5 OSSL_PARAM - a structure to pass or request object parameters
9 #include <openssl/core.h>
11 typedef struct ossl_param_st OSSL_PARAM;
12 struct ossl_param_st {
13 const char *key; /* the name of the parameter */
14 unsigned char data_type; /* declare what kind of content is in data */
15 void *data; /* value being passed in or out */
16 size_t data_size; /* data size */
17 size_t return_size; /* returned size */
22 B<OSSL_PARAM> is a type that allows passing arbitrary data for some
23 object between two parties that have no or very little shared
24 knowledge about their respective internal structures for that object.
26 A typical usage example could be an application that wants to set some
27 parameters for an object, or wants to find out some parameters of an
30 Arrays of this type can be used for the following purposes:
34 =item * Setting parameters for some object
36 The caller sets up the B<OSSL_PARAM> array and calls some function
37 (the I<setter>) that has intimate knowledge about the object that can
38 take the data from the B<OSSL_PARAM> array and assign them in a
39 suitable form for the internal structure of the object.
41 =item * Request parameters of some object
43 The caller (the I<requester>) sets up the B<OSSL_PARAM> array and
44 calls some function (the I<responder>) that has intimate knowledge
45 about the object, which can take the internal data of the object and
46 copy (possibly convert) that to the memory prepared by the
47 I<requester> and pointed at with the B<OSSL_PARAM> I<data>.
49 =item * Request parameter descriptors
51 The caller gets an array of constant B<OSSL_PARAM>, which describe
52 available parameters and some of their properties; name, data type and
54 For a detailed description of each field for this use, see the field
57 The caller may then use the information from this descriptor array to
58 build up its own B<OSSL_PARAM> array to pass down to a I<setter> or
63 Normally, the order of the an B<OSSL_PARAM> array is not relevant.
64 However, if the I<responder> can handle multiple elements with the
65 same key, those elements must be handled in the order they are in.
67 An B<OSSL_PARAM> array must have a terminating element, where I<key>
68 is NULL. The usual full terminating template is:
70 { NULL, 0, NULL, 0, 0 }
72 This can also be specified using L<OSSL_PARAM_END(3)>.
74 =head2 Functional support
76 Libcrypto offers a limited set of helper functions to handle
77 B<OSSL_PARAM> items and arrays, please see L<OSSL_PARAM_get_int(3)>.
78 Developers are free to extend or replace those as they see fit.
80 =head2 B<OSSL_PARAM> fields
86 The identity of the parameter in the form of a string.
88 In an B<OSSL_PARAM> array, an item with this field set to NULL is
89 considered a terminating item.
93 The I<data_type> is a value that describes the type and organization of
95 See L</Supported types> below for a description of the types.
101 I<data> is a pointer to the memory where the parameter data is (when
102 setting parameters) or shall (when requesting parameters) be stored,
103 and I<data_size> is its size in bytes.
104 The organization of the data depends on the parameter type and flag.
106 The I<data_size> needs special attention with the parameter type
107 B<OSSL_PARAM_UTF8_STRING> in relation to C strings. When setting
108 parameters, the size should be set to the length of the string, not
109 counting the terminating NUL byte. When requesting parameters, the
110 size should be set to the size of the buffer to be populated, which
111 should accommodate enough space for a terminating NUL byte.
113 When I<requesting parameters>, it's acceptable for I<data> to be NULL.
114 This can be used by the I<requester> to figure out dynamically exactly
115 how much buffer space is needed to store the parameter data.
116 In this case, I<data_size> is ignored.
118 When the B<OSSL_PARAM> is used as a parameter descriptor, I<data>
120 If I<data_size> is zero, it means that an arbitrary data size is
121 accepted, otherwise it specifies the maximum size allowed.
125 When an array of B<OSSL_PARAM> is used to request data, the
126 I<responder> must set this field to indicate size of the parameter
127 data, including padding as the case may be.
128 In case the I<data_size> is an unsuitable size for the data, the
129 I<responder> must still set this field to indicate the minimum data
131 (further notes on this in L</NOTES> below).
133 When the B<OSSL_PARAM> is used as a parameter descriptor,
134 I<return_size> should be ignored.
140 The key names and associated types are defined by the entity that
141 offers these parameters, i.e. names for parameters provided by the
142 OpenSSL libraries are defined by the libraries, and names for
143 parameters provided by providers are defined by those providers,
144 except for the pointer form of strings (see data type descriptions
146 Entities that want to set or request parameters need to know what
147 those keys are and of what type, any functionality between those two
148 entities should remain oblivious and just pass the B<OSSL_PARAM> array
151 =head2 Supported types
153 The I<data_type> field can be one of the following types:
157 =item B<OSSL_PARAM_INTEGER>
159 =item B<OSSL_PARAM_UNSIGNED_INTEGER>
161 The parameter data is an integer (signed or unsigned) of arbitrary
162 length, organized in native form, i.e. most significant byte first on
163 Big-Endian systems, and least significant byte first on Little-Endian
166 =item B<OSSL_PARAM_REAL>
168 The parameter data is a floating point value in native form.
170 =item B<OSSL_PARAM_UTF8_STRING>
172 The parameter data is a printable string.
174 =item B<OSSL_PARAM_OCTET_STRING>
176 The parameter data is an arbitrary string of bytes.
178 =item B<OSSL_PARAM_UTF8_PTR>
180 The parameter data is a pointer to a printable string.
182 The difference between this and B<OSSL_PARAM_UTF8_STRING> is that I<data>
183 doesn't point directly at the data, but to a pointer that points to the data.
185 If there is any uncertainty about which to use, B<OSSL_PARAM_UTF8_STRING> is
186 almost certainly the correct choice.
188 This is used to indicate that constant data is or will be passed,
189 and there is therefore no need to copy the data that is passed, just
192 I<data_size> must be set to the size of the data, not the size of the
194 If this is used in a parameter request,
195 I<data_size> is not relevant. However, the I<responder> will set
196 I<return_size> to the size of the data.
198 Note that the use of this type is B<fragile> and can only be safely
199 used for data that remains constant and in a constant location for a
200 long enough duration (such as the life-time of the entity that
201 offers these parameters).
203 =item B<OSSL_PARAM_OCTET_PTR>
205 The parameter data is a pointer to an arbitrary string of bytes.
207 The difference between this and B<OSSL_PARAM_OCTET_STRING> is that
208 I<data> doesn't point directly at the data, but to a pointer that
211 If there is any uncertainty about which to use, B<OSSL_PARAM_OCTET_STRING> is
212 almost certainly the correct choice.
214 This is used to indicate that constant data is or will be passed, and
215 there is therefore no need to copy the data that is passed, just the
218 I<data_size> must be set to the size of the data, not the size of the
220 If this is used in a parameter request,
221 I<data_size> is not relevant. However, the I<responder> will set
222 I<return_size> to the size of the data.
224 Note that the use of this type is B<fragile> and can only be safely
225 used for data that remains constant and in a constant location for a
226 long enough duration (such as the life-time of the entity that
227 offers these parameters).
233 Both when setting and requesting parameters, the functions that are
234 called will have to decide what is and what is not an error.
235 The recommended behaviour is:
241 Keys that a I<setter> or I<responder> doesn't recognise should simply
243 That in itself isn't an error.
247 If the keys that a called I<setter> recognises form a consistent
248 enough set of data, that call should succeed.
252 Apart from the I<return_size>, a I<responder> must never change the fields
254 To return a value, it should change the contents of the memory that
259 If the data type for a key that it's associated with is incorrect,
260 the called function may return an error.
262 The called function may also try to convert the data to a suitable
263 form (for example, it's plausible to pass a large number as an octet
264 string, so even though a given key is defined as an
265 B<OSSL_PARAM_UNSIGNED_INTEGER>, is plausible to pass the value as an
266 B<OSSL_PARAM_OCTET_STRING>), but this is in no way mandatory.
270 If I<data> for a B<OSSL_PARAM_OCTET_STRING> or a
271 B<OSSL_PARAM_UTF8_STRING> is NULL, the I<responder> should
272 set I<return_size> to the size of the item to be returned
273 and return success. Later the responder will be called again
274 with I<data> pointing at the place for the value to be put.
278 If a I<responder> finds that some data sizes are too small for the
279 requested data, it must set I<return_size> for each such
280 B<OSSL_PARAM> item to the minimum required size, and eventually return
285 For the integer type parameters (B<OSSL_PARAM_UNSIGNED_INTEGER> and
286 B<OSSL_PARAM_INTEGER>), a I<responder> may choose to return an error
287 if the I<data_size> isn't a suitable size (even if I<data_size> is
288 bigger than needed). If the I<responder> finds the size suitable, it
289 must fill all I<data_size> bytes and ensure correct padding for the
290 native endianness, and set I<return_size> to the same value as
295 =begin comment RETURN VALUES doesn't make sense for a manual that only
296 describes a type, but document checkers still want that section, and
297 to have more than just the section title.
307 A couple of examples to just show how B<OSSL_PARAM> arrays could be
312 This example is for setting parameters on some object:
314 #include <openssl/core.h>
316 const char *foo = "some string";
317 size_t foo_l = strlen(foo);
318 const char bar[] = "some other string";
320 { "foo", OSSL_PARAM_UTF8_PTR, &foo, foo_l, 0 },
321 { "bar", OSSL_PARAM_UTF8_STRING, (void *)&bar, sizeof(bar) - 1, 0 },
322 { NULL, 0, NULL, 0, 0 }
327 This example is for requesting parameters on some object:
329 const char *foo = NULL;
333 OSSL_PARAM request[] = {
334 { "foo", OSSL_PARAM_UTF8_PTR, &foo, 0 /*irrelevant*/, 0 },
335 { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
336 { NULL, 0, NULL, 0, 0 }
339 A I<responder> that receives this array (as I<params> in this example)
340 could fill in the parameters like this:
342 /* OSSL_PARAM *params */
346 for (i = 0; params[i].key != NULL; i++) {
347 if (strcmp(params[i].key, "foo") == 0) {
348 *(char **)params[i].data = "foo value";
349 params[i].return_size = 9; /* length of "foo value" string */
350 } else if (strcmp(params[i].key, "bar") == 0) {
351 memcpy(params[i].data, "bar value", 10);
352 params[i].return_size = 9; /* length of "bar value" string */
354 /* Ignore stuff we don't know */
359 L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>
363 B<OSSL_PARAM> was added in OpenSSL 3.0.
367 Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
369 Licensed under the Apache License 2.0 (the "License"). You may not use
370 this file except in compliance with the License. You can obtain a copy
371 in the file LICENSE in the source distribution or at
372 L<https://www.openssl.org/source/license.html>.