Sorry for a noise, here is even better version of this patch. Without BUF_MEM_grow() calls, which were actually useless, and with clearer state management.
On Fri, Sep 19, 2014 at 12:30 PM, Fedor Indutny <fe...@indutny.com> wrote: > And an additional follow-up, with docs and refined code. > > On Fri, Sep 19, 2014 at 2:48 AM, Fedor Indutny <fe...@indutny.com> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Here is an example of how it could be used (in my TLS terminator): >> >> https://github.com/indutny/bud/compare/master...feature/async-key-ex >> >> Basically, if you have ever used async SSL API, you should be >> aware of things like: >> >> SSL_ERROR_WANT_READ >> SSL_ERROR_WANT_WRITE >> >> In addition to these two, my patch adds: >> >> SSL_ERROR_WANT_SIGN >> SSL_ERROR_WANT_RSA_DECRYPT >> >> If one of these is returned - you may get the data that should >> be signed/decrypted with: >> >> SSL_get_key_ex_data() >> SSL_get_key_ex_len() >> >> Get the key type (in case of SIGN): >> >> SSL_get_key_ex_type() >> // Returns EVP_PKEY_RSA, EVP_PKEY_ECC >> >> And get signature digest nid with: >> >> SSL_get_key_ex_md() >> >> Please be aware of the fact that `md` could be `NID_md5_sha1`, >> take a look at bud's code to figure out what should be done in >> this case (basically, you'll need to use raw >> `RSA_decrypt_private()`). >> >> After performing sign/decrypt (which could happen in other >> thread, or on a different server) you should call: >> >> SSL_supply_key_ex() >> >> to supply the result and continue handshake process. At >> this point `SSL_read()`/`SSL_write()` will start returning >> proper values. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQIcBAEBAgAGBQJUG2D2AAoJENcGPM4Zt+iQJdoQAKZxbcGpzHFktSbU3uDocy3R >> fywWmqkYnoJ5jWF3xn4Excv4dAGhMfb/7tm9nt9zyV8g0Qsu8ChqWTl+kgK+hj9o >> mV+3jhqPDWR2VhmAC3J5ZsCpNm3IW/iNgGiU+u/k9N2i0WHjYSoTHM/NooN5GIu2 >> KKhNXPw1Y05yxOZWmbUInMl/uscGWDtzylRNyJpfLFFu3JDQy1sBTKD6UAZC5ERY >> 7LUZ1TqVdk1DPY3Tf/j4IaB9Ds9teGLGj63J8upJhDjWHibFzV5bx6X+FjknUB9M >> xaebV4yfHZNRHseBu2ZqTQ2f2MNnXVisdzJRX6oyYeyq872MsJjAFhbFhFTi0sTI >> T8Y9n8cjuctbn+zTISVyVqEEBl8udWTY1t14SJ9lNcdU3xAf9OzEBVdORpUDqFl+ >> zteRC145o7gs7mEtJjyBpy8mhXB3mc13ZkC2qaJIyqkqAPODu/xlqCga7oaogHNy >> Q2wy0HUeX69Ra0ada3TcJQgB14qESj3Uvq1hcgFk7SEXBxkU5NJ2OcItvU1+emd7 >> hRlQvDqiiQcK9WgsdOIKZpovtT3FswhsIy0Tv77Nx9PY04urOTEgmhPJHveCJOQq >> i0apvI09YgimXs4Sd5h3rs9TsKrDtG0BG0jM1zfo5zbcKE2IbMpmzOc84MxkwUSl >> tPV48uw46UVpu4zOOByM >> =zJGs >> -----END PGP SIGNATURE----- >> >> On Sat, Sep 13, 2014 at 10:59 PM, Fedor Indutny <fe...@indutny.com> >> wrote: >> >>> Here is an additional patch, to expose the type of key that should be >>> used for a signature. >>> >>> On Thu, Sep 11, 2014 at 10:59 AM, Fedor Indutny via RT <r...@openssl.org> >>> wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Hello devs! >>>> >>>> Here is a patch that implements asynchronous RSA key operation >>>> mode for a TLS/SSL implementation in OpenSSL. >>>> >>>> Here is some technical info about it: >>>> >>>> Support async RSA exchange by providing new SSL_want_rsa_sign(), >>>> SSL_want_rsa_decrypt() API methods. >>>> >>>> After getting such want values - SSL_supply_key_ex_data() should be >>>> invoked to continue handshake with a sign/decrypt data that was received >>>> from the remote server. >>>> - --- >>>> ssl/s3_srvr.c | 398 >>>> ++++++++++++++++++++++++++++++++++++++++----------------- >>>> ssl/ssl.h | 28 ++++ >>>> ssl/ssl3.h | 6 + >>>> ssl/ssl_lib.c | 31 ++++- >>>> ssl/ssl_locl.h | 2 + >>>> ssl/ssl_rsa.c | 24 ++-- >>>> ssl/ssltest.c | 116 ++++++++++++++++- >>>> test/testssl | 6 + >>>> 8 files changed, 475 insertions(+), 136 deletions(-) >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1 >>>> >>>> iQIcBAEBAgAGBQJUEWeCAAoJENcGPM4Zt+iQPcoP/0R9wJz0gvqi5QFiGiAyOXyD >>>> uWWB+lkGlB4r6AOhu1D02tQaQTaiRhSO3theSMOCZ4fQ+BMqZdyk37zq/6Z/rjnJ >>>> jkd062SgYeh8WCvoJSoNF+gSeDgM/WnWw2q6R1Ls+DuYdQstym9+VIgx3LLd0LO8 >>>> 19mYHPUms0TFkzPfLqST4keHyZlLa1HzsEpdEQ8TWaU1vqqSrH6NfvPDjwwzMVWG >>>> yMOW8tM8I2WDU9V6zMm+Mr7qmU/zowwVmOnVu0Mi8wBpcpN1GvFGbN8oXispnLc/ >>>> uccrKK1l98p3wnI0uXe5SmXWB5ksaEtz6CMewZotRgKR8dluwEHqIZ1mzE4+TMxK >>>> iFDqUlCcRIjGgssGyjbHC23inwDeN1lZjOxE0G0dhzJZcYAYWJ2rWSQQGxBJJy5Z >>>> VFxaElNImDyZ9uUFUtEhzGoaAV7isC9h78anTFzJMuJLTiukHERwFPvRgU/HQPNx >>>> EG481cmnjJ2M2hyWRBrvCna8SftUPmGHczqDPD+Tt4Ry/msoZpdwEcLNossl6GcF >>>> wXoAMeV5Jg8CenVobdLDQ53G1pJCcY58Zk+Ep9Va+DqfoEsyHc+XhhApMP8B4leC >>>> R2mwi0KVL5F6NPhqJmDi1aXKtUu4A50j3yk35aJrEjQCKv3BW1gHvlL763Sve/GL >>>> CAsACbfGic+GRS52Pmo2 >>>> =f3GH >>>> -----END PGP SIGNATURE----- >>>> >>>> >>> >> >
0001-ssl-SSL_MODE_ASYNC_KEY_EX.patch
Description: Binary data
0001-ssl-SSL_MODE_ASYNC_KEY_EX.patch.sig
Description: Binary data