Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Support for BoringSSL asynchronous private key operations #6248
Title: Support for BoringSSL asynchronous private key operations
My use case for this functionality would be TLS hardware acceleration (using Intel QuickAssist Technology), but other use cases exist, such as having keys in separate hardware or network service.
I would like to have a try at implementing this, if this is something that might be of interest. I'm opening this issue for suggestions and comments before going for the implementation. :-) My current prototype of the BoringSSL private key support in Envoy suggests that at least the following functionality is needed:
@ipuustin thanks, this is well aligned with how we had envisaged this working, please go ahead. Can you propose a concrete API PR (even as WiP) so we can make sure we are aligned before going too far? I'm personally interested in making use of BoringSSL split handshake in the near future, but this is somewhat different to private key operations.