ocsp: try lookup certificate using keyHash as KeyId

try to lookup the certificate using the key hash as key identifier
first. If we can't find a certificate, it means that the certificate
uses another method to compute the key identifier so we need to fallback
to linear search.

Author: rizlik

src/ssl.c

@@ -5113,15 +5113,21 @@ Signer* GetCAByKeyHash(void* vp, const byte* keyHash)
     if (cm == NULL || keyHash == NULL)
         return NULL;
 
+    /* try lookup using keyHash as subjKeyID first */
+    ret = GetCA(vp, (byte*)keyHash);
+    if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
+        return ret;
+    }
+
+    /* if we can't find the cert, we have to scan the full table */
     if (wc_LockMutex(&cm->caLock) != 0)
         return NULL;
 
     /* Unfortunately we need to look through the entire table */
     for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
         for (signers = cm->caTable[row]; signers != NULL;
                 signers = signers->next) {
-            if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE)
-                    == 0) {
+            if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) {
                 ret = signers;
                 break;
             }