Newer
Older
/* what we put in client cert requests */
STACK_OF(X509_NAME) *client_CA;
/*
* Default values to use in SSL structures follow (these are copied by
* SSL_new)
*/
unsigned long options;
unsigned long mode;
long max_cert_list;
struct cert_st /* CERT */ *cert;
int read_ahead;
/* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
int verify_mode;
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* called 'verify_callback' in the SSL */
int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
# if 0
int purpose; /* Purpose setting */
int trust; /* Trust setting */
# endif
/*
* Maximum amount of data to send in one fragment. actual record size can
* be more than this due to padding and MAC overheads.
*/
unsigned int max_send_fragment;
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
# ifndef OPENSSL_NO_ENGINE
/*
* Engine to pass requests for client certs to
*/
ENGINE *client_cert_engine;
# endif
# ifndef OPENSSL_NO_TLSEXT
/* TLS extensions servername callback */
int (*tlsext_servername_callback) (SSL *, int *, void *);
void *tlsext_servername_arg;
/* RFC 4507 session ticket keys */
unsigned char tlsext_tick_key_name[16];
unsigned char tlsext_tick_hmac_key[16];
unsigned char tlsext_tick_aes_key[16];
/* Callback to support customisation of ticket key setting */
int (*tlsext_ticket_key_cb) (SSL *ssl,
unsigned char *name, unsigned char *iv,
EVP_CIPHER_CTX *ectx,
HMAC_CTX *hctx, int enc);
/* certificate status request info */
/* Callback for status request */
int (*tlsext_status_cb) (SSL *ssl, void *arg);
void *tlsext_status_arg;
/* draft-rescorla-tls-opaque-prf-input-00.txt information */
int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput,
size_t len, void *arg);
void *tlsext_opaque_prf_input_callback_arg;
# endif
# ifndef OPENSSL_NO_PSK
char *psk_identity_hint;
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len);
unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
# endif
# ifndef OPENSSL_NO_BUF_FREELISTS
# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
unsigned int freelist_max_len;
struct ssl3_buf_freelist_st *wbuf_freelist;
struct ssl3_buf_freelist_st *rbuf_freelist;
# endif
# ifndef OPENSSL_NO_SRP
SRP_CTX srp_ctx; /* ctx for SRP authentication */
# endif
# ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation information */
/* (for experimental NPN extension). */
/*
* For a server, this contains a callback function by which the set of
* advertised protocols can be provided.
*/
int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf,
unsigned int *len, void *arg);
void *next_protos_advertised_cb_arg;
/*
* For a client, this contains a callback function that selects the next
* protocol from the list provided by the server.
*/
int (*next_proto_select_cb) (SSL *s, unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen, void *arg);
void *next_proto_select_cb_arg;
# endif
/*
* ALPN information (we are in the process of transitioning from NPN to
* ALPN.)
*/
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
/*-
* For a server, this contains a callback function that allows the
* server to select the protocol for the connection.
* out: on successful return, this must point to the raw protocol
* name (without the length prefix).
* outlen: on successful return, this contains the length of |*out|.
* in: points to the client's list of supported protocols in
* wire-format.
* inlen: the length of |in|.
*/
int (*alpn_select_cb) (SSL *s,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen, void *arg);
void *alpn_select_cb_arg;
/*
* For a client, this contains the list of supported protocols in wire
* format.
*/
unsigned char *alpn_client_proto_list;
unsigned alpn_client_proto_list_len;
/* SRTP profiles we are willing to do from RFC 5764 */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
# endif
/*
* Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
# ifndef OPENSSL_NO_EC
/* EC extension values inherited by SSL structure */
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist;
size_t tlsext_ellipticcurvelist_length;
unsigned char *tlsext_ellipticcurvelist;
# endif /* OPENSSL_NO_EC */
};
# define SSL_SESS_CACHE_OFF 0x0000
# define SSL_SESS_CACHE_CLIENT 0x0001
# define SSL_SESS_CACHE_SERVER 0x0002
# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
# define SSL_SESS_CACHE_NO_INTERNAL \
(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
# define SSL_CTX_sess_number(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
# define SSL_CTX_sess_connect(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
# define SSL_CTX_sess_connect_good(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
# define SSL_CTX_sess_connect_renegotiate(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
# define SSL_CTX_sess_accept(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
# define SSL_CTX_sess_accept_renegotiate(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
# define SSL_CTX_sess_accept_good(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
# define SSL_CTX_sess_hits(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
# define SSL_CTX_sess_cb_hits(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
# define SSL_CTX_sess_misses(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
# define SSL_CTX_sess_timeouts(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
# define SSL_CTX_sess_cache_full(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
int (*new_session_cb) (struct ssl_st *ssl,
SSL_SESSION *sess));
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
SSL_SESSION *sess);
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
void (*remove_session_cb) (struct ssl_ctx_st
*ctx,
SSL_SESSION
*sess));
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
SSL_SESSION *sess);
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
SSL_SESSION *(*get_session_cb) (struct ssl_st
*ssl,
unsigned char
*data, int len,
int *copy));
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
unsigned char *Data,
int len, int *copy);
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
void (*cb) (const SSL *ssl, int type,
int val));
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
int (*client_cert_cb) (SSL *ssl, X509 **x509,
EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
EVP_PKEY **pkey);
# ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
# endif
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
int (*app_gen_cookie_cb) (SSL *ssl,
unsigned char
*cookie,
unsigned int
*cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
int (*app_verify_cookie_cb) (SSL *ssl,
unsigned char
*cookie,
unsigned int
cookie_len));
# ifndef OPENSSL_NO_NEXTPROTONEG
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
int (*cb) (SSL *ssl,
const unsigned char
**out,
unsigned int *outlen,
void *arg), void *arg);
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
int (*cb) (SSL *ssl,
unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client,
unsigned int client_len);
# endif
# define OPENSSL_NPN_UNSUPPORTED 0
# define OPENSSL_NPN_NEGOTIATED 1
# define OPENSSL_NPN_NO_OVERLAP 2
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned protos_len);
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned protos_len);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
void *arg), void *arg);
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
unsigned *len);
# ifndef OPENSSL_NO_PSK
/*
* the maximum length of the buffer given to callbacks containing the
* resulting identity/psk
*/
# define PSK_MAX_IDENTITY_LEN 128
# define PSK_MAX_PSK_LEN 256
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
unsigned int (*psk_client_callback) (SSL
*ssl,
const
char
*hint,
char
*identity,
unsigned
int
max_identity_len,
unsigned
char
*psk,
unsigned
int
max_psk_len));
void SSL_set_psk_client_callback(SSL *ssl,
unsigned int (*psk_client_callback) (SSL
*ssl,
const
char
*hint,
char
*identity,
unsigned
int
max_identity_len,
unsigned
char
*psk,
unsigned
int
max_psk_len));
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
unsigned int (*psk_server_callback) (SSL
*ssl,
const
char
*identity,
unsigned
char
*psk,
unsigned
int
max_psk_len));
unsigned int (*psk_server_callback) (SSL
*ssl,
const
char
*identity,
unsigned
char
*psk,
unsigned
int
max_psk_len));
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
const char *SSL_get_psk_identity_hint(const SSL *s);
const char *SSL_get_psk_identity(const SSL *s);
/* Register callbacks to handle custom TLS Extensions for client or server. */
int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
custom_ext_add_cb add_cb,
custom_ext_free_cb free_cb,
void *add_arg,
custom_ext_parse_cb parse_cb,
void *parse_arg);
int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
custom_ext_add_cb add_cb,
custom_ext_free_cb free_cb,
void *add_arg,
custom_ext_parse_cb parse_cb,
void *parse_arg);
int SSL_extension_supported(unsigned int ext_type);
# define SSL_NOTHING 1
# define SSL_WRITING 2
# define SSL_READING 3
# define SSL_X509_LOOKUP 4
/* These will only be used when doing non-blocking IO */
# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
# define SSL_want_read(s) (SSL_want(s) == SSL_READING)
# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
# define SSL_MAC_FLAG_READ_MAC_STREAM 1
# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
struct ssl_st {
/*
* protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
* DTLS1_VERSION)
*/
int version;
/* SSL_ST_CONNECT or SSL_ST_ACCEPT */
int type;
/* SSLv3 */
const SSL_METHOD *method;
/*
* There are 2 BIO's even though they are normally both the same. This
* is so data can be read and written to different handlers
*/
# ifndef OPENSSL_NO_BIO
/* used by SSL_read */
BIO *rbio;
/* used by SSL_write */
BIO *wbio;
/* used during session-id reuse to concatenate messages */
BIO *bbio;
# else
/* used by SSL_read */
char *rbio;
/* used by SSL_write */
char *wbio;
char *bbio;
# endif
/*
* This holds a variable that indicates what we were doing when a 0 or -1
* is returned. This is needed for non-blocking IO so we know what
* request needs re-doing when in SSL_accept or SSL_connect
*/
int rwstate;
/* true when we are actually in SSL_accept() or SSL_connect() */
int in_handshake;
int (*handshake_func) (SSL *);
/*
* Imagine that here's a boolean member "init" that is switched as soon
* as SSL_set_{accept/connect}_state is called for the first time, so
* that "state" and "handshake_func" are properly initialized. But as
* handshake_func is == 0 until then, we use this test instead of an
* "init" member.
*/
/* are we the server side? - mostly used by SSL_clear */
int server;
/*
* Generate a new session or reuse an old one.
* NB: For servers, the 'new' session may actually be a previously
* cached session or even the previous session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
*/
int new_session;
/* don't send shutdown packets */
int quiet_shutdown;
/* we have shut things down, 0x01 sent, 0x02 for received */
int shutdown;
/* where we are */
int state;
/* where we are when reading */
int rstate;
BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by
* ssl3_get_message() */
int init_num; /* amount read/written */
int init_off; /* amount read/written */
/* used internally to point at a raw packet */
unsigned char *packet;
unsigned int packet_length;
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
int read_ahead; /* Read as many input bytes as possible (for
* non-blocking reads) */
/* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
int hit; /* reusing a previous session */
X509_VERIFY_PARAM *param;
# if 0
int purpose; /* Purpose setting */
int trust; /* Trust setting */
# endif
/* crypto */
STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/*
* These are the ones being used, the ones in SSL_SESSION are the ones to
* be 'copied' into these ones
*/
int mac_flags;
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
EVP_MD_CTX *read_hash; /* used for mac generation */
# ifndef OPENSSL_NO_COMP
COMP_CTX *expand; /* uncompress */
# else
char *expand;
# endif
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD_CTX *write_hash; /* used for mac generation */
# ifndef OPENSSL_NO_COMP
COMP_CTX *compress; /* compression */
# else
char *compress;
# endif
/* session info */
/* client cert? */
/* This is used to hold the server certificate used */
struct cert_st /* CERT */ *cert;
/*
* the session_id_context is used to ensure sessions are only reused in
* the appropriate context
*/
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This can also be in the session once a session is established */
SSL_SESSION *session;
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
/* Used in SSL3 */
/*
* 0 don't care about verify failure.
* 1 fail if verify fails
*/
int verify_mode;
/* fail if callback returns 0 */
int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
/* optional informational callback */
void (*info_callback) (const SSL *ssl, int type, int val);
/* error bytes to be written */
int error;
/* actual code */
int error_code;
# ifndef OPENSSL_NO_KRB5
/* Kerberos 5 context */
KSSL_CTX *kssl_ctx;
# endif /* OPENSSL_NO_KRB5 */
# ifndef OPENSSL_NO_PSK
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len);
unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
# endif
SSL_CTX *ctx;
/*
* set this flag to 1 and a sleep(1) is put into all SSL_read() and
* SSL_write() calls, good for nbio debuging :-)
*/
int debug;
/* extra application data */
long verify_result;
CRYPTO_EX_DATA ex_data;
/* for server side, keep the list of CA_dn we can use */
STACK_OF(X509_NAME) *client_CA;
int references;
/* protocol behaviour */
unsigned long options;
/* API behaviour */
unsigned long mode;
long max_cert_list;
int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */
int client_version;
unsigned int max_send_fragment;
# ifndef OPENSSL_NO_TLSEXT
/* TLS extension debug callback */
void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
unsigned char *data, int len, void *arg);
void *tlsext_debug_arg;
char *tlsext_hostname;
/*-
* 0 : call the servername extension callback.
* 1 : prepare 2, allow last ack just after in server callback.
* 2 : don't call servername callback, no ack in server hello
*/
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
int servername_done;
/* certificate status request info */
/* Status type or -1 if no status type */
int tlsext_status_type;
/* Expect OCSP CertificateStatus message */
int tlsext_status_expected;
/* OCSP status request only */
STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
X509_EXTENSIONS *tlsext_ocsp_exts;
/* OCSP response received or to be sent */
unsigned char *tlsext_ocsp_resp;
int tlsext_ocsp_resplen;
/* RFC4507 session ticket expected to be received or sent */
int tlsext_ticket_expected;
# ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
/* our list */
unsigned char *tlsext_ecpointformatlist;
size_t tlsext_ellipticcurvelist_length;
/* our list */
unsigned char *tlsext_ellipticcurvelist;
# endif /* OPENSSL_NO_EC */
/*
* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for
* handshakes
*/
void *tlsext_opaque_prf_input;
size_t tlsext_opaque_prf_input_len;
/* TLS Session Ticket extension override */
TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
/* TLS Session Ticket extension callback */
tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
void *tls_session_ticket_ext_cb_arg;
/* TLS pre-shared secret session resumption */
tls_session_secret_cb_fn tls_session_secret_cb;
void *tls_session_secret_cb_arg;
SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* Next protocol negotiation. For the client, this is the protocol that
* we sent in NextProtocol and is set when handling ServerHello
* extensions. For a server, this is the client's selected_protocol from
* NextProtocol and is set when handling the NextProtocol message, before
* the Finished message.
*/
unsigned char *next_proto_negotiated;
unsigned char next_proto_negotiated_len;
# endif
# define session_ctx initial_ctx
/* What we'll do */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */
SRTP_PROTECTION_PROFILE *srtp_profile;
/*-
* Is use of the Heartbeat extension negotiated?
* 0: disabled
* 1: enabled
* 2: enabled, but not allowed to send Requests
*/
unsigned int tlsext_heartbeat;
/* Indicates if a HeartbeatRequest is in flight */
unsigned int tlsext_hb_pending;
/* HeartbeatRequest sequence number */
unsigned int tlsext_hb_seq;
/*
* For a client, this contains the list of supported protocols in wire
* format.
*/
unsigned char *alpn_client_proto_list;
unsigned alpn_client_proto_list_len;
# else
# define session_ctx ctx
# endif /* OPENSSL_NO_TLSEXT */
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
* (i.e. not just sending a HelloRequest)
*/
int renegotiate;
# ifndef OPENSSL_NO_SRP
/* ctx for SRP authentication */
SRP_CTX srp_ctx;
# endif
/*
* Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
};
#ifdef __cplusplus
}
#endif
# include <openssl/ssl2.h>
# include <openssl/ssl3.h>
# include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
# include <openssl/dtls1.h> /* Datagram TLS */
# include <openssl/ssl23.h>
# include <openssl/srtp.h> /* Support for the use_srtp extension */
#ifdef __cplusplus
extern "C" {
#endif
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
# define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
/*
* The following are the possible values for ssl->state are are used to
* indicate where we are up to in the SSL connection establishment. The
* macros that follow are about the only things you should need to use and
* even then, only when using non-blocking IO. It can also be useful to work
* out where you were when the connection failed
*/
# define SSL_ST_CONNECT 0x1000
# define SSL_ST_ACCEPT 0x2000
# define SSL_ST_MASK 0x0FFF
# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
# define SSL_CB_READ 0x04
# define SSL_CB_WRITE 0x08
# define SSL_CB_ALERT 0x4000/* used in callback */
# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
# define SSL_CB_HANDSHAKE_START 0x10
# define SSL_CB_HANDSHAKE_DONE 0x20
/* Is the SSL_connection established? */
# define SSL_get_state(a) SSL_state(a)
# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
/*
* The following 2 states are kept in ssl->rstate when reads fail, you should
* not need these
*/
# define SSL_ST_READ_HEADER 0xF0
# define SSL_ST_READ_BODY 0xF1
# define SSL_ST_READ_DONE 0xF2
/*-
* Obtain latest Finished message
* -- that we sent (SSL_get_finished)
* -- that we expected from peer (SSL_get_peer_finished).
* Returns length (0 == no Finished so far), copies up to 'count' bytes.
*/
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
/*
* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
* 'ored' with SSL_VERIFY_PEER if they are desired
*/
# define SSL_VERIFY_NONE 0x00
# define SSL_VERIFY_PEER 0x01
# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
# define SSL_VERIFY_CLIENT_ONCE 0x04
# define OpenSSL_add_ssl_algorithms() SSL_library_init()
# define SSLeay_add_ssl_algorithms() SSL_library_init()
# if 0 /* NEW_SSLEAY */
# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
# endif
# define SSL_get_cipher(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))
# define SSL_get_cipher_bits(s,np) \
SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
# define SSL_get_cipher_version(s) \
SSL_CIPHER_get_version(SSL_get_current_cipher(s))
# define SSL_get_cipher_name(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))
# define SSL_get_time(a) SSL_SESSION_get_time(a)
# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value
* from SSL_AD_... */
/* These alert types are for SSLv3 and TLSv1 */
# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE
# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC
# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE
# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE
# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE
# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER
# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA
# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED
# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR
# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION
# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION
# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY
# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR
# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK
# define SSL_ERROR_NONE 0
# define SSL_ERROR_SSL 1
# define SSL_ERROR_WANT_READ 2
# define SSL_ERROR_WANT_WRITE 3
# define SSL_ERROR_WANT_X509_LOOKUP 4
# define SSL_ERROR_SYSCALL 5/* look at error stack/return
* value/errno */
# define SSL_ERROR_ZERO_RETURN 6
# define SSL_ERROR_WANT_CONNECT 7
# define SSL_ERROR_WANT_ACCEPT 8
# define SSL_CTRL_NEED_TMP_RSA 1
# define SSL_CTRL_SET_TMP_RSA 2
# define SSL_CTRL_SET_TMP_DH 3
# define SSL_CTRL_SET_TMP_ECDH 4
# define SSL_CTRL_SET_TMP_RSA_CB 5
# define SSL_CTRL_SET_TMP_DH_CB 6
# define SSL_CTRL_SET_TMP_ECDH_CB 7
# define SSL_CTRL_GET_SESSION_REUSED 8
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
# define SSL_CTRL_GET_FLAGS 13
# define SSL_CTRL_EXTRA_CHAIN_CERT 14
# define SSL_CTRL_SET_MSG_CALLBACK 15
# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
# define SSL_CTRL_SESS_NUMBER 20
# define SSL_CTRL_SESS_CONNECT 21
# define SSL_CTRL_SESS_CONNECT_GOOD 22
# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
# define SSL_CTRL_SESS_ACCEPT 24
# define SSL_CTRL_SESS_ACCEPT_GOOD 25
# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
# define SSL_CTRL_SESS_HIT 27
# define SSL_CTRL_SESS_CB_HIT 28
# define SSL_CTRL_SESS_MISSES 29
# define SSL_CTRL_SESS_TIMEOUTS 30
# define SSL_CTRL_SESS_CACHE_FULL 31
# define SSL_CTRL_OPTIONS 32
# define SSL_CTRL_MODE 33
# define SSL_CTRL_GET_READ_AHEAD 40
# define SSL_CTRL_SET_READ_AHEAD 41
# define SSL_CTRL_SET_SESS_CACHE_SIZE 42
# define SSL_CTRL_GET_SESS_CACHE_SIZE 43
# define SSL_CTRL_SET_SESS_CACHE_MODE 44
# define SSL_CTRL_GET_SESS_CACHE_MODE 45
# define SSL_CTRL_GET_MAX_CERT_LIST 50
# define SSL_CTRL_SET_MAX_CERT_LIST 51
# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
# ifndef OPENSSL_NO_TLSEXT
# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
# define SSL_CTRL_SET_SRP_ARG 78
# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
# ifndef OPENSSL_NO_HEARTBEATS
# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
# endif
# endif /* OPENSSL_NO_TLSEXT */
# define DTLS_CTRL_GET_TIMEOUT 73
# define DTLS_CTRL_HANDLE_TIMEOUT 74
# define DTLS_CTRL_LISTEN 75
# define SSL_CTRL_GET_RI_SUPPORT 76
# define SSL_CTRL_CLEAR_OPTIONS 77
# define SSL_CTRL_CLEAR_MODE 78
# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79
# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
# define SSL_CTRL_CHAIN 88
# define SSL_CTRL_CHAIN_CERT 89
# define SSL_CTRL_GET_CURVES 90
# define SSL_CTRL_SET_CURVES 91
# define SSL_CTRL_SET_CURVES_LIST 92
# define SSL_CTRL_GET_SHARED_CURVE 93
# define SSL_CTRL_SET_ECDH_AUTO 94
# define SSL_CTRL_SET_SIGALGS 97
# define SSL_CTRL_SET_SIGALGS_LIST 98
# define SSL_CTRL_CERT_FLAGS 99
# define SSL_CTRL_CLEAR_CERT_FLAGS 100
# define SSL_CTRL_SET_CLIENT_SIGALGS 101
# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102
# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103
# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104
# define SSL_CTRL_BUILD_CERT_CHAIN 105
# define SSL_CTRL_SET_VERIFY_CERT_STORE 106
# define SSL_CTRL_SET_CHAIN_CERT_STORE 107
# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
# define SSL_CTRL_GET_SERVER_TMP_KEY 109
# define SSL_CTRL_GET_RAW_CIPHERLIST 110
# define SSL_CTRL_GET_EC_POINT_FORMATS 111
# define SSL_CTRL_GET_CHAIN_CERTS 115
# define SSL_CTRL_SELECT_CURRENT_CERT 116
# define SSL_CTRL_SET_CURRENT_CERT 117
# define SSL_CTRL_SET_DH_AUTO 118
# define SSL_CTRL_CHECK_PROTO_VERSION 119
# define DTLS_CTRL_SET_LINK_MTU 120
# define DTLS_CTRL_GET_LINK_MIN_MTU 121
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
# define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
# define DTLSv1_handle_timeout(ssl) \
SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
# define DTLSv1_listen(ssl, peer) \
SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
# define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
# define SSL_num_renegotiations(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
# define SSL_clear_num_renegotiations(ssl) \
SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
# define SSL_total_renegotiations(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
# define SSL_CTX_need_tmp_RSA(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
# define SSL_CTX_set_tmp_rsa(ctx,rsa) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
# define SSL_CTX_set_tmp_dh(ctx,dh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
# define SSL_CTX_set_dh_auto(ctx, onoff) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_dh_auto(s, onoff) \
SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_need_tmp_RSA(ssl) \
SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
# define SSL_set_tmp_rsa(ssl,rsa) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)