OSSL_PARAM_allocate_from_text - OSSL_PARAM construction utilities
#include <openssl/params.h>
int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to,
const OSSL_PARAM *paramdefs,
const char *key, const char *value,
size_t value_n,
int *found);
With OpenSSL before version 3.0, parameters were passed down to or retrieved
from algorithm implementations via control functions. Some of these control
functions existed in variants that took string parameters, for example
EVP_PKEY_CTX_ctrl_str(3).
OpenSSL 3.0 introduces a new mechanism to do the same thing with an array of
parameters that contain name, value, value type and value size (see
OSSL_PARAM(3) for more information).
OSSL_PARAM_allocate_from_text() uses
key to look up an item in
paramdefs. If an item was found, it converts
value to something
suitable for that item's
data_type, and stores the result in
to->data as well as its size in
to->data_size.
to->key and
to->data_type are assigned the corresponding
values from the item that was found, and
to->return_size is set to
zero.
to->data is always allocated using
OPENSSL_zalloc(3) and needs
to be freed by the caller when it's not useful any more, using
OPENSSL_free(3).
If
found is not NULL,
*found is set to 1 if
key could be
located in
paramdefs, and to 0 otherwise.
OSSL_PARAM_allocate_from_text() takes note if
key starts with
"hex", and will only use the rest of
key to look up an item
in
paramdefs in that case. As an example, if
key is
"hexid", "id" will be looked up in
paramdefs.
When an item in
paramdefs has been found,
value is converted
depending on that item's
data_type, as follows:
-
OSSL_PARAM_INTEGER and
OSSL_PARAM_UNSIGNED_INTEGER
- If key didn't start with "hex",
value is assumed to contain value_n decimal characters,
which are decoded, and the resulting bytes become the number stored in the
to->data storage.
If value starts with "0x", it is assumed to contain
value_n hexadecimal characters.
If key started with "hex", value is assumed to
contain value_n hexadecimal characters without the "0x"
prefix.
If value contains characters that couldn't be decoded as hexadecimal
or decimal characters, OSSL_PARAM_allocate_from_text() considers
that an error.
- OSSL_PARAM_UTF8_STRING
- If key started with "hex",
OSSL_PARAM_allocate_from_text() considers that an error.
Otherwise, value is considered a C string and is copied to the
to->data storage. On systems where the native character encoding
is EBCDIC, the bytes in to->data are converted to ASCII.
- OSSL_PARAM_OCTET_STRING
- If key started with "hex", value is
assumed to contain value_n hexadecimal characters, which are
decoded, and the resulting bytes are stored in the to->data
storage. If value contains characters that couldn't be decoded as
hexadecimal or decimal characters, OSSL_PARAM_allocate_from_text()
considers that an error.
If key didn't start with "hex", value_n bytes from
value are copied to the to->data storage.
OSSL_PARAM_allocate_from_text() returns 1 if
key was found in
paramdefs and there was no other failure, otherwise 0.
The parameter descriptor array comes from functions dedicated to return them.
The following
OSSL_PARAM(3) attributes are used:
- key
- data_type
- data_size
All other attributes are ignored.
The
data_size attribute can be zero, meaning that the parameter it
describes expects arbitrary length data.
Code that looked like this:
int mac_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
{
int rv;
char *stmp, *vtmp = NULL;
stmp = OPENSSL_strdup(value);
if (stmp == NULL)
return -1;
vtmp = strchr(stmp, ':');
if (vtmp != NULL)
*vtmp++ = '\0';
rv = EVP_MAC_ctrl_str(ctx, stmp, vtmp);
OPENSSL_free(stmp);
return rv;
}
...
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
char *macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
BIO_printf(bio_err,
"MAC parameter error \"%s\"\n", macopt);
ERR_print_errors(bio_err);
goto mac_end;
}
}
Can be written like this instead:
OSSL_PARAM *params =
OPENSSL_zalloc(sizeof(*params)
* (sk_OPENSSL_STRING_num(opts) + 1));
const OSSL_PARAM *paramdefs = EVP_MAC_settable_ctx_params(mac);
size_t params_n;
char *opt = "<unknown>";
for (params_n = 0; params_n < (size_t)sk_OPENSSL_STRING_num(opts);
params_n++) {
char *stmp, *vtmp = NULL;
opt = sk_OPENSSL_STRING_value(opts, (int)params_n);
if ((stmp = OPENSSL_strdup(opt)) == NULL
|| (vtmp = strchr(stmp, ':')) == NULL)
goto err;
*vtmp++ = '\0';
if (!OSSL_PARAM_allocate_from_text(¶ms[params_n],
paramdefs, stmp,
vtmp, strlen(vtmp), NULL))
goto err;
}
params[params_n] = OSSL_PARAM_construct_end();
if (!EVP_MAC_CTX_set_params(ctx, params))
goto err;
while (params_n-- > 0)
OPENSSL_free(params[params_n].data);
OPENSSL_free(params);
/* ... */
return;
err:
BIO_printf(bio_err, "MAC parameter error '%s'\n", opt);
ERR_print_errors(bio_err);
OSSL_PARAM(3),
OSSL_PARAM_int(3)
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy in the
file LICENSE in the source distribution or at
<
https://www.openssl.org/source/license.html>.