Sign CertificateVerify messages on a background thread.

In the general case, client certificates may involve accessing a smart
card (slow). Now that BoringSSL supports asynchronous certificate signing
operations in the SSL layer, use it on Mac and Windows ports. This will
avoid janking the IO thread in this (extremely uncommon) use case. Moreover,
some Windows smartcard drivers will show UI which, as IPC traffic between
UI thread and GPU process increases, causes deadlocks.

This introduces an SSLPrivateKey interface on the Chromium side which
implements an asynchronous signing operation. We then add a
ThreadedSSLPrivateKey implementation which pushes otherwise synchronous
signatures to a base::TaskRunner and implement Windows and Mac bridges to it.

These SSLPrivateKey implementations are still vended from an X509Certificate
for now, but https://crbug.com/394131 will track moving it up the stack for
testability (at which point it'll also gain a Copy method).

Android will be switched to use it in a follow-up. (The Android codepath
goes through this OpenSSLClientKeyStore hack so doing it separately
is easier.)

BUG=493575,347404

Review URL: https://codereview.chromium.org/1178193002

Cr-Commit-Position: refs/heads/master@{#337079}

0 files changed, 0 insertions, 0 deletions