NAME

OSSL_PARAM - a structure to pass or request object parameters

SYNOPSIS

 #include <openssl/core.h>
 typedef struct ossl_param_st OSSL_PARAM;
 struct ossl_param_st {
     const char *key;             /* the name of the parameter */
     unsigned char data_type;     /* declare what kind of content is in data */
     void *data;                  /* value being passed in or out */
     size_t data_size;            /* data size */
     size_t return_size;          /* returned size */
 };

DESCRIPTION

OSSL_PARAM is a type that allows passing arbitrary data for some object between two parties that have no or very little shared knowledge about their respective internal structures for that object.

A typical usage example could be an application that wants to set some parameters for an object, or wants to find out some parameters of an object.

Arrays of this type can be used for the following purposes:

• Setting parameters for some object

  The caller sets up the OSSL_PARAM array and calls some function (the setter) that has intimate knowledge about the object that can take the data from the OSSL_PARAM array and assign them in a suitable form for the internal structure of the object.

• Request parameters of some object

  The caller (the requester) sets up the OSSL_PARAM array and calls some function (the responder) that has intimate knowledge about the object, which can take the internal data of the object and copy (possibly convert) that to the memory prepared by the requester and pointed at with the OSSL_PARAM data.

• Request parameter descriptors

  The caller gets an array of constant OSSL_PARAM, which describe available parameters and some of their properties; name, data type and expected data size. For a detailed description of each field for this use, see the field descriptions below.

  The caller may then use the information from this descriptor array to build up its own OSSL_PARAM array to pass down to a setter or responder.

Normally, the order of the an OSSL_PARAM array is not relevant. However, if the responder can handle multiple elements with the same key, those elements must be handled in the order they are in.

An OSSL_PARAM array must have a terminating element, where key is NULL. The usual full terminating template is:

    { NULL, 0, NULL, 0, 0 }

This can also be specified using OSSL_PARAM_END(3).

NOTES

Both when setting and requesting parameters, the functions that are called will have to decide what is and what is not an error. The recommended behaviour is:

• Keys that a setter or responder doesn't recognise should simply be ignored. That in itself isn't an error.
• If the keys that a called setter recognises form a consistent enough set of data, that call should succeed.
• Apart from the return_size, a responder must never change the fields of an OSSL_PARAM. To return a value, it should change the contents of the memory that data points at.
• If the data type for a key that it's associated with is incorrect, the called function may return an error.

  The called function may also try to convert the data to a suitable form (for example, it's plausible to pass a large number as an octet string, so even though a given key is defined as an OSSL_PARAM_UNSIGNED_INTEGER, is plausible to pass the value as an OSSL_PARAM_OCTET_STRING), but this is in no way mandatory.

• If data for a OSSL_PARAM_OCTET_STRING or a OSSL_PARAM_UTF8_STRING is NULL, the responder should set return_size to the size of the item to be returned and return success. Later the responder will be called again with data pointing at the place for the value to be put.
• If a responder finds that some data sizes are too small for the requested data, it must set return_size for each such OSSL_PARAM item to the minimum required size, and eventually return an error.
• For the integer type parameters (OSSL_PARAM_UNSIGNED_INTEGER and OSSL_PARAM_INTEGER), a responder may choose to return an error if the data_size isn't a suitable size (even if data_size is bigger than needed). If the responder finds the size suitable, it must fill all data_size bytes and ensure correct padding for the native endianness, and set return_size to the same value as data_size.

EXAMPLES

A couple of examples to just show how OSSL_PARAM arrays could be set up.

Example 1

This example is for setting parameters on some object:

    #include <openssl/core.h>
    const char *foo = "some string";
    size_t foo_l = strlen(foo);
    const char bar[] = "some other string";
    OSSL_PARAM set[] = {
        { "foo", OSSL_PARAM_UTF8_PTR, &foo, foo_l, 0 },
        { "bar", OSSL_PARAM_UTF8_STRING, (void *)&bar, sizeof(bar) - 1, 0 },
        { NULL, 0, NULL, 0, 0 }
    };

Example 2

This example is for requesting parameters on some object:

    const char *foo = NULL;
    size_t foo_l;
    char bar[1024];
    size_t bar_l;
    OSSL_PARAM request[] = {
        { "foo", OSSL_PARAM_UTF8_PTR, &foo, 0 /*irrelevant*/, 0 },
        { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
        { NULL, 0, NULL, 0, 0 }
    };

A responder that receives this array (as params in this example) could fill in the parameters like this:

    /* OSSL_PARAM *params */
    int i;
    for (i = 0; params[i].key != NULL; i++) {
        if (strcmp(params[i].key, "foo") == 0) {
            *(char **)params[i].data = "foo value";
            params[i].return_size = 9; /* length of "foo value" string */
        } else if (strcmp(params[i].key, "bar") == 0) {
            memcpy(params[i].data, "bar value", 10);
            params[i].return_size = 9; /* length of "bar value" string */
        }
        /* Ignore stuff we don't know */
    }

SEE ALSO

openssl-core.h(7), OSSL_PARAM_get_int(3), OSSL_PARAM_dup(3)

HISTORY

OSSL_PARAM was added in OpenSSL 3.0.

COPYRIGHT

Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.