Asynchronous signing

include/picotls.h

@@ -191,6 +191,7 @@ extern "C" {
 #define PTLS_ERROR_ESNI_RETRY (PTLS_ERROR_CLASS_INTERNAL + 8)
 #define PTLS_ERROR_REJECT_EARLY_DATA (PTLS_ERROR_CLASS_INTERNAL + 9)
 #define PTLS_ERROR_DELEGATE (PTLS_ERROR_CLASS_INTERNAL + 10)
+#define PTLS_ERROR_ASYNC_OPERATION (PTLS_ERROR_CLASS_INTERNAL + 11)
 
 #define PTLS_ERROR_INCORRECT_BASE64 (PTLS_ERROR_CLASS_INTERNAL + 50)
 #define PTLS_ERROR_PEM_LABEL_NOT_FOUND (PTLS_ERROR_CLASS_INTERNAL + 51)
@@ -604,10 +605,16 @@ PTLS_CALLBACK_TYPE(int, on_client_hello, ptls_t *tls, ptls_on_client_hello_param
 PTLS_CALLBACK_TYPE(int, emit_certificate, ptls_t *tls, ptls_message_emitter_t *emitter, ptls_key_schedule_t *key_sched,
                    ptls_iovec_t context, int push_status_request, const uint16_t *compress_algos, size_t num_compress_algos);
 /**
- * when gerenating CertificateVerify, the core calls the callback to sign the handshake context using the certificate.
+ * When gerenating CertificateVerify, the core calls the callback to sign the handshake context using the certificate. This callback
+ * may return PTLS_ERROR_ASYNC_OPERATION, and signal the application outside of picotls when the signature has been generated. At
+ * that point, the application should call `ptls_handshake`, which in turn would invoke this callback once again. The callback then
+ * fills `*selected_algorithm` and `output` with the signature being generated. Note that `algorithms` and `num_algorithms` are
+ * provided only when the callback is called for the first time. The callback can store arbitrary pointer specific to each signature
+ * generation in `*sign_ctx`. `*cb` can be set as an opportunity to cancel any asynchronous operation or free any temporary
+ * data allocated for the callback.
  */
-PTLS_CALLBACK_TYPE(int, sign_certificate, ptls_t *tls, uint16_t *selected_algorithm, ptls_buffer_t *output, ptls_iovec_t input,
-                   const uint16_t *algorithms, size_t num_algorithms);
+PTLS_CALLBACK_TYPE(int, sign_certificate, ptls_t *tls, void (**cb)(void *sign_ctx), void **sign_certificate_ctx,
+                   uint16_t *selected_algorithm, ptls_buffer_t *output, ptls_iovec_t input, const uint16_t *algorithms, size_t num_algorithms);
 /**
  * after receiving Certificate, the core calls the callback to verify the certificate chain and to obtain a pointer to a
  * callback that should be used for verifying CertificateVerify. If an error occurs between a successful return from this
@@ -778,6 +785,10 @@ struct st_ptls_context_t {
      * boolean indicating if the cipher-suite should be chosen based on server's preference
      */
     unsigned server_cipher_preference : 1;
+    /**
+     * boolean indicating if handshaking should be asynchronous
+     */
+    unsigned async_handshake : 1;
     /**
      *
      */
@@ -1157,6 +1168,10 @@ ptls_context_t *ptls_get_context(ptls_t *tls);
  * updates the context of a connection. Can be called from `on_client_hello` callback.
  */
 void ptls_set_context(ptls_t *tls, ptls_context_t *ctx);
+/**
+ * get the signature context
+ */
+void *ptls_get_sign_context(ptls_t *tls);
 /**
  * returns the client-random
  */

include/picotls/openssl.h

@@ -39,6 +39,12 @@ extern "C" {
 #endif
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100010L && !defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(OPENSSL_NO_ASYNC)
+#define PTLS_OPENSSL_HAVE_ASYNC 1
+#endif
+#endif
+
 extern ptls_key_exchange_algorithm_t ptls_openssl_secp256r1;
 #ifdef NID_secp384r1
 #define PTLS_OPENSSL_HAVE_SECP384R1 1
@@ -91,6 +97,9 @@ void ptls_openssl_random_bytes(void *buf, size_t len);
  * constructs a key exchange context. pkey's reference count is incremented.
  */
 int ptls_openssl_create_key_exchange(ptls_key_exchange_context_t **ctx, EVP_PKEY *pkey);
+#ifdef PTLS_OPENSSL_HAVE_ASYNC
+int ptls_openssl_get_async_fd(ptls_t *ptls);
+#endif
 
 struct st_ptls_openssl_signature_scheme_t {
     uint16_t scheme_id;