From 877fd03cbffa96bfb6c4c030ce9f8bade57cfc75 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Sun, 4 Oct 2015 11:22:41 +0200
Subject: ssl-utils: load RSA keys based on their modulus+exponent

Load RSA private keys based on their public key instead of relying on
the user to specify a valid address and port mapping. This is more
reliable and prepares for simplification of the SSL Keys dialog.

After this change, the "address" part of the UAT dialog will be ignored
when loading the private key. The port+protocol mapping is still
imported, but should probably be removed too.

Change-Id: I4d7a2bfcf63d17e66e336ef770759f20510fc176
Reviewed-on: https://code.wireshark.org/review/10766
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/dissectors/packet-ssl.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'epan/dissectors/packet-ssl.c')

diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 447a871c65..d5be9518ee 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2012,10 +2012,8 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
 
             case SSL_HND_CLIENT_HELLO:
                 if (ssl) {
-                    /* ClientHello is first packet so set direction and try to
-                     * find a private key matching the server port */
+                    /* ClientHello is first packet so set direction */
                     ssl_set_server(session, &pinfo->dst, pinfo->ptype, pinfo->destport);
-                    ssl_find_private_key(ssl, ssl_key_hash, ssl_associations, pinfo);
                 }
                 ssl_dissect_hnd_cli_hello(&dissect_ssl3_hf, tvb, pinfo,
                                           ssl_hand_tree, offset, length, session, ssl,
@@ -2040,7 +2038,8 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                 break;
 
             case SSL_HND_CERTIFICATE:
-                ssl_dissect_hnd_cert(&dissect_ssl3_hf, tvb, ssl_hand_tree, offset, pinfo, session, is_from_server);
+                ssl_dissect_hnd_cert(&dissect_ssl3_hf, tvb, ssl_hand_tree,
+                        offset, pinfo, session, ssl, ssl_key_hash, is_from_server);
                 break;
 
             case SSL_HND_SERVER_KEY_EXCHG:
@@ -2634,7 +2633,6 @@ dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo,
 
     if (ssl) {
       ssl_set_server(&ssl->session, &pinfo->dst, pinfo->ptype, pinfo->destport);
-      ssl_find_private_key(ssl, ssl_key_hash, ssl_associations, pinfo);
     }
 
     if (ssl)
-- 
cgit v1.2.3