-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ingela/ssl/custom sign fun #7898
Ingela/ssl/custom sign fun #7898
Conversation
CT Test Results 3 files 71 suites 49m 6s ⏱️ Results for commit ac3a3b0. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts// Erlang/OTP Github Action Bot |
true, we can use M:F/2 to set the function in |
a2c6e52
to
39e88d8
Compare
d5991d8
to
a0b9734
Compare
750ee1f
to
2ff6ac4
Compare
@ziopio I think we will also want to be able to give custom options to the fun, to for instance be able to provide some kind or reference to the key to enable the fun to find/access it. In the test you wrote this is not necessary as the key is directly accessible in as it only wraps the standard keys. |
2ff6ac4
to
c4e2704
Compare
@IngelaAndin Yeah we do not have an use-case since in our scenario we control both the code that uses SSL and the signfun and a developer can just embed his/her options inside the function implementation. That said such option can help writing a general purpose custom function. So yeah, I think is a good Idea 👍 |
c4e2704
to
873a36c
Compare
Waiting for @dgud review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MIssing test in ssl_api_SUITE:options_whitebox().
Also a lot of white-space changes in ssl.erl that is touching (not emacs?) non updated code which will cause a lot of merge-conflicts later. |
873a36c
to
c28f1cc
Compare
@dgud please rereview doc |
c28f1cc
to
7347e58
Compare
This option allows the user to define a function tasked to sign an ssl message. This gives total freedom around key handling. Users are free to program such function the way they think is best, allowing them to support any private key storage or to delegate signature to any external service or device. Most notably: this allows to implement custom access to any HSM device.
Do not use undocumented OpenSSL "implicit param", rather be explicit about what PSS params that where negotiated.
7347e58
to
ac3a3b0
Compare
@dgud rereview doc and added tests |
Last commit show what we like the API to look like in #7475 (Commits now squashed and this PR replaces #7475)
Design decisions:
Keep all engine stuff in ssl, although it is a corner case of the more general
customization added, it has nothing to do with the functionality in public_key.
Keep options sign/encrypt_private options explicit in ssl, where the knowledge of correct options belong, do not rely on public_key defaults that are not even documented.
There has to be a legacy fun option for TLS legacy versions using encrypt_private as new version and legacy version can be supported in the same time and is negotiated.
We do not want to support funs on format {Module, Fun}. fun() is sufficient and you can
use
fun(X,Y) ...
or fun M:F/2