AWS s2n-tls v1.4.8-ba825b87
s2n-tls is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.
Loading...
Searching...
No Matches
s2n.h
Go to the documentation of this file.
1/*
2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License").
5 * You may not use this file except in compliance with the License.
6 * A copy of the License is located at
7 *
8 * http://aws.amazon.com/apache2.0
9 *
10 * or in the "license" file accompanying this file. This file is distributed
11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 * express or implied. See the License for the specific language governing
13 * permissions and limitations under the License.
14 */
15
23#pragma once
24
25#if ((__GNUC__ >= 4) || defined(__clang__)) && defined(S2N_EXPORTS)
29 #define S2N_API __attribute__((visibility("default")))
30#else
34 #define S2N_API
35#endif /* __GNUC__ >= 4 || defined(__clang__) */
36
37#ifdef __cplusplus
38extern "C" {
39#endif
40
41#include <stdbool.h>
42#include <stdint.h>
43#include <stdio.h>
44#include <sys/types.h>
45#include <sys/uio.h>
46
50#define S2N_SUCCESS 0
54#define S2N_FAILURE -1
55
59#define S2N_CALLBACK_BLOCKED -2
60
64#define S2N_MINIMUM_SUPPORTED_TLS_RECORD_MAJOR_VERSION 2
65
69#define S2N_MAXIMUM_SUPPORTED_TLS_RECORD_MAJOR_VERSION 3
70
74#define S2N_SSLv2 20
75
79#define S2N_SSLv3 30
80
84#define S2N_TLS10 31
85
89#define S2N_TLS11 32
90
94#define S2N_TLS12 33
95
99#define S2N_TLS13 34
100
104#define S2N_UNKNOWN_PROTOCOL_VERSION 0
105
123S2N_API extern __thread int s2n_errno;
124
131S2N_API extern int *s2n_errno_location(void);
132
147typedef enum {
165
176S2N_API extern int s2n_error_get_type(int error);
177
181struct s2n_config;
182
186struct s2n_connection;
187
203
217
224S2N_API extern unsigned long s2n_get_openssl_version(void);
225
234S2N_API extern int s2n_init(void);
235
242S2N_API extern int s2n_cleanup(void);
243
244typedef enum {
245 S2N_FIPS_MODE_DISABLED = 0,
246 S2N_FIPS_MODE_ENABLED,
247} s2n_fips_mode;
248
263S2N_API extern int s2n_get_fips_mode(s2n_fips_mode *fips_mode);
264
277S2N_API extern struct s2n_config *s2n_config_new(void);
278
292S2N_API extern struct s2n_config *s2n_config_new_minimal(void);
293
300S2N_API extern int s2n_config_free(struct s2n_config *config);
301
308S2N_API extern int s2n_config_free_dhparams(struct s2n_config *config);
309
316S2N_API extern int s2n_config_free_cert_chain_and_key(struct s2n_config *config);
317
325typedef int (*s2n_clock_time_nanoseconds)(void *, uint64_t *);
326
347typedef int (*s2n_cache_retrieve_callback)(struct s2n_connection *conn, void *, const void *key, uint64_t key_size, void *value, uint64_t *value_size);
348
362typedef int (*s2n_cache_store_callback)(struct s2n_connection *conn, void *, uint64_t ttl_in_seconds, const void *key, uint64_t key_size, const void *value, uint64_t value_size);
363
374typedef int (*s2n_cache_delete_callback)(struct s2n_connection *conn, void *, const void *key, uint64_t key_size);
375
388S2N_API extern int s2n_config_set_wall_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx);
389
402S2N_API extern int s2n_config_set_monotonic_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx);
403
411S2N_API extern const char *s2n_strerror(int error, const char *lang);
412
422S2N_API extern const char *s2n_strerror_debug(int error, const char *lang);
423
430S2N_API extern const char *s2n_strerror_name(int error);
431
438S2N_API extern const char *s2n_strerror_source(int error);
439
443struct s2n_stacktrace;
444
451
458S2N_API extern int s2n_stack_traces_enabled_set(bool newval);
459
466
474S2N_API extern int s2n_print_stacktrace(FILE *fptr);
475
482
489S2N_API extern int s2n_get_stacktrace(struct s2n_stacktrace *trace);
490
500S2N_API extern int s2n_config_set_cache_store_callback(struct s2n_config *config, s2n_cache_store_callback cache_store_callback, void *data);
501
511S2N_API extern int s2n_config_set_cache_retrieve_callback(struct s2n_config *config, s2n_cache_retrieve_callback cache_retrieve_callback, void *data);
512
522S2N_API extern int s2n_config_set_cache_delete_callback(struct s2n_config *config, s2n_cache_delete_callback cache_delete_callback, void *data);
523
527typedef int (*s2n_mem_init_callback)(void);
528
532typedef int (*s2n_mem_cleanup_callback)(void);
533
542typedef int (*s2n_mem_malloc_callback)(void **ptr, uint32_t requested, uint32_t *allocated);
543
547typedef int (*s2n_mem_free_callback)(void *ptr, uint32_t size);
548
560S2N_API extern int s2n_mem_set_callbacks(s2n_mem_init_callback mem_init_callback, s2n_mem_cleanup_callback mem_cleanup_callback,
561 s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback);
562
566typedef int (*s2n_rand_init_callback)(void);
567
571typedef int (*s2n_rand_cleanup_callback)(void);
572
577typedef int (*s2n_rand_seed_callback)(void *data, uint32_t size);
578
583typedef int (*s2n_rand_mix_callback)(void *data, uint32_t size);
584
598S2N_API extern int s2n_rand_set_callbacks(s2n_rand_init_callback rand_init_callback, s2n_rand_cleanup_callback rand_cleanup_callback,
599 s2n_rand_seed_callback rand_seed_callback, s2n_rand_mix_callback rand_mix_callback);
600
604typedef enum {
605 S2N_EXTENSION_SERVER_NAME = 0,
606 S2N_EXTENSION_MAX_FRAG_LEN = 1,
607 S2N_EXTENSION_OCSP_STAPLING = 5,
608 S2N_EXTENSION_SUPPORTED_GROUPS = 10,
609 S2N_EXTENSION_EC_POINT_FORMATS = 11,
610 S2N_EXTENSION_SIGNATURE_ALGORITHMS = 13,
611 S2N_EXTENSION_ALPN = 16,
612 S2N_EXTENSION_CERTIFICATE_TRANSPARENCY = 18,
613 S2N_EXTENSION_SUPPORTED_VERSIONS = 43,
614 S2N_EXTENSION_RENEGOTIATION_INFO = 65281,
616
620typedef enum {
621 S2N_TLS_MAX_FRAG_LEN_512 = 1,
622 S2N_TLS_MAX_FRAG_LEN_1024 = 2,
623 S2N_TLS_MAX_FRAG_LEN_2048 = 3,
624 S2N_TLS_MAX_FRAG_LEN_4096 = 4,
626
630struct s2n_cert;
631
635struct s2n_cert_chain_and_key;
636
640struct s2n_pkey;
641
645typedef struct s2n_pkey s2n_cert_public_key;
646
650typedef struct s2n_pkey s2n_cert_private_key;
651
658S2N_API extern struct s2n_cert_chain_and_key *s2n_cert_chain_and_key_new(void);
659
675S2N_API extern int s2n_cert_chain_and_key_load_pem(struct s2n_cert_chain_and_key *chain_and_key, const char *chain_pem, const char *private_key_pem);
676
692S2N_API extern int s2n_cert_chain_and_key_load_pem_bytes(struct s2n_cert_chain_and_key *chain_and_key, uint8_t *chain_pem, uint32_t chain_pem_len, uint8_t *private_key_pem, uint32_t private_key_pem_len);
693
705S2N_API extern int s2n_cert_chain_and_key_load_public_pem_bytes(struct s2n_cert_chain_and_key *chain_and_key, uint8_t *chain_pem, uint32_t chain_pem_len);
706
713S2N_API extern int s2n_cert_chain_and_key_free(struct s2n_cert_chain_and_key *cert_and_key);
714
722S2N_API extern int s2n_cert_chain_and_key_set_ctx(struct s2n_cert_chain_and_key *cert_and_key, void *ctx);
723
730S2N_API extern void *s2n_cert_chain_and_key_get_ctx(struct s2n_cert_chain_and_key *cert_and_key);
731
738S2N_API extern s2n_cert_private_key *s2n_cert_chain_and_key_get_private_key(struct s2n_cert_chain_and_key *cert_and_key);
739
748S2N_API extern int s2n_cert_chain_and_key_set_ocsp_data(struct s2n_cert_chain_and_key *chain_and_key, const uint8_t *data, uint32_t length);
749
759S2N_API extern int s2n_cert_chain_and_key_set_sct_list(struct s2n_cert_chain_and_key *chain_and_key, const uint8_t *data, uint32_t length);
760
773typedef struct s2n_cert_chain_and_key *(*s2n_cert_tiebreak_callback)(struct s2n_cert_chain_and_key *cert1, struct s2n_cert_chain_and_key *cert2, uint8_t *name, uint32_t name_len);
774
784S2N_API extern int s2n_config_set_cert_tiebreak_callback(struct s2n_config *config, s2n_cert_tiebreak_callback cert_tiebreak_cb);
785
800S2N_API extern int s2n_config_add_cert_chain_and_key(struct s2n_config *config, const char *cert_chain_pem, const char *private_key_pem);
801
819S2N_API extern int s2n_config_add_cert_chain_and_key_to_store(struct s2n_config *config, struct s2n_cert_chain_and_key *cert_key_pair);
820
840S2N_API extern int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config,
841 struct s2n_cert_chain_and_key **cert_key_pairs, uint32_t num_cert_key_pairs);
842
857S2N_API extern int s2n_config_set_verification_ca_location(struct s2n_config *config, const char *ca_pem_filename, const char *ca_dir);
858
870S2N_API extern int s2n_config_add_pem_to_trust_store(struct s2n_config *config, const char *pem);
871
883S2N_API extern int s2n_config_wipe_trust_store(struct s2n_config *config);
884
898S2N_API extern int s2n_config_load_system_certs(struct s2n_config *config);
899
900typedef enum {
901 S2N_VERIFY_AFTER_SIGN_DISABLED,
902 S2N_VERIFY_AFTER_SIGN_ENABLED
903} s2n_verify_after_sign;
904
917S2N_API extern int s2n_config_set_verify_after_sign(struct s2n_config *config, s2n_verify_after_sign mode);
918
941S2N_API extern int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size);
942
960S2N_API extern int s2n_config_set_recv_multi_record(struct s2n_config *config, bool enabled);
961
976typedef uint8_t (*s2n_verify_host_fn)(const char *host_name, size_t host_name_len, void *data);
977
992S2N_API extern int s2n_config_set_verify_host_callback(struct s2n_config *config, s2n_verify_host_fn, void *data);
993
1006S2N_API extern int s2n_config_set_check_stapled_ocsp_response(struct s2n_config *config, uint8_t check_ocsp);
1007
1030S2N_API extern int s2n_config_disable_x509_time_verification(struct s2n_config *config);
1031
1039S2N_API extern int s2n_config_disable_x509_verification(struct s2n_config *config);
1040
1051S2N_API extern int s2n_config_set_max_cert_chain_depth(struct s2n_config *config, uint16_t max_depth);
1052
1061S2N_API extern int s2n_config_add_dhparams(struct s2n_config *config, const char *dhparams_pem);
1062
1069S2N_API extern int s2n_config_set_cipher_preferences(struct s2n_config *config, const char *version);
1070
1080S2N_API extern int s2n_config_append_protocol_preference(struct s2n_config *config, const uint8_t *protocol, uint8_t protocol_len);
1081
1099S2N_API extern int s2n_config_set_protocol_preferences(struct s2n_config *config, const char *const *protocols, int protocol_count);
1100
1106typedef enum {
1107 S2N_STATUS_REQUEST_NONE = 0,
1108 S2N_STATUS_REQUEST_OCSP = 1
1110
1119S2N_API extern int s2n_config_set_status_request_type(struct s2n_config *config, s2n_status_request_type type);
1120
1124typedef enum {
1125 S2N_CT_SUPPORT_NONE = 0,
1126 S2N_CT_SUPPORT_REQUEST = 1
1128
1136S2N_API extern int s2n_config_set_ct_support_level(struct s2n_config *config, s2n_ct_support_level level);
1137
1148typedef enum {
1149 S2N_ALERT_FAIL_ON_WARNINGS = 0,
1150 S2N_ALERT_IGNORE_WARNINGS = 1
1152
1160S2N_API extern int s2n_config_set_alert_behavior(struct s2n_config *config, s2n_alert_behavior alert_behavior);
1161
1175S2N_API extern int s2n_config_set_extension_data(struct s2n_config *config, s2n_tls_extension_type type, const uint8_t *data, uint32_t length);
1176
1190S2N_API extern int s2n_config_send_max_fragment_length(struct s2n_config *config, s2n_max_frag_len mfl_code);
1191
1202S2N_API extern int s2n_config_accept_max_fragment_length(struct s2n_config *config);
1203
1211S2N_API extern int s2n_config_set_session_state_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs);
1212
1220S2N_API extern int s2n_config_set_session_tickets_onoff(struct s2n_config *config, uint8_t enabled);
1221
1232S2N_API extern int s2n_config_set_session_cache_onoff(struct s2n_config *config, uint8_t enabled);
1233
1243S2N_API extern int s2n_config_set_ticket_encrypt_decrypt_key_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs);
1244
1255S2N_API extern int s2n_config_set_ticket_decrypt_key_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs);
1256
1270S2N_API extern int s2n_config_add_ticket_crypto_key(struct s2n_config *config, const uint8_t *name, uint32_t name_len,
1271 uint8_t *key, uint32_t key_len, uint64_t intro_time_in_seconds_from_epoch);
1279S2N_API extern int s2n_config_set_ctx(struct s2n_config *config, void *ctx);
1280
1289S2N_API extern int s2n_config_get_ctx(struct s2n_config *config, void **ctx);
1290
1294typedef enum {
1295 S2N_SERVER,
1296 S2N_CLIENT
1297} s2n_mode;
1298
1315S2N_API extern struct s2n_connection *s2n_connection_new(s2n_mode mode);
1316
1324S2N_API extern int s2n_connection_set_config(struct s2n_connection *conn, struct s2n_config *config);
1325
1333S2N_API extern int s2n_connection_set_ctx(struct s2n_connection *conn, void *ctx);
1334
1340S2N_API extern void *s2n_connection_get_ctx(struct s2n_connection *conn);
1341
1348typedef int s2n_client_hello_fn(struct s2n_connection *conn, void *ctx);
1349
1357typedef enum {
1358 S2N_CLIENT_HELLO_CB_BLOCKING,
1359 S2N_CLIENT_HELLO_CB_NONBLOCKING
1361
1370S2N_API extern int s2n_config_set_client_hello_cb(struct s2n_config *config, s2n_client_hello_fn client_hello_callback, void *ctx);
1371
1381S2N_API extern int s2n_config_set_client_hello_cb_mode(struct s2n_config *config, s2n_client_hello_cb_mode cb_mode);
1382
1390S2N_API extern int s2n_client_hello_cb_done(struct s2n_connection *conn);
1391
1399S2N_API extern int s2n_connection_server_name_extension_used(struct s2n_connection *conn);
1400
1404struct s2n_client_hello;
1405
1415S2N_API extern struct s2n_client_hello *s2n_connection_get_client_hello(struct s2n_connection *conn);
1416
1432S2N_API extern struct s2n_client_hello *s2n_client_hello_parse_message(const uint8_t *bytes, uint32_t size);
1433
1444S2N_API extern int s2n_client_hello_free(struct s2n_client_hello **ch);
1445
1455S2N_API extern ssize_t s2n_client_hello_get_raw_message_length(struct s2n_client_hello *ch);
1456
1476S2N_API extern ssize_t s2n_client_hello_get_raw_message(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length);
1477
1485S2N_API extern ssize_t s2n_client_hello_get_cipher_suites_length(struct s2n_client_hello *ch);
1486
1500S2N_API extern ssize_t s2n_client_hello_get_cipher_suites(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length);
1501
1509S2N_API extern ssize_t s2n_client_hello_get_extensions_length(struct s2n_client_hello *ch);
1510
1519S2N_API extern ssize_t s2n_client_hello_get_extensions(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length);
1520
1529S2N_API extern ssize_t s2n_client_hello_get_extension_length(struct s2n_client_hello *ch, s2n_tls_extension_type extension_type);
1530
1542S2N_API extern ssize_t s2n_client_hello_get_extension_by_id(struct s2n_client_hello *ch, s2n_tls_extension_type extension_type, uint8_t *out, uint32_t max_length);
1543
1553S2N_API extern int s2n_client_hello_has_extension(struct s2n_client_hello *ch, uint16_t extension_iana, bool *exists);
1554
1564S2N_API extern int s2n_client_hello_get_session_id_length(struct s2n_client_hello *ch, uint32_t *out_length);
1565
1581S2N_API extern int s2n_client_hello_get_session_id(struct s2n_client_hello *ch, uint8_t *out, uint32_t *out_length, uint32_t max_length);
1582
1590S2N_API extern int s2n_client_hello_get_compression_methods_length(struct s2n_client_hello *ch, uint32_t *out_length);
1591
1610S2N_API extern int s2n_client_hello_get_compression_methods(struct s2n_client_hello *ch, uint8_t *list, uint32_t list_length, uint32_t *out_length);
1611
1622S2N_API extern int s2n_client_hello_get_legacy_protocol_version(struct s2n_client_hello *ch, uint8_t *out);
1623
1646S2N_API extern int s2n_client_hello_get_supported_groups(struct s2n_client_hello *ch, uint16_t *groups,
1647 uint16_t groups_count_max, uint16_t *groups_count);
1648
1655S2N_API extern int s2n_client_hello_get_server_name_length(struct s2n_client_hello *ch, uint16_t *length);
1656
1667S2N_API extern int s2n_client_hello_get_server_name(struct s2n_client_hello *ch, uint8_t *server_name, uint16_t length, uint16_t *out_length);
1668
1680S2N_API extern int s2n_connection_set_fd(struct s2n_connection *conn, int fd);
1681
1693S2N_API extern int s2n_connection_set_read_fd(struct s2n_connection *conn, int readfd);
1694
1703S2N_API extern int s2n_connection_set_write_fd(struct s2n_connection *conn, int writefd);
1704
1712S2N_API extern int s2n_connection_get_read_fd(struct s2n_connection *conn, int *readfd);
1713
1721S2N_API extern int s2n_connection_get_write_fd(struct s2n_connection *conn, int *writefd);
1722
1731S2N_API extern int s2n_connection_use_corked_io(struct s2n_connection *conn);
1732
1736typedef int s2n_recv_fn(void *io_context, uint8_t *buf, uint32_t len);
1737
1741typedef int s2n_send_fn(void *io_context, const uint8_t *buf, uint32_t len);
1742
1753S2N_API extern int s2n_connection_set_recv_ctx(struct s2n_connection *conn, void *ctx);
1754
1765S2N_API extern int s2n_connection_set_send_ctx(struct s2n_connection *conn, void *ctx);
1766
1778S2N_API extern int s2n_connection_set_recv_cb(struct s2n_connection *conn, s2n_recv_fn recv);
1779
1791S2N_API extern int s2n_connection_set_send_cb(struct s2n_connection *conn, s2n_send_fn send);
1792
1802S2N_API extern int s2n_connection_prefer_throughput(struct s2n_connection *conn);
1803
1813S2N_API extern int s2n_connection_prefer_low_latency(struct s2n_connection *conn);
1814
1826S2N_API extern int s2n_connection_set_dynamic_buffers(struct s2n_connection *conn, bool enabled);
1827
1844S2N_API extern int s2n_connection_set_dynamic_record_threshold(struct s2n_connection *conn, uint32_t resize_threshold, uint16_t timeout_threshold);
1845
1859S2N_API extern int s2n_connection_set_verify_host_callback(struct s2n_connection *conn, s2n_verify_host_fn host_fn, void *data);
1860
1874typedef enum {
1875 S2N_BUILT_IN_BLINDING,
1876 S2N_SELF_SERVICE_BLINDING
1877} s2n_blinding;
1878
1887S2N_API extern int s2n_connection_set_blinding(struct s2n_connection *conn, s2n_blinding blinding);
1888
1894S2N_API extern uint64_t s2n_connection_get_delay(struct s2n_connection *conn);
1895
1904S2N_API extern int s2n_connection_set_cipher_preferences(struct s2n_connection *conn, const char *version);
1905
1910typedef enum {
1911 S2N_KEY_UPDATE_NOT_REQUESTED = 0,
1912 S2N_KEY_UPDATE_REQUESTED
1914
1929S2N_API extern int s2n_connection_request_key_update(struct s2n_connection *conn, s2n_peer_key_update peer_request);
1940S2N_API extern int s2n_connection_append_protocol_preference(struct s2n_connection *conn, const uint8_t *protocol, uint8_t protocol_len);
1941
1951S2N_API extern int s2n_connection_set_protocol_preferences(struct s2n_connection *conn, const char *const *protocols, int protocol_count);
1952
1972S2N_API extern int s2n_set_server_name(struct s2n_connection *conn, const char *server_name);
1973
1983S2N_API extern const char *s2n_get_server_name(struct s2n_connection *conn);
1984
1991S2N_API extern const char *s2n_get_application_protocol(struct s2n_connection *conn);
1992
2000S2N_API extern const uint8_t *s2n_connection_get_ocsp_response(struct s2n_connection *conn, uint32_t *length);
2001
2009S2N_API extern const uint8_t *s2n_connection_get_sct_list(struct s2n_connection *conn, uint32_t *length);
2010
2016typedef enum {
2017 S2N_NOT_BLOCKED = 0,
2018 S2N_BLOCKED_ON_READ,
2019 S2N_BLOCKED_ON_WRITE,
2020 S2N_BLOCKED_ON_APPLICATION_INPUT,
2021 S2N_BLOCKED_ON_EARLY_DATA,
2023
2039S2N_API extern int s2n_negotiate(struct s2n_connection *conn, s2n_blocked_status *blocked);
2040
2058S2N_API extern ssize_t s2n_send(struct s2n_connection *conn, const void *buf, ssize_t size, s2n_blocked_status *blocked);
2059
2071S2N_API extern ssize_t s2n_sendv(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, s2n_blocked_status *blocked);
2072
2090S2N_API extern ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, ssize_t offs, s2n_blocked_status *blocked);
2091
2107S2N_API extern ssize_t s2n_recv(struct s2n_connection *conn, void *buf, ssize_t size, s2n_blocked_status *blocked);
2108
2120S2N_API extern uint32_t s2n_peek(struct s2n_connection *conn);
2121
2130S2N_API extern int s2n_connection_free_handshake(struct s2n_connection *conn);
2131
2141S2N_API extern int s2n_connection_release_buffers(struct s2n_connection *conn);
2142
2153S2N_API extern int s2n_connection_wipe(struct s2n_connection *conn);
2154
2164S2N_API extern int s2n_connection_free(struct s2n_connection *conn);
2165
2181S2N_API extern int s2n_shutdown(struct s2n_connection *conn, s2n_blocked_status *blocked);
2182
2209S2N_API extern int s2n_shutdown_send(struct s2n_connection *conn, s2n_blocked_status *blocked);
2210
2216typedef enum {
2217 S2N_CERT_AUTH_NONE,
2218 S2N_CERT_AUTH_REQUIRED,
2219 S2N_CERT_AUTH_OPTIONAL
2221
2229S2N_API extern int s2n_config_get_client_auth_type(struct s2n_config *config, s2n_cert_auth_type *client_auth_type);
2230
2241S2N_API extern int s2n_config_set_client_auth_type(struct s2n_config *config, s2n_cert_auth_type client_auth_type);
2242
2250S2N_API extern int s2n_connection_get_client_auth_type(struct s2n_connection *conn, s2n_cert_auth_type *client_auth_type);
2251
2262S2N_API extern int s2n_connection_set_client_auth_type(struct s2n_connection *conn, s2n_cert_auth_type client_auth_type);
2263
2279S2N_API extern int s2n_connection_get_client_cert_chain(struct s2n_connection *conn, uint8_t **der_cert_chain_out, uint32_t *cert_chain_len);
2280
2288S2N_API extern int s2n_config_set_initial_ticket_count(struct s2n_config *config, uint8_t num);
2289
2297S2N_API extern int s2n_connection_add_new_tickets_to_send(struct s2n_connection *conn, uint8_t num);
2298
2311S2N_API extern int s2n_connection_get_tickets_sent(struct s2n_connection *conn, uint16_t *num);
2312
2321S2N_API extern int s2n_connection_set_server_keying_material_lifetime(struct s2n_connection *conn, uint32_t lifetime_in_secs);
2322
2323struct s2n_session_ticket;
2324
2339typedef int (*s2n_session_ticket_fn)(struct s2n_connection *conn, void *ctx, struct s2n_session_ticket *ticket);
2340
2353S2N_API extern int s2n_config_set_session_ticket_cb(struct s2n_config *config, s2n_session_ticket_fn callback, void *ctx);
2354
2361S2N_API extern int s2n_session_ticket_get_data_len(struct s2n_session_ticket *ticket, size_t *data_len);
2362
2374S2N_API extern int s2n_session_ticket_get_data(struct s2n_session_ticket *ticket, size_t max_data_len, uint8_t *data);
2375
2382S2N_API extern int s2n_session_ticket_get_lifetime(struct s2n_session_ticket *ticket, uint32_t *session_lifetime);
2383
2396S2N_API extern int s2n_connection_set_session(struct s2n_connection *conn, const uint8_t *session, size_t length);
2397
2411S2N_API extern int s2n_connection_get_session(struct s2n_connection *conn, uint8_t *session, size_t max_length);
2412
2424S2N_API extern int s2n_connection_get_session_ticket_lifetime_hint(struct s2n_connection *conn);
2425
2433S2N_API extern int s2n_connection_get_session_length(struct s2n_connection *conn);
2434
2444S2N_API extern int s2n_connection_get_session_id_length(struct s2n_connection *conn);
2445
2459S2N_API extern int s2n_connection_get_session_id(struct s2n_connection *conn, uint8_t *session_id, size_t max_length);
2460
2468S2N_API extern int s2n_connection_is_session_resumed(struct s2n_connection *conn);
2469
2477S2N_API extern int s2n_connection_is_ocsp_stapled(struct s2n_connection *conn);
2478
2483typedef enum {
2484 S2N_TLS_SIGNATURE_ANONYMOUS = 0,
2485 S2N_TLS_SIGNATURE_RSA = 1,
2486 S2N_TLS_SIGNATURE_ECDSA = 3,
2487
2488 /* Use Private Range for RSA PSS since it's not defined there */
2489 S2N_TLS_SIGNATURE_RSA_PSS_RSAE = 224,
2490 S2N_TLS_SIGNATURE_RSA_PSS_PSS
2492
2496typedef enum {
2497 S2N_TLS_HASH_NONE = 0,
2498 S2N_TLS_HASH_MD5 = 1,
2499 S2N_TLS_HASH_SHA1 = 2,
2500 S2N_TLS_HASH_SHA224 = 3,
2501 S2N_TLS_HASH_SHA256 = 4,
2502 S2N_TLS_HASH_SHA384 = 5,
2503 S2N_TLS_HASH_SHA512 = 6,
2504
2505 /* Use Private Range for MD5_SHA1 */
2506 S2N_TLS_HASH_MD5_SHA1 = 224
2508
2518
2527S2N_API extern int s2n_connection_get_selected_digest_algorithm(struct s2n_connection *conn, s2n_tls_hash_algorithm *chosen_alg);
2528
2538
2548
2562S2N_API extern struct s2n_cert_chain_and_key *s2n_connection_get_selected_cert(struct s2n_connection *conn);
2563
2569S2N_API extern int s2n_cert_chain_get_length(const struct s2n_cert_chain_and_key *chain_and_key, uint32_t *cert_length);
2570
2589S2N_API extern int s2n_cert_chain_get_cert(const struct s2n_cert_chain_and_key *chain_and_key, struct s2n_cert **out_cert, const uint32_t cert_idx);
2590
2616S2N_API extern int s2n_cert_get_der(const struct s2n_cert *cert, const uint8_t **out_cert_der, uint32_t *cert_length);
2617
2628S2N_API extern int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn, struct s2n_cert_chain_and_key *cert_chain);
2629
2637S2N_API extern int s2n_cert_get_x509_extension_value_length(struct s2n_cert *cert, const uint8_t *oid, uint32_t *ext_value_len);
2638
2650S2N_API extern int s2n_cert_get_x509_extension_value(struct s2n_cert *cert, const uint8_t *oid, uint8_t *ext_value, uint32_t *ext_value_len, bool *critical);
2651
2659S2N_API extern int s2n_cert_get_utf8_string_from_extension_data_length(const uint8_t *extension_data, uint32_t extension_len, uint32_t *utf8_str_len);
2660
2672S2N_API extern int s2n_cert_get_utf8_string_from_extension_data(const uint8_t *extension_data, uint32_t extension_len, uint8_t *out_data, uint32_t *out_len);
2673
2677typedef enum {
2678 S2N_PSK_HMAC_SHA256,
2679 S2N_PSK_HMAC_SHA384,
2680} s2n_psk_hmac;
2681
2685struct s2n_psk;
2686
2695S2N_API struct s2n_psk *s2n_external_psk_new(void);
2696
2702S2N_API int s2n_psk_free(struct s2n_psk **psk);
2703
2721S2N_API int s2n_psk_set_identity(struct s2n_psk *psk, const uint8_t *identity, uint16_t identity_size);
2722
2739S2N_API int s2n_psk_set_secret(struct s2n_psk *psk, const uint8_t *secret, uint16_t secret_size);
2740
2748S2N_API int s2n_psk_set_hmac(struct s2n_psk *psk, s2n_psk_hmac hmac);
2749
2759S2N_API int s2n_connection_append_psk(struct s2n_connection *conn, struct s2n_psk *psk);
2760
2767typedef enum {
2768 S2N_PSK_MODE_RESUMPTION,
2769 S2N_PSK_MODE_EXTERNAL
2770} s2n_psk_mode;
2771
2779S2N_API int s2n_config_set_psk_mode(struct s2n_config *config, s2n_psk_mode mode);
2780
2789S2N_API int s2n_connection_set_psk_mode(struct s2n_connection *conn, s2n_psk_mode mode);
2790
2802S2N_API int s2n_connection_get_negotiated_psk_identity_length(struct s2n_connection *conn, uint16_t *identity_length);
2803
2820S2N_API int s2n_connection_get_negotiated_psk_identity(struct s2n_connection *conn, uint8_t *identity, uint16_t max_identity_length);
2821
2822struct s2n_offered_psk;
2823
2834S2N_API struct s2n_offered_psk *s2n_offered_psk_new(void);
2835
2841S2N_API int s2n_offered_psk_free(struct s2n_offered_psk **psk);
2842
2850S2N_API int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t **identity, uint16_t *size);
2851
2852struct s2n_offered_psk_list;
2853
2866S2N_API bool s2n_offered_psk_list_has_next(struct s2n_offered_psk_list *psk_list);
2867
2875S2N_API int s2n_offered_psk_list_next(struct s2n_offered_psk_list *psk_list, struct s2n_offered_psk *psk);
2876
2885S2N_API int s2n_offered_psk_list_reread(struct s2n_offered_psk_list *psk_list);
2886
2898S2N_API int s2n_offered_psk_list_choose_psk(struct s2n_offered_psk_list *psk_list, struct s2n_offered_psk *psk);
2899
2914typedef int (*s2n_psk_selection_callback)(struct s2n_connection *conn, void *context,
2915 struct s2n_offered_psk_list *psk_list);
2916
2926S2N_API int s2n_config_set_psk_selection_callback(struct s2n_config *config, s2n_psk_selection_callback cb, void *context);
2927
2934S2N_API extern uint64_t s2n_connection_get_wire_bytes_in(struct s2n_connection *conn);
2935
2942S2N_API extern uint64_t s2n_connection_get_wire_bytes_out(struct s2n_connection *conn);
2943
2953S2N_API extern int s2n_connection_get_client_protocol_version(struct s2n_connection *conn);
2954
2964S2N_API extern int s2n_connection_get_server_protocol_version(struct s2n_connection *conn);
2965
2975S2N_API extern int s2n_connection_get_actual_protocol_version(struct s2n_connection *conn);
2976
2986S2N_API extern int s2n_connection_get_client_hello_version(struct s2n_connection *conn);
2987
2999S2N_API extern int s2n_client_hello_get_legacy_record_version(struct s2n_client_hello *ch, uint8_t *out);
3000
3008S2N_API extern int s2n_connection_client_cert_used(struct s2n_connection *conn);
3009
3023S2N_API extern const char *s2n_connection_get_cipher(struct s2n_connection *conn);
3024
3054S2N_API extern int s2n_connection_get_master_secret(const struct s2n_connection *conn,
3055 uint8_t *secret_bytes, size_t max_size);
3056
3067S2N_API extern int s2n_connection_tls_exporter(struct s2n_connection *conn,
3068 const uint8_t *label, uint32_t label_length, const uint8_t *context, uint32_t context_length,
3069 uint8_t *output, uint32_t output_length);
3070
3086S2N_API extern int s2n_connection_get_cipher_iana_value(struct s2n_connection *conn, uint8_t *first, uint8_t *second);
3087
3095S2N_API extern int s2n_connection_is_valid_for_cipher_preferences(struct s2n_connection *conn, const char *version);
3096
3103S2N_API extern const char *s2n_connection_get_curve(struct s2n_connection *conn);
3104
3111S2N_API extern const char *s2n_connection_get_kem_name(struct s2n_connection *conn);
3112
3119S2N_API extern const char *s2n_connection_get_kem_group_name(struct s2n_connection *conn);
3120
3128S2N_API extern int s2n_connection_get_alert(struct s2n_connection *conn);
3129
3136S2N_API extern const char *s2n_connection_get_handshake_type_name(struct s2n_connection *conn);
3137
3143S2N_API extern const char *s2n_connection_get_last_message_name(struct s2n_connection *conn);
3144
3148struct s2n_async_pkey_op;
3149
3158typedef enum {
3159 S2N_ASYNC_PKEY_VALIDATION_FAST,
3160 S2N_ASYNC_PKEY_VALIDATION_STRICT
3162
3166typedef enum {
3167 S2N_ASYNC_DECRYPT,
3168 S2N_ASYNC_SIGN
3170
3183typedef int (*s2n_async_pkey_fn)(struct s2n_connection *conn, struct s2n_async_pkey_op *op);
3184
3191S2N_API extern int s2n_config_set_async_pkey_callback(struct s2n_config *config, s2n_async_pkey_fn fn);
3192
3205S2N_API extern int s2n_async_pkey_op_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *key);
3206
3220S2N_API extern int s2n_async_pkey_op_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn);
3221
3231S2N_API extern int s2n_async_pkey_op_free(struct s2n_async_pkey_op *op);
3232
3241
3248S2N_API extern int s2n_async_pkey_op_get_op_type(struct s2n_async_pkey_op *op, s2n_async_pkey_op_type *type);
3249
3256S2N_API extern int s2n_async_pkey_op_get_input_size(struct s2n_async_pkey_op *op, uint32_t *data_len);
3257
3274S2N_API extern int s2n_async_pkey_op_get_input(struct s2n_async_pkey_op *op, uint8_t *data, uint32_t data_len);
3275
3287S2N_API extern int s2n_async_pkey_op_set_output(struct s2n_async_pkey_op *op, const uint8_t *data, uint32_t data_len);
3288
3308typedef int (*s2n_key_log_fn)(void *ctx, struct s2n_connection *conn, uint8_t *logline, size_t len);
3309
3327S2N_API extern int s2n_config_set_key_log_cb(struct s2n_config *config, s2n_key_log_fn callback, void *ctx);
3328
3335S2N_API extern int s2n_config_enable_cert_req_dss_legacy_compat(struct s2n_config *config);
3336
3347S2N_API int s2n_config_set_server_max_early_data_size(struct s2n_config *config, uint32_t max_early_data_size);
3348
3359S2N_API int s2n_connection_set_server_max_early_data_size(struct s2n_connection *conn, uint32_t max_early_data_size);
3360
3376S2N_API int s2n_connection_set_server_early_data_context(struct s2n_connection *conn, const uint8_t *context, uint16_t context_size);
3377
3393S2N_API int s2n_psk_configure_early_data(struct s2n_psk *psk, uint32_t max_early_data_size,
3394 uint8_t cipher_suite_first_byte, uint8_t cipher_suite_second_byte);
3395
3407S2N_API int s2n_psk_set_application_protocol(struct s2n_psk *psk, const uint8_t *application_protocol, uint8_t size);
3408
3420S2N_API int s2n_psk_set_early_data_context(struct s2n_psk *psk, const uint8_t *context, uint16_t size);
3421
3431typedef enum {
3432 S2N_EARLY_DATA_STATUS_OK,
3433 S2N_EARLY_DATA_STATUS_NOT_REQUESTED,
3434 S2N_EARLY_DATA_STATUS_REJECTED,
3435 S2N_EARLY_DATA_STATUS_END,
3437
3448
3460S2N_API int s2n_connection_get_remaining_early_data_size(struct s2n_connection *conn, uint32_t *allowed_early_data_size);
3461
3473S2N_API int s2n_connection_get_max_early_data_size(struct s2n_connection *conn, uint32_t *max_early_data_size);
3474
3489S2N_API int s2n_send_early_data(struct s2n_connection *conn, const uint8_t *data, ssize_t data_len,
3490 ssize_t *data_sent, s2n_blocked_status *blocked);
3491
3506S2N_API int s2n_recv_early_data(struct s2n_connection *conn, uint8_t *data, ssize_t max_data_len,
3507 ssize_t *data_received, s2n_blocked_status *blocked);
3508
3509struct s2n_offered_early_data;
3510
3528typedef int (*s2n_early_data_cb)(struct s2n_connection *conn, struct s2n_offered_early_data *early_data);
3529
3537S2N_API int s2n_config_set_early_data_cb(struct s2n_config *config, s2n_early_data_cb cb);
3538
3546S2N_API int s2n_offered_early_data_get_context_length(struct s2n_offered_early_data *early_data, uint16_t *context_len);
3547
3556S2N_API int s2n_offered_early_data_get_context(struct s2n_offered_early_data *early_data, uint8_t *context, uint16_t max_len);
3557
3564S2N_API int s2n_offered_early_data_reject(struct s2n_offered_early_data *early_data);
3565
3572S2N_API int s2n_offered_early_data_accept(struct s2n_offered_early_data *early_data);
3573
3599S2N_API int s2n_config_get_supported_groups(struct s2n_config *config, uint16_t *groups, uint16_t groups_count_max,
3600 uint16_t *groups_count);
3601
3602#ifdef __cplusplus
3603}
3604#endif
S2N_API int s2n_config_set_session_state_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs)
S2N_API int s2n_connection_append_psk(struct s2n_connection *conn, struct s2n_psk *psk)
S2N_API int s2n_async_pkey_op_get_input(struct s2n_async_pkey_op *op, uint8_t *data, uint32_t data_len)
struct s2n_cert_chain_and_key *(* s2n_cert_tiebreak_callback)(struct s2n_cert_chain_and_key *cert1, struct s2n_cert_chain_and_key *cert2, uint8_t *name, uint32_t name_len)
Definition: s2n.h:773
int s2n_client_hello_fn(struct s2n_connection *conn, void *ctx)
Definition: s2n.h:1348
S2N_API int s2n_psk_set_early_data_context(struct s2n_psk *psk, const uint8_t *context, uint16_t size)
S2N_API int s2n_offered_early_data_get_context(struct s2n_offered_early_data *early_data, uint8_t *context, uint16_t max_len)
S2N_API int s2n_config_set_verify_host_callback(struct s2n_config *config, s2n_verify_host_fn, void *data)
s2n_tls_hash_algorithm
Definition: s2n.h:2496
S2N_API int s2n_config_set_cert_tiebreak_callback(struct s2n_config *config, s2n_cert_tiebreak_callback cert_tiebreak_cb)
S2N_API int s2n_config_set_cache_retrieve_callback(struct s2n_config *config, s2n_cache_retrieve_callback cache_retrieve_callback, void *data)
S2N_API int s2n_connection_get_negotiated_psk_identity(struct s2n_connection *conn, uint8_t *identity, uint16_t max_identity_length)
int s2n_recv_fn(void *io_context, uint8_t *buf, uint32_t len)
Definition: s2n.h:1736
S2N_API int s2n_connection_add_new_tickets_to_send(struct s2n_connection *conn, uint8_t num)
int(* s2n_clock_time_nanoseconds)(void *, uint64_t *)
Definition: s2n.h:325
S2N_API int s2n_config_set_key_log_cb(struct s2n_config *config, s2n_key_log_fn callback, void *ctx)
S2N_API int s2n_connection_free_handshake(struct s2n_connection *conn)
S2N_API int s2n_config_set_client_hello_cb_mode(struct s2n_config *config, s2n_client_hello_cb_mode cb_mode)
S2N_API int s2n_cert_chain_and_key_load_public_pem_bytes(struct s2n_cert_chain_and_key *chain_and_key, uint8_t *chain_pem, uint32_t chain_pem_len)
S2N_API int s2n_config_send_max_fragment_length(struct s2n_config *config, s2n_max_frag_len mfl_code)
S2N_API int s2n_offered_psk_get_identity(struct s2n_offered_psk *psk, uint8_t **identity, uint16_t *size)
S2N_API int s2n_recv_early_data(struct s2n_connection *conn, uint8_t *data, ssize_t max_data_len, ssize_t *data_received, s2n_blocked_status *blocked)
S2N_API const char * s2n_strerror_name(int error)
S2N_API int s2n_connection_prefer_throughput(struct s2n_connection *conn)
S2N_API uint64_t s2n_connection_get_wire_bytes_out(struct s2n_connection *conn)
S2N_API int s2n_client_hello_get_server_name(struct s2n_client_hello *ch, uint8_t *server_name, uint16_t length, uint16_t *out_length)
S2N_API int s2n_connection_get_selected_digest_algorithm(struct s2n_connection *conn, s2n_tls_hash_algorithm *chosen_alg)
S2N_API int s2n_connection_get_read_fd(struct s2n_connection *conn, int *readfd)
s2n_max_frag_len
Definition: s2n.h:620
S2N_API struct s2n_offered_psk * s2n_offered_psk_new(void)
S2N_API ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, ssize_t offs, s2n_blocked_status *blocked)
S2N_API uint32_t s2n_peek(struct s2n_connection *conn)
S2N_API int s2n_client_hello_has_extension(struct s2n_client_hello *ch, uint16_t extension_iana, bool *exists)
S2N_API const char * s2n_connection_get_kem_group_name(struct s2n_connection *conn)
S2N_API int s2n_connection_append_protocol_preference(struct s2n_connection *conn, const uint8_t *protocol, uint8_t protocol_len)
S2N_API int s2n_config_accept_max_fragment_length(struct s2n_config *config)
S2N_API int s2n_send_early_data(struct s2n_connection *conn, const uint8_t *data, ssize_t data_len, ssize_t *data_sent, s2n_blocked_status *blocked)
S2N_API int s2n_config_add_pem_to_trust_store(struct s2n_config *config, const char *pem)
S2N_API int s2n_connection_set_protocol_preferences(struct s2n_connection *conn, const char *const *protocols, int protocol_count)
S2N_API bool s2n_offered_psk_list_has_next(struct s2n_offered_psk_list *psk_list)
S2N_API int s2n_config_set_psk_mode(struct s2n_config *config, s2n_psk_mode mode)
S2N_API int s2n_psk_configure_early_data(struct s2n_psk *psk, uint32_t max_early_data_size, uint8_t cipher_suite_first_byte, uint8_t cipher_suite_second_byte)
S2N_API int s2n_config_enable_cert_req_dss_legacy_compat(struct s2n_config *config)
S2N_API int s2n_config_get_client_auth_type(struct s2n_config *config, s2n_cert_auth_type *client_auth_type)
S2N_API int s2n_config_set_extension_data(struct s2n_config *config, s2n_tls_extension_type type, const uint8_t *data, uint32_t length)
S2N_API const char * s2n_get_server_name(struct s2n_connection *conn)
S2N_API int s2n_offered_early_data_reject(struct s2n_offered_early_data *early_data)
S2N_API int s2n_connection_get_session_id(struct s2n_connection *conn, uint8_t *session_id, size_t max_length)
S2N_API int s2n_connection_client_cert_used(struct s2n_connection *conn)
S2N_API __thread int s2n_errno
S2N_API int s2n_config_set_async_pkey_callback(struct s2n_config *config, s2n_async_pkey_fn fn)
S2N_API int s2n_config_append_protocol_preference(struct s2n_config *config, const uint8_t *protocol, uint8_t protocol_len)
int(* s2n_async_pkey_fn)(struct s2n_connection *conn, struct s2n_async_pkey_op *op)
Definition: s2n.h:3183
S2N_API int s2n_config_set_cert_chain_and_key_defaults(struct s2n_config *config, struct s2n_cert_chain_and_key **cert_key_pairs, uint32_t num_cert_key_pairs)
S2N_API int s2n_connection_get_selected_client_cert_digest_algorithm(struct s2n_connection *conn, s2n_tls_hash_algorithm *chosen_alg)
S2N_API int s2n_cert_chain_get_length(const struct s2n_cert_chain_and_key *chain_and_key, uint32_t *cert_length)
s2n_blinding
Definition: s2n.h:1874
S2N_API int s2n_connection_get_selected_signature_algorithm(struct s2n_connection *conn, s2n_tls_signature_algorithm *chosen_alg)
S2N_API int s2n_print_stacktrace(FILE *fptr)
S2N_API int s2n_connection_set_server_keying_material_lifetime(struct s2n_connection *conn, uint32_t lifetime_in_secs)
int(* s2n_psk_selection_callback)(struct s2n_connection *conn, void *context, struct s2n_offered_psk_list *psk_list)
Definition: s2n.h:2914
S2N_API int s2n_config_set_status_request_type(struct s2n_config *config, s2n_status_request_type type)
S2N_API uint64_t s2n_connection_get_wire_bytes_in(struct s2n_connection *conn)
S2N_API int s2n_psk_set_application_protocol(struct s2n_psk *psk, const uint8_t *application_protocol, uint8_t size)
S2N_API int s2n_config_set_cipher_preferences(struct s2n_config *config, const char *version)
s2n_async_pkey_validation_mode
Definition: s2n.h:3158
S2N_API ssize_t s2n_recv(struct s2n_connection *conn, void *buf, ssize_t size, s2n_blocked_status *blocked)
S2N_API struct s2n_cert_chain_and_key * s2n_cert_chain_and_key_new(void)
s2n_psk_mode
Definition: s2n.h:2767
S2N_API int s2n_config_load_system_certs(struct s2n_config *config)
S2N_API int s2n_async_pkey_op_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn)
S2N_API int s2n_config_free(struct s2n_config *config)
S2N_API int s2n_connection_get_negotiated_psk_identity_length(struct s2n_connection *conn, uint16_t *identity_length)
S2N_API int s2n_init(void)
s2n_error_type
Definition: s2n.h:147
@ S2N_ERR_T_OK
Definition: s2n.h:149
@ S2N_ERR_T_CLOSED
Definition: s2n.h:153
@ S2N_ERR_T_USAGE
Definition: s2n.h:163
@ S2N_ERR_T_ALERT
Definition: s2n.h:157
@ S2N_ERR_T_INTERNAL
Definition: s2n.h:161
@ S2N_ERR_T_IO
Definition: s2n.h:151
@ S2N_ERR_T_BLOCKED
Definition: s2n.h:155
@ S2N_ERR_T_PROTO
Definition: s2n.h:159
S2N_API int s2n_connection_get_selected_client_cert_signature_algorithm(struct s2n_connection *conn, s2n_tls_signature_algorithm *chosen_alg)
S2N_API int s2n_client_hello_get_server_name_length(struct s2n_client_hello *ch, uint16_t *length)
S2N_API int s2n_config_set_wall_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx)
S2N_API int s2n_connection_set_send_ctx(struct s2n_connection *conn, void *ctx)
S2N_API int s2n_psk_set_hmac(struct s2n_psk *psk, s2n_psk_hmac hmac)
int(* s2n_key_log_fn)(void *ctx, struct s2n_connection *conn, uint8_t *logline, size_t len)
Definition: s2n.h:3308
S2N_API int s2n_cert_chain_and_key_set_ctx(struct s2n_cert_chain_and_key *cert_and_key, void *ctx)
int(* s2n_rand_mix_callback)(void *data, uint32_t size)
Definition: s2n.h:583
S2N_API int s2n_connection_set_send_cb(struct s2n_connection *conn, s2n_send_fn send)
S2N_API ssize_t s2n_client_hello_get_raw_message_length(struct s2n_client_hello *ch)
S2N_API int s2n_config_set_initial_ticket_count(struct s2n_config *config, uint8_t num)
S2N_API s2n_cert_private_key * s2n_cert_chain_and_key_get_private_key(struct s2n_cert_chain_and_key *cert_and_key)
S2N_API int s2n_connection_set_dynamic_buffers(struct s2n_connection *conn, bool enabled)
S2N_API int s2n_cert_chain_and_key_load_pem_bytes(struct s2n_cert_chain_and_key *chain_and_key, uint8_t *chain_pem, uint32_t chain_pem_len, uint8_t *private_key_pem, uint32_t private_key_pem_len)
S2N_API int s2n_config_set_ticket_encrypt_decrypt_key_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs)
S2N_API int s2n_connection_get_alert(struct s2n_connection *conn)
S2N_API void * s2n_cert_chain_and_key_get_ctx(struct s2n_cert_chain_and_key *cert_and_key)
S2N_API int s2n_connection_get_tickets_sent(struct s2n_connection *conn, uint16_t *num)
int(* s2n_cache_retrieve_callback)(struct s2n_connection *conn, void *, const void *key, uint64_t key_size, void *value, uint64_t *value_size)
Definition: s2n.h:347
S2N_API const char * s2n_strerror(int error, const char *lang)
S2N_API struct s2n_connection * s2n_connection_new(s2n_mode mode)
S2N_API int s2n_config_set_alert_behavior(struct s2n_config *config, s2n_alert_behavior alert_behavior)
S2N_API int s2n_config_set_ticket_decrypt_key_lifetime(struct s2n_config *config, uint64_t lifetime_in_secs)
S2N_API int s2n_config_free_dhparams(struct s2n_config *config)
S2N_API int s2n_session_ticket_get_lifetime(struct s2n_session_ticket *ticket, uint32_t *session_lifetime)
S2N_API ssize_t s2n_client_hello_get_extension_by_id(struct s2n_client_hello *ch, s2n_tls_extension_type extension_type, uint8_t *out, uint32_t max_length)
S2N_API int s2n_offered_psk_list_choose_psk(struct s2n_offered_psk_list *psk_list, struct s2n_offered_psk *psk)
S2N_API const char * s2n_connection_get_kem_name(struct s2n_connection *conn)
S2N_API const uint8_t * s2n_connection_get_sct_list(struct s2n_connection *conn, uint32_t *length)
S2N_API int s2n_connection_get_client_cert_chain(struct s2n_connection *conn, uint8_t **der_cert_chain_out, uint32_t *cert_chain_len)
S2N_API int s2n_config_add_cert_chain_and_key(struct s2n_config *config, const char *cert_chain_pem, const char *private_key_pem)
S2N_API int s2n_config_set_ct_support_level(struct s2n_config *config, s2n_ct_support_level level)
S2N_API int s2n_connection_set_server_max_early_data_size(struct s2n_connection *conn, uint32_t max_early_data_size)
S2N_API int s2n_psk_set_identity(struct s2n_psk *psk, const uint8_t *identity, uint16_t identity_size)
S2N_API int s2n_mem_set_callbacks(s2n_mem_init_callback mem_init_callback, s2n_mem_cleanup_callback mem_cleanup_callback, s2n_mem_malloc_callback mem_malloc_callback, s2n_mem_free_callback mem_free_callback)
S2N_API int s2n_offered_early_data_accept(struct s2n_offered_early_data *early_data)
S2N_API int s2n_connection_set_fd(struct s2n_connection *conn, int fd)
S2N_API int s2n_connection_set_recv_ctx(struct s2n_connection *conn, void *ctx)
S2N_API int s2n_connection_get_actual_protocol_version(struct s2n_connection *conn)
S2N_API int s2n_connection_set_blinding(struct s2n_connection *conn, s2n_blinding blinding)
S2N_API int s2n_client_hello_get_supported_groups(struct s2n_client_hello *ch, uint16_t *groups, uint16_t groups_count_max, uint16_t *groups_count)
S2N_API int s2n_connection_set_recv_cb(struct s2n_connection *conn, s2n_recv_fn recv)
struct s2n_pkey s2n_cert_public_key
Definition: s2n.h:645
S2N_API int s2n_cleanup(void)
S2N_API int s2n_config_set_send_buffer_size(struct s2n_config *config, uint32_t size)
int(* s2n_mem_free_callback)(void *ptr, uint32_t size)
Definition: s2n.h:547
int(* s2n_rand_cleanup_callback)(void)
Definition: s2n.h:571
int(* s2n_mem_init_callback)(void)
Definition: s2n.h:527
S2N_API int s2n_connection_server_name_extension_used(struct s2n_connection *conn)
S2N_API ssize_t s2n_sendv(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, s2n_blocked_status *blocked)
S2N_API int s2n_config_set_session_cache_onoff(struct s2n_config *config, uint8_t enabled)
S2N_API int s2n_async_pkey_op_set_output(struct s2n_async_pkey_op *op, const uint8_t *data, uint32_t data_len)
S2N_API int s2n_client_hello_get_compression_methods_length(struct s2n_client_hello *ch, uint32_t *out_length)
S2N_API int s2n_connection_set_server_early_data_context(struct s2n_connection *conn, const uint8_t *context, uint16_t context_size)
S2N_API int s2n_free_stacktrace(void)
s2n_mode
Definition: s2n.h:1294
s2n_client_hello_cb_mode
Definition: s2n.h:1357
S2N_API int s2n_config_set_monotonic_clock(struct s2n_config *config, s2n_clock_time_nanoseconds clock_fn, void *ctx)
S2N_API int s2n_get_stacktrace(struct s2n_stacktrace *trace)
S2N_API int s2n_config_set_async_pkey_validation_mode(struct s2n_config *config, s2n_async_pkey_validation_mode mode)
S2N_API int s2n_cert_chain_and_key_free(struct s2n_cert_chain_and_key *cert_and_key)
s2n_status_request_type
Definition: s2n.h:1106
S2N_API int s2n_psk_free(struct s2n_psk **psk)
S2N_API int s2n_connection_get_server_protocol_version(struct s2n_connection *conn)
S2N_API int s2n_connection_get_remaining_early_data_size(struct s2n_connection *conn, uint32_t *allowed_early_data_size)
S2N_API int s2n_client_hello_get_session_id_length(struct s2n_client_hello *ch, uint32_t *out_length)
S2N_API int s2n_connection_set_write_fd(struct s2n_connection *conn, int writefd)
S2N_API int s2n_connection_request_key_update(struct s2n_connection *conn, s2n_peer_key_update peer_request)
S2N_API int s2n_config_set_cache_delete_callback(struct s2n_config *config, s2n_cache_delete_callback cache_delete_callback, void *data)
S2N_API ssize_t s2n_client_hello_get_cipher_suites_length(struct s2n_client_hello *ch)
S2N_API int s2n_cert_get_utf8_string_from_extension_data_length(const uint8_t *extension_data, uint32_t extension_len, uint32_t *utf8_str_len)
S2N_API int s2n_config_set_verification_ca_location(struct s2n_config *config, const char *ca_pem_filename, const char *ca_dir)
s2n_psk_hmac
Definition: s2n.h:2677
S2N_API const char * s2n_connection_get_handshake_type_name(struct s2n_connection *conn)
S2N_API int s2n_config_free_cert_chain_and_key(struct s2n_config *config)
S2N_API int s2n_config_set_recv_multi_record(struct s2n_config *config, bool enabled)
s2n_cert_auth_type
Definition: s2n.h:2216
int(* s2n_session_ticket_fn)(struct s2n_connection *conn, void *ctx, struct s2n_session_ticket *ticket)
Definition: s2n.h:2339
S2N_API const char * s2n_strerror_source(int error)
S2N_API int s2n_connection_get_session_ticket_lifetime_hint(struct s2n_connection *conn)
uint8_t(* s2n_verify_host_fn)(const char *host_name, size_t host_name_len, void *data)
Definition: s2n.h:976
S2N_API const uint8_t * s2n_connection_get_ocsp_response(struct s2n_connection *conn, uint32_t *length)
S2N_API int s2n_offered_psk_list_next(struct s2n_offered_psk_list *psk_list, struct s2n_offered_psk *psk)
S2N_API int s2n_config_set_cache_store_callback(struct s2n_config *config, s2n_cache_store_callback cache_store_callback, void *data)
S2N_API int s2n_offered_early_data_get_context_length(struct s2n_offered_early_data *early_data, uint16_t *context_len)
S2N_API int s2n_connection_get_max_early_data_size(struct s2n_connection *conn, uint32_t *max_early_data_size)
S2N_API int s2n_offered_psk_free(struct s2n_offered_psk **psk)
S2N_API int s2n_config_add_dhparams(struct s2n_config *config, const char *dhparams_pem)
int(* s2n_mem_malloc_callback)(void **ptr, uint32_t requested, uint32_t *allocated)
Definition: s2n.h:542
S2N_API int s2n_connection_get_write_fd(struct s2n_connection *conn, int *writefd)
S2N_API int s2n_connection_use_corked_io(struct s2n_connection *conn)
S2N_API int s2n_config_set_client_auth_type(struct s2n_config *config, s2n_cert_auth_type client_auth_type)
S2N_API int s2n_async_pkey_op_free(struct s2n_async_pkey_op *op)
s2n_tls_signature_algorithm
Definition: s2n.h:2483
S2N_API int s2n_config_set_protocol_preferences(struct s2n_config *config, const char *const *protocols, int protocol_count)
S2N_API int s2n_config_set_ctx(struct s2n_config *config, void *ctx)
S2N_API int s2n_stack_traces_enabled_set(bool newval)
struct s2n_pkey s2n_cert_private_key
Definition: s2n.h:650
S2N_API ssize_t s2n_send(struct s2n_connection *conn, const void *buf, ssize_t size, s2n_blocked_status *blocked)
S2N_API int s2n_connection_prefer_low_latency(struct s2n_connection *conn)
S2N_API int s2n_cert_chain_and_key_set_ocsp_data(struct s2n_cert_chain_and_key *chain_and_key, const uint8_t *data, uint32_t length)
S2N_API ssize_t s2n_client_hello_get_extensions_length(struct s2n_client_hello *ch)
S2N_API int s2n_connection_free(struct s2n_connection *conn)
S2N_API int s2n_config_set_verify_after_sign(struct s2n_config *config, s2n_verify_after_sign mode)
S2N_API struct s2n_cert_chain_and_key * s2n_connection_get_selected_cert(struct s2n_connection *conn)
S2N_API int s2n_async_pkey_op_get_op_type(struct s2n_async_pkey_op *op, s2n_async_pkey_op_type *type)
S2N_API int s2n_connection_get_client_auth_type(struct s2n_connection *conn, s2n_cert_auth_type *client_auth_type)
S2N_API int s2n_connection_set_read_fd(struct s2n_connection *conn, int readfd)
S2N_API int s2n_config_set_session_ticket_cb(struct s2n_config *config, s2n_session_ticket_fn callback, void *ctx)
s2n_peer_key_update
Definition: s2n.h:1910
S2N_API int s2n_config_disable_x509_verification(struct s2n_config *config)
S2N_API int s2n_config_set_client_hello_cb(struct s2n_config *config, s2n_client_hello_fn client_hello_callback, void *ctx)
S2N_API struct s2n_client_hello * s2n_client_hello_parse_message(const uint8_t *bytes, uint32_t size)
S2N_API struct s2n_config * s2n_config_new(void)
S2N_API int s2n_connection_set_session(struct s2n_connection *conn, const uint8_t *session, size_t length)
S2N_API int s2n_connection_get_client_protocol_version(struct s2n_connection *conn)
S2N_API int s2n_connection_get_session_length(struct s2n_connection *conn)
s2n_early_data_status_t
Definition: s2n.h:3431
S2N_API struct s2n_psk * s2n_external_psk_new(void)
s2n_tls_extension_type
Definition: s2n.h:604
S2N_API int s2n_config_get_ctx(struct s2n_config *config, void **ctx)
S2N_API int s2n_connection_set_cipher_preferences(struct s2n_connection *conn, const char *version)
S2N_API struct s2n_config * s2n_config_new_minimal(void)
S2N_API int s2n_cert_get_x509_extension_value(struct s2n_cert *cert, const uint8_t *oid, uint8_t *ext_value, uint32_t *ext_value_len, bool *critical)
S2N_API ssize_t s2n_client_hello_get_cipher_suites(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length)
S2N_API uint64_t s2n_connection_get_delay(struct s2n_connection *conn)
s2n_alert_behavior
Definition: s2n.h:1148
S2N_API ssize_t s2n_client_hello_get_extension_length(struct s2n_client_hello *ch, s2n_tls_extension_type extension_type)
S2N_API int s2n_connection_set_psk_mode(struct s2n_connection *conn, s2n_psk_mode mode)
S2N_API int s2n_config_disable_x509_time_verification(struct s2n_config *config)
S2N_API int s2n_connection_get_cipher_iana_value(struct s2n_connection *conn, uint8_t *first, uint8_t *second)
S2N_API int s2n_connection_set_ctx(struct s2n_connection *conn, void *ctx)
S2N_API int s2n_connection_set_config(struct s2n_connection *conn, struct s2n_config *config)
S2N_API const char * s2n_strerror_debug(int error, const char *lang)
S2N_API int s2n_connection_get_early_data_status(struct s2n_connection *conn, s2n_early_data_status_t *status)
S2N_API int s2n_config_set_server_max_early_data_size(struct s2n_config *config, uint32_t max_early_data_size)
S2N_API int s2n_config_add_cert_chain_and_key_to_store(struct s2n_config *config, struct s2n_cert_chain_and_key *cert_key_pair)
S2N_API struct s2n_client_hello * s2n_connection_get_client_hello(struct s2n_connection *conn)
S2N_API ssize_t s2n_client_hello_get_raw_message(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length)
S2N_API int s2n_offered_psk_list_reread(struct s2n_offered_psk_list *psk_list)
S2N_API int s2n_config_set_early_data_cb(struct s2n_config *config, s2n_early_data_cb cb)
S2N_API int s2n_connection_is_valid_for_cipher_preferences(struct s2n_connection *conn, const char *version)
S2N_API int s2n_crypto_disable_init(void)
S2N_API int s2n_cert_get_x509_extension_value_length(struct s2n_cert *cert, const uint8_t *oid, uint32_t *ext_value_len)
int(* s2n_cache_delete_callback)(struct s2n_connection *conn, void *, const void *key, uint64_t key_size)
Definition: s2n.h:374
S2N_API int s2n_connection_get_session_id_length(struct s2n_connection *conn)
S2N_API int s2n_config_get_supported_groups(struct s2n_config *config, uint16_t *groups, uint16_t groups_count_max, uint16_t *groups_count)
S2N_API bool s2n_stack_traces_enabled(void)
S2N_API int s2n_connection_set_client_auth_type(struct s2n_connection *conn, s2n_cert_auth_type client_auth_type)
S2N_API void * s2n_connection_get_ctx(struct s2n_connection *conn)
S2N_API int s2n_connection_get_client_hello_version(struct s2n_connection *conn)
S2N_API int s2n_client_hello_get_legacy_record_version(struct s2n_client_hello *ch, uint8_t *out)
S2N_API int s2n_negotiate(struct s2n_connection *conn, s2n_blocked_status *blocked)
S2N_API int s2n_connection_get_master_secret(const struct s2n_connection *conn, uint8_t *secret_bytes, size_t max_size)
S2N_API int s2n_connection_set_verify_host_callback(struct s2n_connection *conn, s2n_verify_host_fn host_fn, void *data)
S2N_API int s2n_cert_chain_and_key_set_sct_list(struct s2n_cert_chain_and_key *chain_and_key, const uint8_t *data, uint32_t length)
S2N_API int s2n_client_hello_free(struct s2n_client_hello **ch)
int s2n_send_fn(void *io_context, const uint8_t *buf, uint32_t len)
Definition: s2n.h:1741
S2N_API int s2n_psk_set_secret(struct s2n_psk *psk, const uint8_t *secret, uint16_t secret_size)
int(* s2n_cache_store_callback)(struct s2n_connection *conn, void *, uint64_t ttl_in_seconds, const void *key, uint64_t key_size, const void *value, uint64_t value_size)
Definition: s2n.h:362
int(* s2n_rand_init_callback)(void)
Definition: s2n.h:566
S2N_API int s2n_async_pkey_op_get_input_size(struct s2n_async_pkey_op *op, uint32_t *data_len)
S2N_API int s2n_client_hello_get_compression_methods(struct s2n_client_hello *ch, uint8_t *list, uint32_t list_length, uint32_t *out_length)
S2N_API int s2n_config_set_max_cert_chain_depth(struct s2n_config *config, uint16_t max_depth)
S2N_API int s2n_calculate_stacktrace(void)
S2N_API int s2n_connection_set_dynamic_record_threshold(struct s2n_connection *conn, uint32_t resize_threshold, uint16_t timeout_threshold)
S2N_API int s2n_connection_is_ocsp_stapled(struct s2n_connection *conn)
int(* s2n_early_data_cb)(struct s2n_connection *conn, struct s2n_offered_early_data *early_data)
Definition: s2n.h:3528
S2N_API int s2n_connection_get_session(struct s2n_connection *conn, uint8_t *session, size_t max_length)
S2N_API int s2n_get_fips_mode(s2n_fips_mode *fips_mode)
S2N_API int s2n_connection_is_session_resumed(struct s2n_connection *conn)
S2N_API int s2n_connection_wipe(struct s2n_connection *conn)
S2N_API const char * s2n_get_application_protocol(struct s2n_connection *conn)
int(* s2n_mem_cleanup_callback)(void)
Definition: s2n.h:532
S2N_API int s2n_config_add_ticket_crypto_key(struct s2n_config *config, const uint8_t *name, uint32_t name_len, uint8_t *key, uint32_t key_len, uint64_t intro_time_in_seconds_from_epoch)
int(* s2n_rand_seed_callback)(void *data, uint32_t size)
Definition: s2n.h:577
S2N_API int s2n_client_hello_get_session_id(struct s2n_client_hello *ch, uint8_t *out, uint32_t *out_length, uint32_t max_length)
S2N_API ssize_t s2n_client_hello_get_extensions(struct s2n_client_hello *ch, uint8_t *out, uint32_t max_length)
S2N_API int s2n_connection_tls_exporter(struct s2n_connection *conn, const uint8_t *label, uint32_t label_length, const uint8_t *context, uint32_t context_length, uint8_t *output, uint32_t output_length)
s2n_ct_support_level
Definition: s2n.h:1124
S2N_API int s2n_async_pkey_op_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *key)
S2N_API int s2n_connection_get_peer_cert_chain(const struct s2n_connection *conn, struct s2n_cert_chain_and_key *cert_chain)
S2N_API int s2n_disable_atexit(void)
S2N_API int s2n_config_set_psk_selection_callback(struct s2n_config *config, s2n_psk_selection_callback cb, void *context)
S2N_API int s2n_error_get_type(int error)
S2N_API int s2n_shutdown_send(struct s2n_connection *conn, s2n_blocked_status *blocked)
S2N_API const char * s2n_connection_get_cipher(struct s2n_connection *conn)
s2n_async_pkey_op_type
Definition: s2n.h:3166
S2N_API int s2n_cert_chain_and_key_load_pem(struct s2n_cert_chain_and_key *chain_and_key, const char *chain_pem, const char *private_key_pem)
S2N_API int s2n_client_hello_get_legacy_protocol_version(struct s2n_client_hello *ch, uint8_t *out)
S2N_API unsigned long s2n_get_openssl_version(void)
#define S2N_API
Definition: s2n.h:34
S2N_API const char * s2n_connection_get_last_message_name(struct s2n_connection *conn)
S2N_API int s2n_rand_set_callbacks(s2n_rand_init_callback rand_init_callback, s2n_rand_cleanup_callback rand_cleanup_callback, s2n_rand_seed_callback rand_seed_callback, s2n_rand_mix_callback rand_mix_callback)
S2N_API int s2n_set_server_name(struct s2n_connection *conn, const char *server_name)
S2N_API int s2n_client_hello_cb_done(struct s2n_connection *conn)
S2N_API const char * s2n_connection_get_curve(struct s2n_connection *conn)
s2n_blocked_status
Definition: s2n.h:2016
S2N_API int s2n_config_wipe_trust_store(struct s2n_config *config)
S2N_API int s2n_cert_get_utf8_string_from_extension_data(const uint8_t *extension_data, uint32_t extension_len, uint8_t *out_data, uint32_t *out_len)
S2N_API int s2n_connection_release_buffers(struct s2n_connection *conn)
S2N_API int s2n_session_ticket_get_data(struct s2n_session_ticket *ticket, size_t max_data_len, uint8_t *data)
S2N_API int s2n_config_set_session_tickets_onoff(struct s2n_config *config, uint8_t enabled)
S2N_API int * s2n_errno_location(void)
S2N_API int s2n_session_ticket_get_data_len(struct s2n_session_ticket *ticket, size_t *data_len)
S2N_API int s2n_cert_chain_get_cert(const struct s2n_cert_chain_and_key *chain_and_key, struct s2n_cert **out_cert, const uint32_t cert_idx)
S2N_API int s2n_shutdown(struct s2n_connection *conn, s2n_blocked_status *blocked)
S2N_API int s2n_cert_get_der(const struct s2n_cert *cert, const uint8_t **out_cert_der, uint32_t *cert_length)
S2N_API int s2n_config_set_check_stapled_ocsp_response(struct s2n_config *config, uint8_t check_ocsp)