5 OSSL_PARAM - a structure to pass or request object parameters
9 #include <openssl/core.h>
11 typedef struct ossl_param_st OSSL_PARAM;
12 struct ossl_param_st {
13 const char *key; /* the name of the parameter */
14 unsigned char data_type; /* declare what kind of content is in data */
15 void *data; /* value being passed in or out */
16 size_t data_size; /* data size */
17 size_t return_size; /* returned size */
22 C<OSSL_PARAM> is a type that allows passing arbitrary data for some
23 object between two parties that have no or very little shared
24 knowledge about their respective internal structures for that object.
26 A typical usage example could be an application that wants to set some
27 parameters for an object, or wants to find out some parameters of an
30 Arrays of this type can be used for the following purposes:
34 =item * Setting parameters for some object
36 The caller sets up the C<OSSL_PARAM> array and calls some function
37 (the I<setter>) that has intimate knowledge about the object that can
38 take the data from the C<OSSL_PARAM> array and assign them in a
39 suitable form for the internal structure of the object.
41 =item * Request parameters of some object
43 The caller (the I<requestor>) sets up the C<OSSL_PARAM> array and
44 calls some function (the I<responder>) that has intimate knowledge
45 about the object, which can take the internal data of the object and
46 copy (possibly convert) that to the memory prepared by the
47 I<requestor> and pointed at with the C<OSSL_PARAM> C<data>.
49 =item * Request parameter descriptors
51 The caller gets an array of constant C<OSSL_PARAM>, which describe
52 available parameters and some of their properties; name, data type and
54 For a detailed description of each field for this use, see the field
57 The caller may then use the information from this descriptor array to
58 build up its own C<OSSL_PARAM> array to pass down to a I<setter> or
63 =head2 C<OSSL_PARAM> fields
69 The identity of the parameter in the form of a string.
73 =for comment It's still debated if this field should be present, or if
74 the type should always be implied by how it's used.
75 Either way, these data types will have to be passed together with the
76 names as an array of OSSL_ITEM, for discovery purposes.
78 The C<data_type> is a value that describes the type and organization of
80 See L</Supported types> below for a description of the types.
86 C<data> is a pointer to the memory where the parameter data is (when
87 setting parameters) or shall (when requesting parameters) be stored,
88 and C<data_size> is its size in bytes.
89 The organization of the data depends on the parameter type and flag.
91 When the C<OSSL_PARAM> is used as a parameter descriptor, C<data>
93 If C<data_size> is zero, it means that an arbitrary data size is
94 accepted, otherwise it specifies the maximum size allowed.
98 When an array of C<OSSL_PARAM> is used to request data, the
99 I<responder> must set this field to indicate the actual size of the
101 In case the C<data_size> is too small for the data, the I<responder>
102 must still set this field to indicate the minimum data size required.
104 When the C<OSSL_PARAM> is used as a parameter descriptor,
105 C<return_size> should be ignored.
111 The key names and associated types are defined by the entity that
112 offers these parameters, i.e. names for parameters provided by the
113 OpenSSL libraries are defined by the libraries, and names for
114 parameters provided by providers are defined by those providers,
115 except for the pointer form of strings (see data type descriptions
117 Entities that want to set or request parameters need to know what
118 those keys are and of what type, any functionality between those two
119 entities should remain oblivious and just pass the C<OSSL_PARAM> array
122 =head2 Supported types
124 The C<data_type> field can be one of the following types:
128 =item C<OSSL_PARAM_INTEGER>
130 =item C<OSSL_PARAM_UNSIGNED_INTEGER>
132 The parameter data is an integer (signed or unsigned) of arbitrary
133 length, organized in native form, i.e. most significant byte first on
134 Big-Endian systems, and least significant byte first on Little-Endian
137 =item C<OSSL_PARAM_REAL>
139 The parameter data is a floating point value in native form.
141 =item C<OSSL_PARAM_UTF8_STRING>
143 The parameter data is a printable string.
145 =item C<OSSL_PARAM_OCTET_STRING>
147 The parameter data is an arbitrary string of bytes.
149 =item C<OSSL_PARAM_UTF8_PTR>
151 The parameter data is a pointer to a printable string.
153 The difference between this and C<OSSL_PARAM_UTF8_STRING> is that C<data>
154 doesn't point directly at the data, but to a pointer that points to the data.
156 This is used to indicate that constant data is or will be passed,
157 and there is therefore no need to copy the data that is passed, just
160 C<data_size> must be set to the size of the data, not the size of the
162 If this is used in a parameter request,
163 C<data_size> is not relevant. However, the I<responder> will set
164 C<return_size> to the size of the data.
166 Note that the use of this type is B<fragile> and can only be safely
167 used for data that remains constant and in a constant location for a
168 long enough duration (such as the life-time of the entity that
169 offers these parameters).
171 =item C<OSSL_PARAM_OCTET_PTR>
173 The parameter data is a pointer to an arbitrary string of bytes.
175 The difference between this and C<OSSL_PARAM_OCTET_STRING> is that
176 C<data> doesn't point directly at the data, but to a pointer that
179 This is used to indicate that constant data is or will be passed, and
180 there is therefore no need to copy the data that is passed, just the
183 C<data_size> must be set to the size of the data, not the size of the
185 If this is used in a parameter request,
186 C<data_size> is not relevant. However, the I<responder> will set
187 C<return_size> to the size of the data.
189 Note that the use of this type is B<fragile> and can only be safely
190 used for data that remains constant and in a constant location for a
191 long enough duration (such as the life-time of the entity that
192 offers these parameters).
198 Both when setting and requesting parameters, the functions that are
199 called will have to decide what is and what is not an error.
200 The recommended behaviour is:
206 Keys that a I<setter> or I<responder> doesn't recognise should simply
208 That in itself isn't an error.
212 If the keys that a called I<setter> recognises form a consistent
213 enough set of data, that call should succeed.
217 Apart from the C<return_size>, a I<responder> must never change the fields
219 To return a value, it should change the contents of the memory that
224 If the data type for a key that it's associated with is incorrect,
225 the called function may return an error.
227 The called function may also try to convert the data to a suitable
228 form (for example, it's plausible to pass a large number as an octet
229 string, so even though a given key is defined as an
230 C<OSSL_PARAM_UNSIGNED_INTEGER>, is plausible to pass the value as an
231 C<OSSL_PARAM_OCTET_STRING>), but this is in no way mandatory.
235 If a I<responder> finds that some data sizes are too small for the
236 requested data, it must set C<return_size> for each such
237 C<OSSL_PARAM> item to the required size, and eventually return an
242 =begin comment RETURN VALUES doesn't make sense for a manual that only
243 describes a type, but document checkers still want that section, and
244 to have more than just the section title.
254 A couple of examples to just show how C<OSSL_PARAM> arrays could be
259 This example is for setting parameters on some object:
261 #include <openssl/core.h>
263 const char *foo = "some string";
264 size_t foo_l = strlen(foo) + 1;
265 const char bar[] = "some other string";
267 { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, foo_l, 0 },
268 { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
269 { NULL, 0, NULL, 0, NULL }
274 This example is for requesting parameters on some object:
276 const char *foo = NULL;
280 OSSL_PARAM request[] = {
281 { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, 0 /*irrelevant*/, 0 },
282 { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
283 { NULL, 0, NULL, 0, NULL }
286 A I<responder> that receives this array (as C<params> in this example)
287 could fill in the parameters like this:
289 /* OSSL_PARAM *params */
293 for (i = 0; params[i].key != NULL; i++) {
294 if (strcmp(params[i].key, "foo") == 0) {
295 *(char **)params[i].data = "foo value";
296 params[i].return_size = 10; /* size of "foo value" */
297 } else if (strcmp(params[i].key, "bar") == 0) {
298 memcpy(params[i].data, "bar value", 10);
299 params[i].return_size = 10; /* size of "bar value" */
301 /* Ignore stuff we don't know */
306 L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>
310 C<OSSL_PARAM> was added in OpenSSL 3.0.
314 Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
316 Licensed under the Apache License 2.0 (the "License"). You may not use
317 this file except in compliance with the License. You can obtain a copy
318 in the file LICENSE in the source distribution or at
319 L<https://www.openssl.org/source/license.html>.