MINOR: ssl: Add a function to hash SNIs

This patch only adds the function ssl_sock_sni_hash() that can be used to
get the hash value corresponding to an SNI. A global seed, sni_hash_seed, is
used.

include/haproxy/ssl_sock.h

@@ -58,6 +58,7 @@ extern struct pool_head *pool_head_ssl_keylog_str;
 extern struct list openssl_providers;
 extern struct stats_module ssl_stats_module;
 
+uint64_t ssl_sock_sni_hash(const struct ist sni);
 int ssl_sock_prep_ctx_and_inst(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
 			       SSL_CTX *ctx, struct ckch_inst *ckch_inst, char **err);
 int ssl_sock_prep_srv_ctx_and_inst(const struct server *srv, SSL_CTX *ctx,

src/ssl_sock.c

@@ -108,6 +108,7 @@
 int nb_engines = 0;
 
 static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
+static uint64_t sni_hash_seed = 0; /* Seed used to compute hash of SNIs */
 
 struct global_ssl global_ssl = {
 #ifdef LISTEN_DEFAULT_CIPHERS
@@ -610,7 +611,11 @@ static int ssl_locking_init(void)
 
 __decl_thread(HA_SPINLOCK_T ckch_lock);
 
-
+/* Returns the hash corresponding to <sni> */
+uint64_t ssl_sock_sni_hash(const struct ist sni)
+{
+	return XXH3(istptr(sni), istlen(sni), sni_hash_seed);
+}
 
 /* mimic what X509_STORE_load_locations do with store_ctx */
 static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
@@ -8481,6 +8486,8 @@ static void __ssl_sock_init(void)
 	HA_SPIN_INIT(&ocsp_tree_lock);
 #endif
 
+	sni_hash_seed = ha_random64();
+
 	/* Try to register dedicated SSL/TLS protocol message callbacks for
 	 * heartbleed attack (CVE-2014-0160) and clienthello.
 	 */