Hello again! Here is a second patch that improves the first one. Additionally it copies and restores the packet data before/after calling out async callback. However it is almost evident for me that nothing could overwrite `s->init_buf->data` during async handshake, so if you feel confident about it - please let me know and I will revert everything except style changes in that 0002 patch.
Cheers, Fedor. On Wed, Aug 27, 2014 at 1:05 PM, Fedor Indutny <fe...@indutny.com> wrote: > Oops, just realized that I pasted whole commit message into a subject. > > Anyway, CCing Rich Salz here. > > Rich, > > You seem to be on a wave on triaging tickets, may be you could take a look > at this one eventually? > > Thank you, > Fedor. > > > On Sat, Aug 23, 2014 at 10:08 PM, Fedor Indutny <fe...@indutny.com> wrote: > >> This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and >> `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: >> >> * Server will ignore dummy RSA key, assuming that it is matching the >> certificate. >> * Server will invoke this callback with either: >> * `SSL_KEY_EX_RSA` >> * `SSL_KEY_EX_RSA_SIGN` >> as a `type` argument, and some data for signature or decryption in >> `p`/`n` pair. >> >> At that time the sign/decryption may be performed on any thread, or even >> remotely, and the result should be supplied with `SSL_supply()`. Calling >> `SSL_supply()` will continue the handshake process without even touching >> the real private key. >> >> NOTE: >> >> The test is missing right now, I'll add it once we will figure out how >> the API should look like. Implementation appears to be working when used >> with node.js, see >> https://github.com/indutny/node/tree/feature/async-key-exchange and >> https://gist.github.com/indutny/948eaf9b5154eb395e8b for testing. >> >> ANOTHER NOTE: >> >> Pull Request on github: https://github.com/openssl/openssl/pull/162 >> > >
0002-ssl-copy-packet-before-performing-async-key-ex.patch.sig
Description: Binary data
0002-ssl-copy-packet-before-performing-async-key-ex.patch
Description: Binary data