And an additional follow-up, with docs and refined code. On Fri, Sep 19, 2014 at 2:48 AM, Fedor Indutny <fe...@indutny.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Here is an example of how it could be used (in my TLS terminator): > > https://github.com/indutny/bud/compare/master...feature/async-key-ex > > Basically, if you have ever used async SSL API, you should be > aware of things like: > > SSL_ERROR_WANT_READ > SSL_ERROR_WANT_WRITE > > In addition to these two, my patch adds: > > SSL_ERROR_WANT_SIGN > SSL_ERROR_WANT_RSA_DECRYPT > > If one of these is returned - you may get the data that should > be signed/decrypted with: > > SSL_get_key_ex_data() > SSL_get_key_ex_len() > > Get the key type (in case of SIGN): > > SSL_get_key_ex_type() > // Returns EVP_PKEY_RSA, EVP_PKEY_ECC > > And get signature digest nid with: > > SSL_get_key_ex_md() > > Please be aware of the fact that `md` could be `NID_md5_sha1`, > take a look at bud's code to figure out what should be done in > this case (basically, you'll need to use raw > `RSA_decrypt_private()`). > > After performing sign/decrypt (which could happen in other > thread, or on a different server) you should call: > > SSL_supply_key_ex() > > to supply the result and continue handshake process. At > this point `SSL_read()`/`SSL_write()` will start returning > proper values. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJUG2D2AAoJENcGPM4Zt+iQJdoQAKZxbcGpzHFktSbU3uDocy3R > fywWmqkYnoJ5jWF3xn4Excv4dAGhMfb/7tm9nt9zyV8g0Qsu8ChqWTl+kgK+hj9o > mV+3jhqPDWR2VhmAC3J5ZsCpNm3IW/iNgGiU+u/k9N2i0WHjYSoTHM/NooN5GIu2 > KKhNXPw1Y05yxOZWmbUInMl/uscGWDtzylRNyJpfLFFu3JDQy1sBTKD6UAZC5ERY > 7LUZ1TqVdk1DPY3Tf/j4IaB9Ds9teGLGj63J8upJhDjWHibFzV5bx6X+FjknUB9M > xaebV4yfHZNRHseBu2ZqTQ2f2MNnXVisdzJRX6oyYeyq872MsJjAFhbFhFTi0sTI > T8Y9n8cjuctbn+zTISVyVqEEBl8udWTY1t14SJ9lNcdU3xAf9OzEBVdORpUDqFl+ > zteRC145o7gs7mEtJjyBpy8mhXB3mc13ZkC2qaJIyqkqAPODu/xlqCga7oaogHNy > Q2wy0HUeX69Ra0ada3TcJQgB14qESj3Uvq1hcgFk7SEXBxkU5NJ2OcItvU1+emd7 > hRlQvDqiiQcK9WgsdOIKZpovtT3FswhsIy0Tv77Nx9PY04urOTEgmhPJHveCJOQq > i0apvI09YgimXs4Sd5h3rs9TsKrDtG0BG0jM1zfo5zbcKE2IbMpmzOc84MxkwUSl > tPV48uw46UVpu4zOOByM > =zJGs > -----END PGP SIGNATURE----- > > On Sat, Sep 13, 2014 at 10:59 PM, Fedor Indutny <fe...@indutny.com> wrote: > >> Here is an additional patch, to expose the type of key that should be >> used for a signature. >> >> On Thu, Sep 11, 2014 at 10:59 AM, Fedor Indutny via RT <r...@openssl.org> >> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Hello devs! >>> >>> Here is a patch that implements asynchronous RSA key operation >>> mode for a TLS/SSL implementation in OpenSSL. >>> >>> Here is some technical info about it: >>> >>> Support async RSA exchange by providing new SSL_want_rsa_sign(), >>> SSL_want_rsa_decrypt() API methods. >>> >>> After getting such want values - SSL_supply_key_ex_data() should be >>> invoked to continue handshake with a sign/decrypt data that was received >>> from the remote server. >>> - --- >>> ssl/s3_srvr.c | 398 >>> ++++++++++++++++++++++++++++++++++++++++----------------- >>> ssl/ssl.h | 28 ++++ >>> ssl/ssl3.h | 6 + >>> ssl/ssl_lib.c | 31 ++++- >>> ssl/ssl_locl.h | 2 + >>> ssl/ssl_rsa.c | 24 ++-- >>> ssl/ssltest.c | 116 ++++++++++++++++- >>> test/testssl | 6 + >>> 8 files changed, 475 insertions(+), 136 deletions(-) >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 >>> >>> iQIcBAEBAgAGBQJUEWeCAAoJENcGPM4Zt+iQPcoP/0R9wJz0gvqi5QFiGiAyOXyD >>> uWWB+lkGlB4r6AOhu1D02tQaQTaiRhSO3theSMOCZ4fQ+BMqZdyk37zq/6Z/rjnJ >>> jkd062SgYeh8WCvoJSoNF+gSeDgM/WnWw2q6R1Ls+DuYdQstym9+VIgx3LLd0LO8 >>> 19mYHPUms0TFkzPfLqST4keHyZlLa1HzsEpdEQ8TWaU1vqqSrH6NfvPDjwwzMVWG >>> yMOW8tM8I2WDU9V6zMm+Mr7qmU/zowwVmOnVu0Mi8wBpcpN1GvFGbN8oXispnLc/ >>> uccrKK1l98p3wnI0uXe5SmXWB5ksaEtz6CMewZotRgKR8dluwEHqIZ1mzE4+TMxK >>> iFDqUlCcRIjGgssGyjbHC23inwDeN1lZjOxE0G0dhzJZcYAYWJ2rWSQQGxBJJy5Z >>> VFxaElNImDyZ9uUFUtEhzGoaAV7isC9h78anTFzJMuJLTiukHERwFPvRgU/HQPNx >>> EG481cmnjJ2M2hyWRBrvCna8SftUPmGHczqDPD+Tt4Ry/msoZpdwEcLNossl6GcF >>> wXoAMeV5Jg8CenVobdLDQ53G1pJCcY58Zk+Ep9Va+DqfoEsyHc+XhhApMP8B4leC >>> R2mwi0KVL5F6NPhqJmDi1aXKtUu4A50j3yk35aJrEjQCKv3BW1gHvlL763Sve/GL >>> CAsACbfGic+GRS52Pmo2 >>> =f3GH >>> -----END PGP SIGNATURE----- >>> >>> >> >
0001-ssl-SSL_MODE_ASYNC_KEY_EX.patch
Description: Binary data
0001-ssl-SSL_MODE_ASYNC_KEY_EX.patch.sig
Description: Binary data
