Make BoringSSL available to Lua FFI #7009

yxue · 2019-05-20T16:51:48Z

Expose BoringSSL symbols to Lua FFI

Description:

The customer is validating cryptographic signatures within Lua scripts. Unfortunately they are not able to call the respective functions because the symbols are not exported or stripped from the binary so that Lua is not able to call them.

To get their functionality working they would need the following symbols:

     void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
     EVP_PKEY *EVP_parse_public_key(CBS *cbs);

     int SHA256_Init(SHA256_CTX *sha);
     int SHA256_Update(SHA256_CTX *sha, const void *data, size_t len);
     int SHA256_Final(uint8_t *md, SHA256_CTX *sha);

     void OPENSSL_cleanse(void *ptr, size_t len);

     int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len,
                    const uint8_t *sig, size_t sig_len, void *rsa);

     int EVP_DecodeBase64(uint8_t *out, size_t *out_len,
                          size_t max_out, const uint8_t *in, size_t in_len);

[Relevant Links:]

istio/istio#13818

Description: Expose functions for users to verify digital signature in Lua script Risk Level: Low Testing: unit test, integration Docs Changes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-ddc999700fdafb43c2cdcafcc7a4b887 Release Notes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-d8d3e33358b55e6c0466dd1bb5f40c79 Fixes #Issue: #7009 Signed-off-by: Yan Xue <[email protected]>

lizan · 2019-06-06T00:50:14Z

#7050

…oxy#7050) Description: Expose functions for users to verify digital signature in Lua script Risk Level: Low Testing: unit test, integration Docs Changes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-ddc999700fdafb43c2cdcafcc7a4b887 Release Notes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-d8d3e33358b55e6c0466dd1bb5f40c79 Fixes #Issue: envoyproxy#7009 Signed-off-by: Yan Xue <[email protected]>

dio added enhancement Feature requests. Not bugs or questions. help wanted Needs help! labels May 21, 2019

yxue mentioned this issue May 23, 2019

filter: exposed functions to Lua to verify digital signature #7050

Merged

yxue mentioned this issue Jun 3, 2019

filter: exposed functions to Lua to verify digital signature istio/envoy#76

Merged

lizan closed this as completed Jun 6, 2019

yxue mentioned this issue Jun 6, 2019

filter: exposed functions to Lua to verify digital signature (#7050) istio/envoy#78

Closed

yxue mentioned this issue Jun 6, 2019

filter: exposed functions to Lua to verify digital signature (#7050) istio/envoy#79

Merged

duderino mentioned this issue Jun 12, 2019

cherry-pick into 1.2: filter: exposed functions to Lua to verify digital signature (#7050) istio/envoy#82

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make BoringSSL available to Lua FFI #7009

Make BoringSSL available to Lua FFI #7009

yxue commented May 20, 2019

lizan commented Jun 6, 2019

Make BoringSSL available to Lua FFI #7009

Make BoringSSL available to Lua FFI #7009

Comments

yxue commented May 20, 2019

lizan commented Jun 6, 2019