diff --git a/docs/porting/configuration-differences.md b/docs/porting/configuration-differences.md index 9645f7f378..3dcc9b5a3b 100644 --- a/docs/porting/configuration-differences.md +++ b/docs/porting/configuration-differences.md @@ -53,16 +53,28 @@ The following table contains the differences in libssl configuration options AWS
SSL_CTX_set_mode
- SSL_set_mode
-
- SSL_CTX_clear_mode
- SSL_clear_mode
+
+
+ SSL_CTX_set_mode
+ SSL_set_mode
+
+
+
+ SSL_CTX_clear_mode
+ SSL_clear_mode
+
+
+
+ + + SSL_MODE_NO_AUTO_CHAIN + + +
ON
@@ -117,12 +129,19 @@ The following table contains the differences in libssl configuration options AWSSSL_CTX_set_options
- SSL_set_options
-
- SSL_CTX_clear_options
- SSL_clear_options
+
+
+ SSL_CTX_set_options
+ SSL_set_options
+
+
+
+ SSL_CTX_clear_options
+ SSL_clear_options
+
+
+
SSL_OP_ALL
@@ -186,12 +205,10 @@ The following table contains the differences in libssl configuration options AWSON
NO-OP
-
- Renegotiation is enabled with SSL_set_renegotiate_mode
- , an AWS-LC/BoringSSL specific
- API.
+ NO-OP
+ Renegotiation is enabled with SSL_set_renegotiate_mode, an AWS-LC/BoringSSL specific API.
+
X509_V_FLAG_X509_STRICT
@@ -295,12 +317,16 @@ The following table contains the differences in libcrypto configuration optionsX509_check_host
-
- X509_check_email
- X509_check_ip
- X509_check_ip_asc
+
+
+ X509_check_host
+ X509_check_email
+ X509_check_ip
+ X509_check_ip_asc
+
+
+
X509_CHECK_FLAG_NO_WILDCARDS
@@ -369,8 +395,13 @@ The following table contains the differences in libcrypto configuration options+ + + PKCS7_sign + + +
PKCS7_DETACHED
@@ -387,20 +418,19 @@ The following table contains the differences in libcrypto configuration optionsPKCS7_BINARY
Partially Supported
-
- i>
- These flags must be used simultaneously together with
- PKCS7_DETACHED
- to generate a detached RSA
- SHA-256 signature of the data and produces a PKCS#7 SignedData structure
- containing it.
+ Partially Supported
+ These flags must be used simultaneously together with
+ PKCS7_DETACHED to generate a detached RSA
+ SHA-256 signature of the data and produces a PKCS#7 SignedData structure
+ containing it.
+
Must be used along with - PKCS7_DETACHED - . Other combinations are not - supported.
++ Must be used along with PKCS7_DETACHED. + Other combinations are not supported. +
BN_set_flags
+ + + BN_FLG_CONSTTIME + + +
Not Implemented
diff --git a/docs/porting/functionality-differences.md b/docs/porting/functionality-differences.md index 047459e940..dc527c3d1a 100644 --- a/docs/porting/functionality-differences.md +++ b/docs/porting/functionality-differences.md @@ -38,9 +38,13 @@ libssl is the portion of OpenSSL which supports TLS. AWS-LC does not have supporSecurity Levels
SSL_CTX_get_security_level
@@ -62,10 +66,13 @@ libssl is the portion of OpenSSL which supports TLS. AWS-LC does not have supporDH ciphersuites
SSL_CTX_set_tmp_dh
@@ -105,10 +112,13 @@ libssl is the portion of OpenSSL which supports TLS. AWS-LC does not have suppor COMP_METHODSSL_COMP_get_compression_methods
@@ -162,31 +172,25 @@ libssl is the portion of OpenSSL which supports TLS. AWS-LC does not have supporTLS Renegotiation
SSL_renegotiate
Returns 1 on success, 0 on
- failure.
-
- There is no support for renegotiation for TLS as a server or DTLS.
-
- There is only minimal support for initiating renegotiation as a client.
- SSL_set_renegotiate_mode
- must be set to
- ssl_renegotiate_once
- , ssl_renegotiate_freely
- , or
- ssl_renegotiate_explicit
- for
- SSL_renegotiate
- to work.
+ Returns 1 on success, 0 on failure.
+ There is no support for renegotiation for TLS as a server or DTLS.
+ There is only minimal support for initiating renegotiation as a client.
+ SSL_set_renegotiate_mode must be set to ssl_renegotiate_once, ssl_renegotiate_freely,
+ or ssl_renegotiate_explicit for SSL_renegotiate to work.
+
General
SSL_get_shared_ciphers
Writes an empty string and - returns a pointer containing it or returns NULL.
+Writes an empty string and returns a pointer containing it or returns NULL.
SSL_get_shared_sigalgs
@@ -221,9 +232,13 @@ libssl is the portion of OpenSSL which supports TLS. AWS-LC does not have supporSSL_get_server_tmp_key
@@ -315,9 +330,16 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signiEVP_PKEY
+
+
+ evp.h
+
+
+ EVP_PKEY_DSA
+
+
+
EVP_PKEY_CTX_set_dsa_paramgen_bits
@@ -336,8 +358,13 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signi+ + + evp.h + + +
EVP_PKEY_get0_DH
@@ -356,15 +383,21 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signi+ + + evp.h + + +
EVP_PKEY_get0
+EVP_PKEY_get0
Void function that does not - return anything (NULL).
++ Void function that does not return anything (NULL). +
EC
+
+
+ ec_key.h
+
+
+ ec.h
+
+
+
EC_KEY_set_asn1_flag
@@ -398,22 +436,24 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signiEC_GROUP_get_asn1_flag
Returns - OPENSSL_EC_NAMED_CURVE - .
+Returns OPENSSL_EC_NAMED_CURVE.
+ + + ec.h + + +
EC_GROUP_method_of
Returns a dummy non-NULL - EC_METHOD pointer.
+Returns a dummy non-NULL EC_METHOD pointer.
EC_METHOD_get_field_type
Returns - NID_X9_62_prime_field - .
+Returns NID_X9_62_prime_field.
+ + + ec.h + + +
EC_GROUP_set_point_conversion_form
Returns nothing as a void - function. Aborts if a form other than - POINT_CONVERSION_UNCOMPRESSED - is requested.
++ Returns nothing as a void function. Aborts if a form other than + POINT_CONVERSION_UNCOMPRESSED is requested. +
CONF modules
+ + + conf.h + + +
CONF_modules_load_file
@@ -485,9 +533,13 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signiRAND Functions
+ + + Entropy Sources + + +
RAND_load_file
@@ -501,8 +553,7 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signiRAND_write_file
Does nothing and returns negative - one.
+Does nothing and returns negative one.
RAND_SSLeay
Returns a dummy - RAND_METHOD - pointer.
+Returns a dummy RAND_METHOD pointer.
RAND_OpenSSL
Returns a dummy - RAND_METHOD - pointer.
+Returns a dummy RAND_METHOD pointer.
ASN1
+ + + asn1.h + + +
ASN1_STRING_set_default_mask
@@ -627,9 +679,7 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signiASN1_STRING_get_default_mask
Returns - B_ASN1_UTF8STRING - (The default value AWS-LC uses).
+Returns B_ASN1_UTF8STRING (The default value AWS-LC uses).
Thread Safety
+ + + thread.h + + +
CRYPTO_num_locks
@@ -686,9 +740,7 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signiReturns a fixed dummy string
- ("
-
Miscellaneous
+ + + evp.h + + +
OpenSSL_add_all_algorithms
@@ -828,21 +885,26 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signi+ + + cipher.h + + +
EVP_CIPHER_CTX_set_flags
Does nothing. Does nothing.
+
- This functions sets flags for
+ + + digest.h + + +
EVP_MD_CTX_set_flags
Does nothing.
-
- This functions sets flags for
- EVP_MD_CTX
-
+ Does nothing.
+ This functions sets flags for EVP_MD_CTX, so any related flags are also no-ops. Related no-op flags can be found in
+
+ the surrounding documentation
+
+ .
+
+ + + dh.h + + +
DH_clear_flags
Does nothing.
-
-
- This functions clears flags for
- DH
-
+ Does nothing.
+ This functions clears flags for DH, so any related flags are also no-ops. Related no-op flags can be found in
+
+ the surrounding documentation
+
+ .
+
+ + + ex_data.h + + +
CRYPTO_cleanup_all_ex_data
@@ -917,14 +993,18 @@ Older and less common usages of `EVP_PKEY` have been removed. For example, signiCRYPTO_EX_dup
Legacy Callback function that's - ignored.
+Legacy Callback function that's ignored.
+ + + bio.h + + +
BIO_set_write_buffer_size