diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-12-01 03:40:17 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-12-01 09:07:57 +0000 |
commit | 97dbdc3ac9ae55ed0932d42dca73e07ee0aa3ffd (patch) | |
tree | 100028a4ca3faf4e73bbc06bd8b20c1f8dfc2f1f /epan/secrets.c | |
parent | 0ceead5335bdebd3b7a2816c3a429145bdc4bbc6 (diff) |
TLS: really delay key lookup until it is necessary
Even if the certificate has a RSA public key, be sure to lookup the key
only if it is an actual RSA key exchange. Move the hashtable to the
secrets module to enable reuse.
Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5
Reviewed-on: https://code.wireshark.org/review/30854
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/secrets.c')
-rw-r--r-- | epan/secrets.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/epan/secrets.c b/epan/secrets.c index 08ed299a3e..c539a95e06 100644 --- a/epan/secrets.c +++ b/epan/secrets.c @@ -9,9 +9,17 @@ * SPDX-License-Identifier: GPL-2.0-or-later */ +#include "config.h" + #include "secrets.h" #include <wiretap/wtap.h> +#include <string.h> +#ifdef HAVE_LIBGNUTLS +#include <gnutls/gnutls.h> +#include <gnutls/abstract.h> +#endif /* HAVE_LIBGNUTLS */ + /** Maps guint32 secrets_type -> secrets_block_callback_t. */ static GHashTable *secrets_callbacks; @@ -44,6 +52,34 @@ secrets_wtap_callback(guint32 secrets_type, const void *secrets, guint size) } } +#ifdef HAVE_LIBGNUTLS +static guint +key_id_hash(gconstpointer key) +{ + const cert_key_id_t *key_id = (const cert_key_id_t *)key; + const guint32 *dw = (const guint32 *)key_id->key_id; + + /* The public key' SHA-1 hash (which maps to a private key) has a uniform + * distribution, hence simply xor'ing them should be sufficient. */ + return dw[0] ^ dw[1] ^ dw[2] ^ dw[3] ^ dw[4]; +} + +static gboolean +key_id_equal(gconstpointer a, gconstpointer b) +{ + const cert_key_id_t *key_id_a = (const cert_key_id_t *)a; + const cert_key_id_t *key_id_b = (const cert_key_id_t *)b; + + return !memcmp(key_id_a, key_id_b, sizeof(*key_id_a)); +} + +GHashTable * +privkey_hash_table_new(void) +{ + return g_hash_table_new_full(key_id_hash, key_id_equal, g_free, (GDestroyNotify)gnutls_privkey_deinit); +} +#endif /* HAVE_LIBGNUTLS */ + /* * Editor modelines - https://www.wireshark.org/tools/modelines.html * |