From 1191557c30af6326fc5fae7f02167375043bb293 Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Tue, 1 Jun 2021 21:28:12 +0000
Subject:  Add servername to storage

---
 src/include/s6-networking/sbearssl.h                | 20 +++++++-------------
 src/sbearssl/sbearssl-internal.h                    |  2 +-
 src/sbearssl/sbearssl_sni_policy_add_keypair_file.c |  6 ++++--
 src/sbearssl/sbearssl_sni_policy_init.c             |  3 ++-
 src/sbearssl/sbearssl_sni_policy_vtable.c           |  2 +-
 5 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h
index f7f721d..7ed4e5b 100644
--- a/src/include/s6-networking/sbearssl.h
+++ b/src/include/s6-networking/sbearssl.h
@@ -270,27 +270,21 @@ extern void sbearssl_run (br_ssl_engine_context *, int *, tain_t const *, uint32
 extern int sbearssl_choose_algos_rsa (br_ssl_server_context const *, br_ssl_server_choices *, unsigned int) ;
 extern int sbearssl_choose_algos_ec (br_ssl_server_context const *, br_ssl_server_choices *, unsigned int, int) ;
 
-typedef struct sbearssl_sni_map_s sbearssl_sni_map, *sbearssl_sni_map_ref ;
-struct sbearssl_sni_map_s
-{
-  char const *servername ;
-  sbearssl_skey skey ;
-  size_t chainindex ;
-  size_t chainlen ;
-} ;
-
 typedef struct sbearssl_sni_policy_context_s sbearssl_sni_policy_context, *sbearssl_sni_policy_context_ref ;
 struct sbearssl_sni_policy_context_s
 {
+ /* generic fields that any br_ssl_server_policy_class instance should have */
   br_ssl_server_policy_class const *vtable ;
   br_skey skey ;
-  avltree map ;
-  genalloc mapga ;
-  genalloc certga ;
-  stralloc storage ;
   union { br_rsa_private rsa ; br_ec_impl const *ec ; } keyx ;
   union { br_rsa_pkcs1_sign rsa ; br_ecdsa_sign ec ; } sign ;
   br_multihash_context const *mhash ;
+
+ /* specific fields to sni_policy: keypairs and servername->keypair dict */
+  stralloc storage ;
+  genalloc certga ;
+  genalloc mapga ;
+  avltree map ;
 } ;
 
 extern br_ssl_server_policy_class const sbearssl_sni_policy_vtable ;
diff --git a/src/sbearssl/sbearssl-internal.h b/src/sbearssl/sbearssl-internal.h
index 8c8839b..0677caf 100644
--- a/src/sbearssl/sbearssl-internal.h
+++ b/src/sbearssl/sbearssl-internal.h
@@ -78,7 +78,7 @@ extern size_t const sbearssl_suite_list_len ;
 typedef struct sbearssl_sni_policy_node_s sbearssl_sni_policy_node, *sbearssl_policy_node_ref ;
 struct sbearssl_sni_policy_node_s
 {
-  char const *servername ;
+  size_t servername ;
   sbearssl_skey skey ;
   size_t chainindex ;
   size_t chainlen ;
diff --git a/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c b/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c
index f77b1d8..2462645 100644
--- a/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c
+++ b/src/sbearssl/sbearssl_sni_policy_add_keypair_file.c
@@ -16,9 +16,10 @@ int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *pol, char
   size_t sabase = pol->storage.len ;
   size_t gabase = genalloc_len(sbearssl_cert, &pol->certga) ;
   size_t mbase = genalloc_len(sbearssl_sni_policy_node, &pol->mapga) ;
-  sbearssl_sni_policy_node node = { .servername = servername, .chainindex = gabase } ;
+  sbearssl_sni_policy_node node = { .servername = sabase, .chainindex = gabase } ;
 
-  if (!sbearssl_cert_readbigpem(certfile, &pol->certga, &pol->storage)) return 0 ; ;
+  if (!stralloc_catb(&pol->storage, servername, strlen(servername) + 1)) return 0 ;
+  if (!sbearssl_cert_readbigpem(certfile, &pol->certga, &pol->storage)) goto err0 ;
   node.chainlen = genalloc_len(sbearssl_cert, &pol->certga) - node.chainindex ;
   if (!sbearssl_skey_readfile(keyfile, &node.skey, &pol->storage)) goto err1 ;
   if (!genalloc_catb(sbearssl_sni_policy_node, &pol->mapga, &node, 1)) goto err2 ;
@@ -33,6 +34,7 @@ int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *pol, char
  err1:
   if (gabase) genalloc_setlen(sbearssl_cert, &pol->certga, gabase) ;
   else genalloc_free(sbearssl_sni_policy_node, &pol->mapga) ;
+ err0:
   if (sabase) pol->storage.len = sabase ;
   else stralloc_free(&pol->storage) ;
   return 0 ;
diff --git a/src/sbearssl/sbearssl_sni_policy_init.c b/src/sbearssl/sbearssl_sni_policy_init.c
index 150250f..3446f35 100644
--- a/src/sbearssl/sbearssl_sni_policy_init.c
+++ b/src/sbearssl/sbearssl_sni_policy_init.c
@@ -13,7 +13,8 @@
 
 static void *sbearssl_sni_policy_node_dtok (uint32_t d, void *data)
 {
-  return (void *)genalloc_s(sbearssl_sni_map, &((sbearssl_sni_policy_context *)data)->mapga)[d].servername ;
+  sbearssl_sni_policy_context *pol = data ;
+  return pol->storage.s + genalloc_s(sbearssl_sni_policy_node, &pol->mapga)[d].servername ;
 }
 
 static int sbearssl_sni_policy_node_cmp (void const *a, void const *b, void *data)
diff --git a/src/sbearssl/sbearssl_sni_policy_vtable.c b/src/sbearssl/sbearssl_sni_policy_vtable.c
index dc18805..6d6bcc3 100644
--- a/src/sbearssl/sbearssl_sni_policy_vtable.c
+++ b/src/sbearssl/sbearssl_sni_policy_vtable.c
@@ -53,7 +53,7 @@ static int choose (br_ssl_server_policy_class const **pctx, br_ssl_server_contex
   sbearssl_sni_policy_node *node ;
   char const *servername = br_ssl_engine_get_server_name(&sc->eng) ;
 
- /* Get the node corresponding to the ServerName sent by the client */
+ /* Get the node corresponding to the ServerName sent by the client. "" for no SNI. */
   {
     uint32_t n ;
     if (!avltree_search(&pol->map, servername, &n)
-- 
cgit v1.2.3