[openssl-dev] [openssl.org #3724] Patch/Feature to add asynchronous processing for some operations

Short, Todd via RT rt at openssl.org
Fri Feb 27 20:14:26 UTC 2015 

Hello OpenSSL Org:

This is a change that Akamai has made to its implementation of OpenSSL.

Version: master branch
Description: Patch/Feature to add asynchronous processing for some operations

This change rebrands SSL_ERROR_WANT_X509_LOOKUP to be SSL_ERROR_WANT_EVENT, making an event type to wait for visible in SSL->rwstate and letting TLS_SRP have its own event type instead of piggybacking on SSL_X509_LOOKUP. This also adds events for for decryption of client key exchange response, generating client certificate verify message and signing of server key exchange message. these typically long-duration RSA operations. The events are:

# define SSL_MIN_EVENT                    1000
/* client is deciding which cert to present - doesn't follow MIN */
# define SSL_EVENT_X509_LOOKUP            SSL_X509_LOOKUP
/* server is processing TLS SRP client hello */
# define SSL_EVENT_SRP_CLIENTHELLO        1000
/* server is waiting for decryption of key */
# define SSL_EVENT_KEY_EXCH_DECRYPT_DONE  1001
/* client is waiting for cert verify setup */
# define SSL_EVENT_SETUP_CERT_VRFY_DONE   1002
/* server is siging the message for key exchange */

New APIs:
void SSL_CTX_set_schedule_task_cb(SSL_CTX *ctx, SSL_schedule_task_cb cb);
int SSL_signal_event(const SSL *ssl, int event, int retcode);
int SSL_signal_event_err(const SSL *ssl, int event, int func, int reason, const char *file, int line);
int SSL_want_event(const SSL *ssl);

Github link:
https://github.com/akamai/openssl/commit/e4fa5107524bb5e6e4c79953d436b7e59ee6c5e2

And attachment.

Thank you.
--
-Todd Short
// tshort at akamai.com
// “One if by land, two if by sea, three if by the Internet."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Rebranding-of-SSL_ERROR_WANT_X509_LOOKUP-as-SSL_ERRO.patch
Type: application/octet-stream
Size: 97280 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150227/85e5f01f/attachment-0001.obj>

More information about the openssl-dev mailing list