Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filter: exposed functions to Lua to verify digital signature #7050

Merged
merged 16 commits into from
Jun 6, 2019
Merged

filter: exposed functions to Lua to verify digital signature #7050

merged 16 commits into from
Jun 6, 2019

Conversation

yxue
Copy link
Contributor

@yxue yxue commented May 23, 2019

@yxue yxue mentioned this pull request May 23, 2019
Closed
dio
dio suggested changes May 27, 2019
View reviewed changes
Copy link
Member

@dio dio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, some small styling comments. Summon @lizan to review on the code SSL related codes.

source/extensions/filters/http/lua/lua_filter.cc Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/lua_filter.h Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/lua_filter.cc Outdated Show resolved Hide resolved
@htuch
Copy link
Member

htuch commented May 28, 2019

Please merge master to pick up #7090

@yxue yxue force-pushed the feature/boringssllua branch 2 times, most recently from 9f74306 to 4f2fdc1 Compare May 28, 2019 16:35
@yxue
Copy link
Contributor Author

yxue commented May 29, 2019
edited
Loading

@lizan Gentle ping. PTAL

@repokitteh-read-only
Copy link

crazyxy is not allowed to assign users.

🐱

Caused by: a #7050 (comment) was created by @crazyxy.

see: more, trace.

lizan
lizan suggested changes May 30, 2019
View reviewed changes
Copy link
Member

@lizan lizan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally LGTM though I'm a bit worried about this pulling in BoringSSL as a hard dependency of Lua filter, I think @bdecoste is working to make it possible to compile out BoringSSL completely. cc @bdecoste

source/extensions/filters/http/lua/lua_filter.cc Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/lua_filter.cc Outdated Show resolved Hide resolved
@htuch
Copy link
Member

htuch commented May 30, 2019

@crazyxy I pinged you internally, would like to understand the motivation for this PR a bit. Thanks.

@yxue yxue force-pushed the feature/boringssllua branch 3 times, most recently from 0ffecb6 to 75b515b Compare May 31, 2019 16:15
htuch
htuch reviewed Jun 3, 2019
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @crazyxy. This looks good in principle to me; I do worry about the proliferation of LuaJIT bindings to random external dependencies, but on a concrete level this seems to be well motivated. Just a question on whether we can decouple the BoringSSL nitty gritty (and make it more testable) by splitting it out of the Lua bindings.
/wait

docs/root/configuration/http_filters/lua_filter.rst Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/lua_filter.cc Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/lua_filter.cc Show resolved Hide resolved
@yxue
Copy link
Contributor Author

yxue commented Jun 4, 2019

Thanks @crazyxy. This looks good in principle to me; I do worry about the proliferation of LuaJIT bindings to random external dependencies, but on a concrete level this seems to be well motivated. Just a question on whether we can decouple the BoringSSL nitty gritty (and make it more testable) by splitting it out of the Lua bindings.
/wait

@htuch Thanks for reviewing! Made the change as requested.

PiotrSikora
PiotrSikora reviewed Jun 4, 2019
View reviewed changes
docs/root/configuration/http_filters/lua_filter.rst Outdated Show resolved Hide resolved
source/common/crypto/utility.cc Outdated Show resolved Hide resolved
source/common/crypto/utility.cc Outdated Show resolved Hide resolved
docs/root/configuration/http_filters/lua_filter.rst Outdated Show resolved Hide resolved
docs/root/configuration/http_filters/lua_filter.rst Outdated Show resolved Hide resolved
docs/root/configuration/http_filters/lua_filter.rst Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/lua_filter.h Outdated Show resolved Hide resolved
dio
dio suggested changes Jun 4, 2019
View reviewed changes
Copy link
Member

@dio dio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put more comments on preference using snake_case for local vars.

docs/root/configuration/http_filters/lua_filter.rst Outdated Show resolved Hide resolved
source/common/crypto/utility.cc Outdated Show resolved Hide resolved
source/common/crypto/utility.cc Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/lua_filter.cc Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/lua_filter.cc Outdated Show resolved Hide resolved
test/common/crypto/utility_test.cc Outdated Show resolved Hide resolved
test/common/crypto/utility_test.cc Outdated Show resolved Hide resolved
test/common/crypto/utility_test.cc Outdated Show resolved Hide resolved
test/extensions/filters/http/lua/lua_filter_test.cc Outdated Show resolved Hide resolved
test/extensions/filters/http/lua/lua_integration_test.cc Show resolved Hide resolved
@yxue yxue force-pushed the feature/boringssllua branch 2 times, most recently from 61930c4 to 4be7d64 Compare June 4, 2019 22:26
@yxue
Copy link
Contributor Author

yxue commented Jun 5, 2019

@htuch @lizan PTAL. Thanks!

lizan
lizan suggested changes Jun 5, 2019
View reviewed changes
Copy link
Member

@lizan lizan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still not convinced by the structure that import/release methods lives in StreamHandlerWrapper.

Also do not rebase + force push into existing PR b/c it messes up review history, git merge + regular push is preferred.

source/extensions/filters/http/lua/lua_filter.cc Outdated Show resolved Hide resolved
@yxue
Add EVP_PKEY wrapper
14fed22 
Signed-off-by: Yan Xue <[email protected]>
lizan
lizan suggested changes Jun 5, 2019
View reviewed changes
Copy link
Member

@lizan lizan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks much better, a few more comments. Thanks!

source/common/crypto/utility.cc Outdated Show resolved Hide resolved
source/extensions/filters/http/lua/wrappers.h Outdated Show resolved Hide resolved
test/common/crypto/utility_test.cc Outdated Show resolved Hide resolved
@yxue
Use unique_ptr
425f09e 
Signed-off-by: Yan Xue <[email protected]>
@yxue
Copy link
Contributor Author

yxue commented Jun 5, 2019

Looks much better, a few more comments. Thanks!

Thanks @lizan! Removed the pointer.

@yxue
Copy link
Contributor Author

yxue commented Jun 5, 2019

/retest

@repokitteh-read-only
Copy link

🔨 rebuilding ci/circleci: coverage (failed build)

🐱

Caused by: a #7050 (comment) was created by @crazyxy.

see: more, trace.

lizan
lizan previously approved these changes Jun 5, 2019
View reviewed changes
htuch
htuch suggested changes Jun 5, 2019
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, a few more general comments.
/wait

docs/root/intro/version_history.rst Outdated Show resolved Hide resolved
source/common/crypto/utility.cc Outdated Show resolved Hide resolved
source/common/crypto/utility.h Show resolved Hide resolved
source/common/crypto/utility.h Outdated Show resolved Hide resolved
@yxue
Resolve some comments
9d24d6d 
Signed-off-by: Yan Xue <[email protected]>
@yxue
More comments
26349b9 
Signed-off-by: Yan Xue <[email protected]>
htuch
htuch approved these changes Jun 5, 2019
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@yxue
Copy link
Contributor Author

yxue commented Jun 5, 2019

@dio Could you please take a look? Thanks!

dio
dio approved these changes Jun 6, 2019
View reviewed changes
Copy link
Member

@dio dio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool. This is awesome. Thanks!

@lizan lizan merged commit 9749194 into envoyproxy:master Jun 6, 2019
@lizan lizan mentioned this pull request Jun 6, 2019
Closed
yxue added a commit to yxue/envoy that referenced this pull request Jun 6, 2019
@yxue
filter: exposed functions to Lua to verify digital signature (envoypr…
d09ae4d 
…oxy#7050)

Description: Expose functions for users to verify digital signature in Lua script

Risk Level: Low

Testing: unit test, integration

Docs Changes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-ddc999700fdafb43c2cdcafcc7a4b887

Release Notes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-d8d3e33358b55e6c0466dd1bb5f40c79

Fixes #Issue: envoyproxy#7009

Signed-off-by: Yan Xue <[email protected]>
yxue added a commit to istio/envoy that referenced this pull request Jun 6, 2019
@yxue
filter: exposed functions to Lua to verify digital signature (envoypr…
81e125d 
…oxy#7050)

Description: Expose functions for users to verify digital signature in Lua script

Risk Level: Low

Testing: unit test, integration

Docs Changes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-ddc999700fdafb43c2cdcafcc7a4b887

Release Notes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-d8d3e33358b55e6c0466dd1bb5f40c79

Fixes #Issue: envoyproxy#7009

Signed-off-by: Yan Xue <[email protected]>
yxue added a commit to yxue/envoy that referenced this pull request Jun 6, 2019
@yxue
filter: exposed functions to Lua to verify digital signature (envoypr…
6ff6441 
…oxy#7050)

Description: Expose functions for users to verify digital signature in Lua script

Risk Level: Low

Testing: unit test, integration

Docs Changes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-ddc999700fdafb43c2cdcafcc7a4b887

Release Notes: https://github.com/envoyproxy/envoy/compare/master...crazyxy:feature/boringssllua?expand=1#diff-d8d3e33358b55e6c0466dd1bb5f40c79

Fixes #Issue: envoyproxy#7009

Signed-off-by: Yan Xue <[email protected]>
@knrc
Copy link

knrc commented Jun 7, 2019

@bdecoste FYI this seems to be the commit which reintroduced boringssl into core

duderino pushed a commit to istio/envoy that referenced this pull request Jun 12, 2019
Merge pull request #79 from crazyxy/istio-release-1.1
8e54972 
filter: exposed functions to Lua to verify digital signature (envoyproxy#7050)
duderino pushed a commit to istio/envoy that referenced this pull request Jun 12, 2019
Merge pull request #82 from duderino/jblatt_1_2_lua_symbols
4f5b5e1 
cherry-pick into 1.2:  filter: exposed functions to Lua to verify digital signature (envoyproxy#7050)
duderino pushed a commit to istio/proxy that referenced this pull request Jun 13, 2019
Update istio/envoy to pick up envoyproxy/envoy#7050 (#2274)
d26534e
@yxue yxue deleted the feature/boringssllua branch June 13, 2019 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PiotrSikora PiotrSikora PiotrSikora left review comments

@dio dio dio approved these changes

@htuch htuch htuch approved these changes

@lizan lizan lizan left review comments

Assignees

@dio dio

@lizan lizan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@yxue @htuch @knrc @dio @PiotrSikora @lizan