Add new "rsa_keys" UAT for storage of RSA private keys

This should eventually replace the "ssl_keys" UAT which additionally contains a useless address, port and protocol field. This prepares for HSM support through PKCS #11. Change-Id: I59409c98aeedf260d19266d18e14ef7d9b40b582 Reviewed-on: https://code.wireshark.org/review/30977 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2018-12-09 17:28:48 +0100
committer: Anders Broman <a.broman58@gmail.com> 2018-12-13 05:28:02 +0000
commit: 48033906868075f43e511e4f906684c474454290 (patch)
tree: e1fc50ec9dd15cc352b37c192f221f6dcc55ddd1 /epan/dissectors/packet-tls-utils.c
parent: 43dfd45faa8af0b239a671b25ab6a398fa32f5c6 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/epan/dissectors/packet-tls-utils.c b/epan/dissectors/packet-tls-utils.c
index 6e274ddda4..0083b8d9f7 100644
--- a/epan/dissectors/packet-tls-utils.c
+++ b/epan/dissectors/packet-tls-utils.c
@@ -3627,7 +3627,8 @@ ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session,
         // Try to decrypt using the RSA keys table from (D)TLS preferences.
         ret = gnutls_privkey_decrypt_data(pk, 0, &epms, &pms);
     } else {
-        ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
+        // Try to decrypt using a hardware token.
+        ret = secrets_rsa_decrypt(ssl_session->cert_key_id, epms.data, epms.size, &pms.data, &pms.size);
     }
     if (ret < 0) {
         ssl_debug_printf("%s: decryption failed: %d (%s)\n", G_STRFUNC, ret, gnutls_strerror(ret));
author	Peter Wu <peter@lekensteyn.nl>	2018-12-09 17:28:48 +0100
committer	Anders Broman <a.broman58@gmail.com>	2018-12-13 05:28:02 +0000
commit	48033906868075f43e511e4f906684c474454290 (patch)
tree	e1fc50ec9dd15cc352b37c192f221f6dcc55ddd1 /epan/dissectors/packet-tls-utils.c
parent	43dfd45faa8af0b239a671b25ab6a398fa32f5c6 (diff)