Describe the feature request
We are validating cryptographic signatures within Lua scripts.
Envoy and istio-proxy use BoringSSL as the implementation for TLS and this would provide everything that we would need as well.
Unfortunately we are not able to call the respective functions because the symbols are not exported or stripped from the binary so that Lua is not able to call them.
To get our functionality working we would need the following symbols:
void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
EVP_PKEY *EVP_parse_public_key(CBS *cbs);
int SHA256_Init(SHA256_CTX *sha);
int SHA256_Update(SHA256_CTX *sha, const void *data, size_t len);
int SHA256_Final(uint8_t *md, SHA256_CTX *sha);
void OPENSSL_cleanse(void *ptr, size_t len);
int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len,
const uint8_t *sig, size_t sig_len, void *rsa);
int EVP_DecodeBase64(uint8_t *out, size_t *out_len,
size_t max_out, const uint8_t *in, size_t in_len);Describe alternatives you've considered
As an alternative we are currently loading libnettle.so, libhogweed.so and libgmp.so.
Parsing public keys is much more complicated though.
Also this approach is brittle because it relies on the environment or the file system the proxy is running in.
Additional context
Describe the feature request
We are validating cryptographic signatures within Lua scripts.
Envoy and istio-proxy use BoringSSL as the implementation for TLS and this would provide everything that we would need as well.
Unfortunately we are not able to call the respective functions because the symbols are not exported or stripped from the binary so that Lua is not able to call them.
To get our functionality working we would need the following symbols:
Describe alternatives you've considered
As an alternative we are currently loading libnettle.so, libhogweed.so and libgmp.so.
Parsing public keys is much more complicated though.
Also this approach is brittle because it relies on the environment or the file system the proxy is running in.
Additional context