TLS: really delay key lookup until it is necessary

Even if the certificate has a RSA public key, be sure to lookup the key only if it is an actual RSA key exchange. Move the hashtable to the secrets module to enable reuse. Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5 Reviewed-on: https://code.wireshark.org/review/30854 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2018-12-01 03:40:17 +0100
committer: Anders Broman <a.broman58@gmail.com> 2018-12-01 09:07:57 +0000
commit: 97dbdc3ac9ae55ed0932d42dca73e07ee0aa3ffd (patch)
tree: 100028a4ca3faf4e73bbc06bd8b20c1f8dfc2f1f /epan/secrets.h
parent: 0ceead5335bdebd3b7a2816c3a429145bdc4bbc6 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/epan/secrets.h b/epan/secrets.h
index de2cb05ee2..90de6382c9 100644
--- a/epan/secrets.h
+++ b/epan/secrets.h
@@ -46,6 +46,15 @@ enum secrets_scope {
 };
 #endif
 
+#ifdef HAVE_LIBGNUTLS
+/** Identifier for a RSA public key (a SHA-1 hash). */
+struct cert_key_id {
+    guint8 key_id[20];
+};
+typedef struct cert_key_id cert_key_id_t;
+#endif  /* HAVE_LIBGNUTLS */
+
+
 /**
  * Callback for the wiretap secrets provider (wtap_new_secrets_callback_t).
  */
@@ -65,4 +74,10 @@ typedef void (*secrets_block_callback_t)(const void *secrets, guint size);
  * @param cb Callback to be invoked for new secrets.
  */
 void secrets_register_type(guint32 secrets_type, secrets_block_callback_t cb);
+
+#ifdef HAVE_LIBGNUTLS
+/** Returns a new hash table, mapping cert_key_id_t -> gnutls_privkey_t. */
+GHashTable *privkey_hash_table_new(void);
+#endif  /* HAVE_LIBGNUTLS */
+
 #endif /* __SECRETS_H__ */
author	Peter Wu <peter@lekensteyn.nl>	2018-12-01 03:40:17 +0100
committer	Anders Broman <a.broman58@gmail.com>	2018-12-01 09:07:57 +0000
commit	97dbdc3ac9ae55ed0932d42dca73e07ee0aa3ffd (patch)
tree	100028a4ca3faf4e73bbc06bd8b20c1f8dfc2f1f /epan/secrets.h
parent	0ceead5335bdebd3b7a2816c3a429145bdc4bbc6 (diff)