Conversation
walterchris
force-pushed
the
feat/addConfigurationFile
branch
from
5b407a5 to
6eacdd7
Compare
There was a problem hiding this comment.
Pull request overview
This pull request adds configuration file support to the Azure IoT HSM OpenSSL provider, allowing users to configure credential and key file paths via OpenSSL configuration files instead of using only hardcoded defaults.
Changes:
- Adds support for loading HSM credentials (ID and PIN) from configurable file paths instead of hardcoded values
- Implements configuration parsing from OpenSSL config files with default fallbacks
- Refactors the AZIHSM_CONFIG structure to use dynamically allocated paths instead of fixed-size buffers
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| plugins/ossl_prov/src/azihsm_ossl_hsm.c | Adds load_credentials_from_file function and azihsm_config_free function; updates azihsm_open_device_and_session to load credentials from files |
| plugins/ossl_prov/src/azihsm_ossl_base.c | Implements parse_provider_config and strip_file_prefix functions; updates OSSL_provider_init to parse configuration before device initialization |
| plugins/ossl_prov/inc/azihsm_ossl_hsm.h | Adds AZIHSM_CONFIG structure definition, default path macros, and configuration parameter names |
| plugins/ossl_prov/inc/azihsm_ossl_base.h.in | Removes AZIHSM_CONFIG and related macros (moved to azihsm_ossl_hsm.h); updates CMake version variable name |
| plugins/ossl_prov/inc/azihsm_ossl_base.h | Removes AZIHSM_CONFIG and related macros; updates hardcoded version string to "1.0.0" |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 9 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
walterchris
force-pushed
the
feat/addConfigurationFile
branch
2 times, most recently
from
f0d428e to
8ecacca
Compare
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
…validation Add support for configuring the API revision via openssl.cnf using the 'azihsm-api-revision' parameter. Signed-off-by: Christian Walter <christian.walter@9elements.com>
…riables Add support for configuring credentials file paths via environment variables. Credentials are intentionally not configurable via openssl.cnf for security reasons. Signed-off-by: Christian Walter <christian.walter@9elements.com>
walterchris
force-pushed
the
feat/addConfigurationFile
branch
from
8ecacca to
aa3b327
Compare
Signed-off-by: Christian Walter <christian.walter@9elements.com>
| /* Default file paths for partition keys */ | ||
| #define AZIHSM_DEFAULT_BMK_PATH "/var/lib/azihsm/bmk.bin" | ||
| #define AZIHSM_DEFAULT_MUK_PATH "/var/lib/azihsm/muk.bin" | ||
| #define AZIHSM_DEFAULT_MOBK_PATH "/var/lib/azihsm/mobk.bin" |
There was a problem hiding this comment.
Need to add following to the config:
- Caller OBK
- Caller POTA endorsement (pub key; signature)
There was a problem hiding this comment.
Yes I think we need to overhaul the PR once #164 is merged.
|
Also add Session Seed. (need confirmation) |
|
Will continue this in #220 as this was lying around for some while, and many things on |
|
Work continued in #220 |
No description provided.