Crate s2n_tls_sys
source · [−]Modules
Structs
Functions
Finalizes a private key operation and unblocks the connection.
Frees the opaque structure representing a private key operation.
Returns the input to the private key operation.
Returns the size of the input to the private key operation.
Returns the type of the private key operation.
Performs a private key operation using the given private key.
Sets the output of the private key operation.
Returns the certificate out_cert present at the index cert_idx of the certificate chain chain_and_key.
Returns the length of the s2n certificate chain chain_and_key.
Returns the s2n certificate in DER format along with its length.
Returns the UTF8 String representation of the DER encoded ASN.1 X.509 certificate extension data.
Returns the UTF8 String length of the ASN.1 X.509 certificate extension data.
Returns the DER encoding of an ASN.1 X.509 certificate extension value, it’s length and a boolean critical.
Returns the length of the DER encoded extension value of the ASN.1 X.509 certificate extension.
Used to check if a particular extension exists in the client hello.
Appends the provided application protocol to the preference list
Sets up the callback to invoke when private key operations occur.
Configures whether or not s2n-tls will perform potentially expensive validation of the results of a private key operation.
Set a callback to accept or reject early data.
Sets the initial number of session tickets to send after a >=TLS1.3 handshake. The default value is one ticket.
Sets a key logging callback on the provided config
Sets the PSK mode on the s2n config object.
The supported PSK modes are listed in the enum s2n_psk_mode above.
Sets the callback to select the matching PSK. If this callback is not set s2n-tls uses a default PSK selection logic that selects the first matching server PSK.
Sets the maximum bytes of early data the server will accept.
Sets a session ticket callback to be called when a client receives a new session ticket.
Clear the trust store.
Increases the number of session tickets to send after a >=TLS1.3 handshake.
Appends the provided application protocol to the preference list
Appends a PSK object to the list of PSKs supported by the s2n connection.
If a PSK with a duplicate identity is found, an error is returned and the PSK is not added to the list.
Note that a copy of psk is stored on the connection. The user is still responsible for freeing the
memory associated with psk.
Returns the IANA value for the connection’s negotiated cipher suite.
Reports the current state of early data for a connection.
Reports the maximum size of the early data allowed by a connection.
Gets the negotiated PSK identity from the s2n connection object.
If the negotiated PSK does not exist, the PSK identity will not be obtained and no error will be returned.
Prior to this API call, use s2n_connection_get_negotiated_psk_identity_length to determine if a
negotiated PSK exists or not.
Gets the negotiated PSK identity length from the s2n connection object. The negotiated PSK refers to the chosen PSK by the server to be used for the connection.
Returns the validated peer certificate chain as a s2n_cert_chain_and_key opaque object.
Gets the assigned file descriptor for the read channel of an s2n connection.
Reports the remaining size of the early data allowed by a connection.
Returns the number of session tickets issued by the server.
Gets the assigned file descriptor for the write channel of an s2n connection.
Sets the PSK mode on the s2n connection object.
The supported PSK modes are listed in the enum s2n_psk_mode above.
This API overrides the PSK mode set on config for this connection.
Sets the user context associated with early data on a server.
Sets the keying material lifetime for >=TLS1.3 session tickets so that one session doesn’t get re-used ad infinitum. The default value is one week.
Sets the maximum bytes of early data the server will accept.
Prevents S2N from calling OPENSSL_crypto_init/OPENSSL_cleanup/EVP_cleanup on OpenSSL versions
prior to 1.1.x. This allows applications or languages that also init OpenSSL to interoperate
with S2N.
Prevents S2N from installing an atexit handler, which allows safe shutdown of S2N from within a re-entrant shared library
Returns the address of the thread-local s2n_errno variable
Creates a new s2n external pre-shared key (PSK) object with S2N_PSK_HMAC_SHA256 as the default
PSK hash algorithm. An external PSK is a key established outside of TLS using a secure mutually agreed upon mechanism.
Accept early data offered by the client.
Get the early data context set by the user.
Get the length of the early data context set by the user.
Reject early data offered by the client.
Frees the memory associated with the s2n_offered_psk object.
Gets the PSK identity and PSK identity length for a given offered PSK object.
Chooses a PSK from the offered PSK list to be used for the connection.
This API matches the PSK identity received from the client against the server’s known PSK identities
list, in order to choose the PSK to be used for the connection. If the PSK identity sent from the client
is NULL, no PSK is chosen for the connection. If the client offered PSK identity has no matching PSK identity
with the server, an error will be returned. Use this API along with the s2n_psk_selection_callback callback
to select a PSK identity.
Checks whether the offered PSK list has an offered psk object next in line in the list. An offered PSK list contains all the PSKs offered by the client for the server to select.
Obtains the next offered PSK object from the list of offered PSKs. Use s2n_offered_psk_list_has_next
prior to this API call to ensure we have not reached the end of the list.
Returns the offered PSK list to its original read state.
Creates a new s2n offered PSK object. An offered PSK object represents a single PSK sent by the client.
Configures a particular pre-shared key to allow early data.
Frees the memory associated with the external PSK object.
Sets the optional application_protocol associated with the given pre-shared key.
Sets the optional user early data context associated with the given pre-shared key.
Sets the hash algorithm for a given external PSK object. The supported PSK hash
algorithms are as listed in the enum s2n_psk_hmac above.
Sets the identity for a given external PSK object. The identity is a unique identifier for the pre-shared secret. It is a non-secret value represented by raw bytes.
Sets the out-of-band/externally provisioned secret for a given external PSK object.
Called by the server to begin negotiation and accept any early data the client sends.
Called by the client to begin negotiation and send early data.
Gets the session ticket data from a session ticket object.
Gets the length of the session ticket from a session ticket object.
Gets the lifetime in seconds of the session ticket from a session ticket object.
Type Definitions
Callback function for handling private key operations
A callback which can be implemented to accept or reject early data.
Callback function for handling key log events
Callback function to select a PSK from a list of offered PSKs. Use this callback to implement custom PSK selection logic. The s2n-tls default PSK selection logic chooses the first matching PSK from the list of offered PSKs sent by the client.
Callback function for receiving a session ticket.