Some fixes. On Fri, Sep 19, 2014 at 3:27 PM, Fedor Indutny <fe...@indutny.com> wrote:
> Sorry for a noise, here is even better version of this patch. > > Without BUF_MEM_grow() calls, which were actually useless, > and with clearer state management. > > On Fri, Sep 19, 2014 at 12:30 PM, Fedor Indutny <fe...@indutny.com> wrote: > >> And an additional follow-up, with docs and refined code. >> >> On Fri, Sep 19, 2014 at 2:48 AM, Fedor Indutny <fe...@indutny.com> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Here is an example of how it could be used (in my TLS terminator): >>> >>> https://github.com/indutny/bud/compare/master...feature/async-key-ex >>> >>> Basically, if you have ever used async SSL API, you should be >>> aware of things like: >>> >>> SSL_ERROR_WANT_READ >>> SSL_ERROR_WANT_WRITE >>> >>> In addition to these two, my patch adds: >>> >>> SSL_ERROR_WANT_SIGN >>> SSL_ERROR_WANT_RSA_DECRYPT >>> >>> If one of these is returned - you may get the data that should >>> be signed/decrypted with: >>> >>> SSL_get_key_ex_data() >>> SSL_get_key_ex_len() >>> >>> Get the key type (in case of SIGN): >>> >>> SSL_get_key_ex_type() >>> // Returns EVP_PKEY_RSA, EVP_PKEY_ECC >>> >>> And get signature digest nid with: >>> >>> SSL_get_key_ex_md() >>> >>> Please be aware of the fact that `md` could be `NID_md5_sha1`, >>> take a look at bud's code to figure out what should be done in >>> this case (basically, you'll need to use raw >>> `RSA_decrypt_private()`). >>> >>> After performing sign/decrypt (which could happen in other >>> thread, or on a different server) you should call: >>> >>> SSL_supply_key_ex() >>> >>> to supply the result and continue handshake process. At >>> this point `SSL_read()`/`SSL_write()` will start returning >>> proper values. >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 >>> >>> iQIcBAEBAgAGBQJUG2D2AAoJENcGPM4Zt+iQJdoQAKZxbcGpzHFktSbU3uDocy3R >>> fywWmqkYnoJ5jWF3xn4Excv4dAGhMfb/7tm9nt9zyV8g0Qsu8ChqWTl+kgK+hj9o >>> mV+3jhqPDWR2VhmAC3J5ZsCpNm3IW/iNgGiU+u/k9N2i0WHjYSoTHM/NooN5GIu2 >>> KKhNXPw1Y05yxOZWmbUInMl/uscGWDtzylRNyJpfLFFu3JDQy1sBTKD6UAZC5ERY >>> 7LUZ1TqVdk1DPY3Tf/j4IaB9Ds9teGLGj63J8upJhDjWHibFzV5bx6X+FjknUB9M >>> xaebV4yfHZNRHseBu2ZqTQ2f2MNnXVisdzJRX6oyYeyq872MsJjAFhbFhFTi0sTI >>> T8Y9n8cjuctbn+zTISVyVqEEBl8udWTY1t14SJ9lNcdU3xAf9OzEBVdORpUDqFl+ >>> zteRC145o7gs7mEtJjyBpy8mhXB3mc13ZkC2qaJIyqkqAPODu/xlqCga7oaogHNy >>> Q2wy0HUeX69Ra0ada3TcJQgB14qESj3Uvq1hcgFk7SEXBxkU5NJ2OcItvU1+emd7 >>> hRlQvDqiiQcK9WgsdOIKZpovtT3FswhsIy0Tv77Nx9PY04urOTEgmhPJHveCJOQq >>> i0apvI09YgimXs4Sd5h3rs9TsKrDtG0BG0jM1zfo5zbcKE2IbMpmzOc84MxkwUSl >>> tPV48uw46UVpu4zOOByM >>> =zJGs >>> -----END PGP SIGNATURE----- >>> >>> On Sat, Sep 13, 2014 at 10:59 PM, Fedor Indutny <fe...@indutny.com> >>> wrote: >>> >>>> Here is an additional patch, to expose the type of key that should be >>>> used for a signature. >>>> >>>> On Thu, Sep 11, 2014 at 10:59 AM, Fedor Indutny via RT <r...@openssl.org> >>>> wrote: >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Hello devs! >>>>> >>>>> Here is a patch that implements asynchronous RSA key operation >>>>> mode for a TLS/SSL implementation in OpenSSL. >>>>> >>>>> Here is some technical info about it: >>>>> >>>>> Support async RSA exchange by providing new SSL_want_rsa_sign(), >>>>> SSL_want_rsa_decrypt() API methods. >>>>> >>>>> After getting such want values - SSL_supply_key_ex_data() should be >>>>> invoked to continue handshake with a sign/decrypt data that was >>>>> received >>>>> from the remote server. >>>>> - --- >>>>> ssl/s3_srvr.c | 398 >>>>> ++++++++++++++++++++++++++++++++++++++++----------------- >>>>> ssl/ssl.h | 28 ++++ >>>>> ssl/ssl3.h | 6 + >>>>> ssl/ssl_lib.c | 31 ++++- >>>>> ssl/ssl_locl.h | 2 + >>>>> ssl/ssl_rsa.c | 24 ++-- >>>>> ssl/ssltest.c | 116 ++++++++++++++++- >>>>> test/testssl | 6 + >>>>> 8 files changed, 475 insertions(+), 136 deletions(-) >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: GnuPG v1 >>>>> >>>>> iQIcBAEBAgAGBQJUEWeCAAoJENcGPM4Zt+iQPcoP/0R9wJz0gvqi5QFiGiAyOXyD >>>>> uWWB+lkGlB4r6AOhu1D02tQaQTaiRhSO3theSMOCZ4fQ+BMqZdyk37zq/6Z/rjnJ >>>>> jkd062SgYeh8WCvoJSoNF+gSeDgM/WnWw2q6R1Ls+DuYdQstym9+VIgx3LLd0LO8 >>>>> 19mYHPUms0TFkzPfLqST4keHyZlLa1HzsEpdEQ8TWaU1vqqSrH6NfvPDjwwzMVWG >>>>> yMOW8tM8I2WDU9V6zMm+Mr7qmU/zowwVmOnVu0Mi8wBpcpN1GvFGbN8oXispnLc/ >>>>> uccrKK1l98p3wnI0uXe5SmXWB5ksaEtz6CMewZotRgKR8dluwEHqIZ1mzE4+TMxK >>>>> iFDqUlCcRIjGgssGyjbHC23inwDeN1lZjOxE0G0dhzJZcYAYWJ2rWSQQGxBJJy5Z >>>>> VFxaElNImDyZ9uUFUtEhzGoaAV7isC9h78anTFzJMuJLTiukHERwFPvRgU/HQPNx >>>>> EG481cmnjJ2M2hyWRBrvCna8SftUPmGHczqDPD+Tt4Ry/msoZpdwEcLNossl6GcF >>>>> wXoAMeV5Jg8CenVobdLDQ53G1pJCcY58Zk+Ep9Va+DqfoEsyHc+XhhApMP8B4leC >>>>> R2mwi0KVL5F6NPhqJmDi1aXKtUu4A50j3yk35aJrEjQCKv3BW1gHvlL763Sve/GL >>>>> CAsACbfGic+GRS52Pmo2 >>>>> =f3GH >>>>> -----END PGP SIGNATURE----- >>>>> >>>>> >>>> >>> >> >
0001-ssl-SSL_MODE_ASYNC_KEY_EX.patch
Description: Binary data
0001-ssl-SSL_MODE_ASYNC_KEY_EX.patch.sig
Description: Binary data
