Implement asynchronous private key operations for client auth.

This adds a new API, SSL_set_private_key_method, which allows the consumer to
customize private key operations. For simplicity, it is incompatible with the
multiple slots feature (which will hopefully go away) but does not, for now,
break it.

The new method is only routed up for the client for now. The server will
require a decrypt hook as well for the plain RSA key exchange.

BUG=347404

Change-Id: I35d69095c29134c34c2af88c613ad557d6957614
Reviewed-on: https://boringssl-review.googlesource.com/5049
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index b0eef42..1186313 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2202,6 +2202,20 @@
 			"-key-file", path.Join(*resourceDir, rsaKeyFile),
 		},
 	})
+	if async {
+		tests = append(tests, testCase{
+			testType: clientTest,
+			name:     "ClientAuth-Client-AsyncKey",
+			config: Config{
+				ClientAuth: RequireAnyClientCert,
+			},
+			flags: []string{
+				"-cert-file", rsaCertificateFile,
+				"-key-file", rsaKeyFile,
+				"-use-async-private-key",
+			},
+		})
+	}
 	tests = append(tests, testCase{
 		testType: serverTest,
 		name:     "ClientAuth-Server",