Add server-side support for asynchronous signing.

The RSA key exchange needs decryption and is still unsupported.

Change-Id: I8c13b74e25a5424356afbe6e97b5f700a56de41f
Reviewed-on: https://boringssl-review.googlesource.com/5467
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index cf98bb6..a1ed39a 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1959,7 +1959,7 @@
     uint8_t *p = ssl_handshake_start(s);
     size_t signature_length = 0;
     unsigned long n = 0;
-    assert(s->cert->privatekey != NULL || s->cert->key_method != NULL);
+    assert(ssl_has_private_key(s));
 
     if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
       uint8_t *buf = (uint8_t *)s->init_buf->data;
@@ -2036,8 +2036,7 @@
 /* ssl3_has_client_certificate returns true if a client certificate is
  * configured. */
 static int ssl3_has_client_certificate(SSL *ssl) {
-  return ssl->cert && ssl->cert->x509 && (ssl->cert->privatekey ||
-                                          ssl->cert->key_method);
+  return ssl->cert && ssl->cert->x509 && ssl_has_private_key(ssl);
 }
 
 int ssl3_send_client_certificate(SSL *s) {