd>Alias for <b>tls::md</b>.</dd>
 
     <dt><a name="tls::hmac"><strong>tls::hmac</strong>
 	<em>?</em><b>-digest</b><em>? name</em>
 	<b>-key</b> <em>key ?</em>
 	<b>-bin</b>|<b>-hex</b>
@@ -566,10 +582,22 @@
 	pseudo random generator (CSPRNG). OpenSSL uses a security level of 256
 	bits. Will return an error if a trusted entropy source such as the OS
 	isn't available. Use <b>-private</b> option if the values are intended
 	to remain private in case the public PRNG is compromised.</dd>
 
+<br>
+
+<h4><a name="PROVIDER">Load Provider</a></h4>
+These commands provide access to the OpenSSL providers.
+<br>
+<br>
+    <dt><a name="tls::provider"><strong>tls::provider</strong>
+	<em>name</em></a></dt>
+    <dd>Load <i>name</i> default provider. Valid provider names are:
+    <b>default</b>, <b>base</b>, <b>fips</b>, and <b>legacy</b>. Use
+    <b>legacy</b> to load the legacy provider ciphers, digests, etc.</dd>
+
 </dl>
 
 <br>
 <h3><a name="GLOSSARY">GLOSSARY</a></h3>
 

Index: generic/tlsInfo.c
==================================================================
--- generic/tlsInfo.c
+++ generic/tlsInfo.c
@@ -9,10 +9,13 @@
 
 #include "tlsInt.h"
 #include <openssl/crypto.h>
 #include <openssl/ssl.h>
 #include <openssl/safestack.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
 
 /*
  * Valid SSL and TLS Protocol Versions
  */
 static const char *protocols[] = {
@@ -920,10 +923,51 @@
 /*******************************************************************/
 
 /*
  *-------------------------------------------------------------------
  *
+ * ProviderObjCmd --
+ *
+ *	Load a provider.
+ *
+ * Results:
+ *	A standard Tcl result.
+ *
+ * Side effects:
+ *	None.
+ *
+ *-------------------------------------------------------------------
+ */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+static int
+ProviderObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
+    char *name;
+    (void) clientData;
+
+    dprintf("Called");
+
+    /* Validate arg count */
+    if (objc != 2) {
+	Tcl_WrongNumArgs(interp, 1, objv, "provider");
+	return TCL_ERROR;
+    }
+
+    name = Tcl_GetStringFromObj(objv[1], NULL);
+    if (!OSSL_PROVIDER_try_load(NULL, (const char *) name, 1)) {
+	Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
+	return TCL_ERROR;
+    }
+
+    return TCL_OK;
+}
+#endif
+
+/*******************************************************************/
+
+/*
+ *-------------------------------------------------------------------
+ *
  * VersionObjCmd --
  *
  *	Return a string with the OpenSSL version info.
  *
  * Results:
@@ -982,9 +1026,12 @@
     Tcl_CreateObjCommand(interp, "tls::digests", DigestsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "tls::kdfs", KdfsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "tls::macs", MacsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "tls::pkeys", PkeysObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "tls::protocols", ProtocolsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    Tcl_CreateObjCommand(interp, "tls::provider", ProviderObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
+#endif
     Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     return TCL_OK;
 }