Subject: [PATCH] ssl: introduce async sign/decrypt APIs This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: * Server will ignore dummy RSA key, assuming that it is matching the certificate. * Server will invoke this callback with either: * `SSL_KEY_EX_RSA` * `SSL_KEY_EX_RSA_SIGN` as a `type` argument, and some data for signature or decryption in `p`/`n` pair. At that time the sign/decryption may be performed on any thread, or even remotely, and the result should be supplied with `SSL_supply()`. Calling `SSL_supply()` will continue the handshake process without even touching the real private key.

[Fedor Indutny]

This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and
`SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present:

* Server will ignore dummy RSA key, assuming that it is matching the
  certificate.
* Server will invoke this callback with either:
  * `SSL_KEY_EX_RSA`
  * `SSL_KEY_EX_RSA_SIGN`
  as a `type` argument, and some data for signature or decryption in
  `p`/`n` pair.

At that time the sign/decryption may be performed on any thread, or even
remotely, and the result should be supplied with `SSL_supply()`. Calling
`SSL_supply()` will continue the handshake process without even touching
the real private key.

NOTE:

The test is missing right now, I'll add it once we will figure out how the
API should look like. Implementation appears to be working when used with
node.js, see https://github.com/indutny/node/tree/feature/async-key-exchange
and https://gist.github.com/indutny/948eaf9b5154eb395e8b for testing.

ANOTHER NOTE:

Pull Request on github: https://github.com/openssl/openssl/pull/162

0001-ssl-introduce-async-sign-decrypt-APIs.patch
Description: Binary data

0001-ssl-introduce-async-sign-decrypt-APIs.patch.sig
Description: Binary data