commit 3398dbf27928cb0bcfa5601e63104d14e48e6bf0
author nagendra modadugu <ngm@google.com> Fri Aug 07 14:07:52 2015 -0700
committer Adam Langley <alangley@gmail.com> Mon Oct 26 20:26:20 2015 +0000
tree e754ee0d549d344b2a5650e25a9dee4ee51a6989
parent 091c4b98696d0fc5d5e3a7f380d8d18625e08566

Add server-side support for asynchronous RSA decryption.

Change-Id: I6df623f3e9bc88acc52043f16b34649b7af67663
Reviewed-on: https://boringssl-review.googlesource.com/5531
Reviewed-by: Adam Langley <alangley@gmail.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 6c9c645..ae40437 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -966,7 +966,37 @@
    * it is an error to call |sign_complete| if there is no pending |sign|
    * operation in progress on |ssl|. */
   enum ssl_private_key_result_t (*sign_complete)(SSL *ssl, uint8_t *out,
-                                                 size_t *out_len, size_t max_out);
+                                                 size_t *out_len,
+                                                 size_t max_out);
+
+  /* decrypt decrypts |in_len| bytes of encrypted data from |in|. On success it
+   * returns |ssl_private_key_success|, writes at most |max_out| bytes of
+   * decrypted data to |out| and sets |*out_len| to the actual number of bytes
+   * written. On failure it returns |ssl_private_key_failure|. If the operation
+   * has not completed, it returns |ssl_private_key_retry|. The caller should
+   * arrange for the high-level operation on |ssl| to be retried when the
+   * operation is completed, which will result in a call to |decrypt_complete|.
+   * This function only works with RSA keys and should perform a raw RSA
+   * decryption operation with no padding.
+   *
+   * It is an error to call |decrypt| while another private key operation is in
+   * progress on |ssl|. */
+  enum ssl_private_key_result_t (*decrypt)(SSL *ssl, uint8_t *out,
+                                           size_t *out_len, size_t max_out,
+                                           const uint8_t *in, size_t in_len);
+
+  /* decrypt_complete completes a pending |decrypt| operation. If the operation
+   * has completed, it returns |ssl_private_key_success| and writes the result
+   * to |out| as in |decrypt|. Otherwise, it returns |ssl_private_key_failure|
+   * on failure and |ssl_private_key_retry| if the operation is still in
+   * progress.
+   *
+   * |decrypt_complete| may be called arbitrarily many times before completion,
+   * but it is an error to call |decrypt_complete| if there is no pending
+   * |decrypt| operation in progress on |ssl|. */
+  enum ssl_private_key_result_t (*decrypt_complete)(SSL *ssl, uint8_t *out,
+                                                    size_t *out_len,
+                                                    size_t max_out);
 } SSL_PRIVATE_KEY_METHOD;
 
 /* SSL_set_private_key_method configures a custom private key on |ssl|.