This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present:
* Server will ignore dummy RSA key, assuming that it is matching the certificate. * Server will invoke this callback with either: * `SSL_KEY_EX_RSA` * `SSL_KEY_EX_RSA_SIGN` as a `type` argument, and some data for signature or decryption in `p`/`n` pair. At that time the sign/decryption may be performed on any thread, or even remotely, and the result should be supplied with `SSL_supply()`. Calling `SSL_supply()` will continue the handshake process without even touching the real private key. NOTE: The test is missing right now, I'll add it once we will figure out how the API should look like. Implementation appears to be working when used with node.js, see https://github.com/indutny/node/tree/feature/async-key-exchange and https://gist.github.com/indutny/948eaf9b5154eb395e8b for testing. ANOTHER NOTE: Pull Request on github: https://github.com/openssl/openssl/pull/162
0001-ssl-introduce-async-sign-decrypt-APIs.patch
Description: Binary data
0001-ssl-introduce-async-sign-decrypt-APIs.patch.sig
Description: Binary data