OSSL_PARAM_allocate_from_text - OSSL_PARAM construction utilities
#include <openssl/params.h>
int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, const OSSL_PARAM *paramdefs, const char *key, const char *value, size_t value_n, int *found);
With OpenSSL before version 3.0, parameters were passed down to or retrieved from algorithm implementations via control functions. Some of these control functions existed in variants that took string parameters, for example EVP_PKEY_CTX_ctrl_str(3).
OpenSSL 3.0 introduces a new mechanism to do the same thing with an array of parameters that contain name, value, value type and value size (see OSSL_PARAM(3) for more information).
OSSL_PARAM_allocate_from_text()
takes a control key, value and
value size value_n, and given a parameter descriptor array
paramdefs, it converts the value to something suitable for
OSSL_PARAM(3) and stores that in the buffer buf, and modifies
the parameter to to match.
buf_n, if not NULL, will be assigned the number of bytes used in
buf.
If buf is NULL, only buf_n will be modified, everything else is
left untouched, allowing a caller to find out how large the buffer
should be.
buf needs to be correctly aligned for the type of the OSSL_PARAM
key.
If <found> is not NULL, it is set to 1 if the parameter can be located and
to 0 otherwise.
The caller must remember to free the data of to when it's not useful any more.
For parameters having the type OSSL_PARAM_INTEGER, OSSL_PARAM_UNSIGNED_INTEGER, or OSSL_PARAM_OCTET_STRING, both functions will interpret the value differently if the key starts with "hex". In that case, the value is decoded first, and the result will be used as parameter value.
OSSL_PARAM_allocate_from_text()
returns 1 on success, and 0 on error.
The parameter descriptor array comes from functions dedicated to return them. The following OSSL_PARAM attributes are used:
All other attributes are ignored.
The data_size attribute can be zero, meaning that the parameter it describes expects arbitrary length data.
Code that looked like this:
int mac_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) { int rv; char *stmp, *vtmp = NULL;
stmp = OPENSSL_strdup(value); if (stmp == NULL) return -1; vtmp = strchr(stmp, ':'); if (vtmp != NULL) *vtmp++ = '\0'; rv = EVP_MAC_ctrl_str(ctx, stmp, vtmp); OPENSSL_free(stmp); return rv; }
...
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { char *macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { BIO_printf(bio_err, "MAC parameter error \"%s\"\n", macopt); ERR_print_errors(bio_err); goto mac_end; } }
Can be written like this instead:
OSSL_PARAM *params = OPENSSL_zalloc(sizeof(*params) * (sk_OPENSSL_STRING_num(opts) + 1)); const OSSL_PARAM *paramdefs = EVP_MAC_settable_ctx_params(mac); size_t params_n; char *opt = "<unknown>";
for (params_n = 0; params_n < (size_t)sk_OPENSSL_STRING_num(opts); params_n++) { char *stmp, *vtmp = NULL;
opt = sk_OPENSSL_STRING_value(opts, (int)params_n); if ((stmp = OPENSSL_strdup(opt)) == NULL || (vtmp = strchr(stmp, ':')) == NULL) goto err;
*vtmp++ = '\0'; if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], paramdefs, stmp, vtmp, strlen(vtmp), NULL)) goto err; } params[params_n] = OSSL_PARAM_construct_end(); if (!EVP_MAC_CTX_set_params(ctx, params)) goto err; while (params_n-- > 0) OPENSSL_free(params[params_n].data); OPENSSL_free(params); /* ... */ return;
err: BIO_printf(bio_err, "MAC parameter error '%s'\n", opt); ERR_print_errors(bio_err);
OSSL_PARAM(3), OSSL_PARAM_int(3)
Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.