MINOR: sample: Validate the number of bits for the sha2 converter

Instead of failing the conversion when an invalid number of bits is
given the sha2 converter now fails with an appropriate error message
during startup.

The sha2 converter was introduced in d4376302377e4f51f43a183c2c91d929b27e1ae3,
which is in 2.1 and higher.

diff --git a/reg-tests/converter/sha2.vtc b/reg-tests/converter/sha2.vtc
index 0354b0a20960eb9cd222ded46447d55c31b1fca3..6ca021a8b770b27dc8d5a9a131dd19df6f753199 100644 (file)
--- a/reg-tests/converter/sha2.vtc
+++ b/reg-tests/converter/sha2.vtc
@@ -8,7 +8,7 @@ feature ignore_unknown_macro
 server s1 {
        rxreq
        txresp
-} -repeat 3 -start
+} -repeat 2 -start
 
 haproxy h1 -conf {
     defaults
@@ -28,7 +28,6 @@ haproxy h1 -conf {
        http-response set-header SHA2-256   "%[var(txn.hash),sha2(256),hex,lower]"
        http-response set-header SHA2-384   "%[var(txn.hash),sha2(384),hex,lower]"
        http-response set-header SHA2-512   "%[var(txn.hash),sha2(512),hex,lower]"
-       http-response set-header SHA2-invalid   "%[var(txn.hash),sha2(1),hex,lower]"
 
        default_backend be
 
@@ -46,7 +45,6 @@ client c1 -connect ${h1_fe_sock} {
        expect resp.http.sha2-256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
        expect resp.http.sha2-384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776"
        expect resp.http.sha2-512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a"
-       expect resp.http.sha2-invalid == ""
        txreq -url "/" \
          -hdr "Hash: 2"
        rxresp
@@ -56,5 +54,4 @@ client c1 -connect ${h1_fe_sock} {
        expect resp.http.sha2-256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35"
        expect resp.http.sha2-384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e"
        expect resp.http.sha2-512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114"
-       expect resp.http.sha2-invalid == ""
 } -run

diff --git a/src/sample.c b/src/sample.c
index b124c4b861fdc5342eba2726894c8c9ed817217a..82078fce1d929412f65276fb3c1b9b9c61df0a7a 100644 (file)
--- a/src/sample.c
+++ b/src/sample.c
@@ -1531,6 +1531,29 @@ static int sample_conv_sha1(const struct arg *arg_p, struct sample *smp, void *p
 }
 
 #ifdef USE_OPENSSL
+static int smp_check_sha2(struct arg *args, struct sample_conv *conv,
+                          const char *file, int line, char **err)
+{
+       if (args[0].type == ARGT_STOP)
+               return 1;
+       if (args[0].type != ARGT_SINT) {
+               memprintf(err, "Invalid type '%s'", arg_type_names[args[0].type]);
+               return 0;
+       }
+
+       switch (args[0].data.sint) {
+               case 224:
+               case 256:
+               case 384:
+               case 512:
+                       /* this is okay */
+                       return 1;
+               default:
+                       memprintf(err, "Unsupported number of bits: '%lld'", args[0].data.sint);
+                       return 0;
+       }
+}
+
 static int sample_conv_sha2(const struct arg *arg_p, struct sample *smp, void *private)
 {
        struct buffer *trash = get_trash_chunk();
@@ -3362,7 +3385,7 @@ static struct sample_conv_kw_list sample_conv_kws = {ILH, {
        { "regsub", sample_conv_regsub,    ARG3(2,REG,STR,STR), sample_conv_regsub_check, SMP_T_STR, SMP_T_STR },
        { "sha1",   sample_conv_sha1,      0,            NULL, SMP_T_BIN,  SMP_T_BIN  },
 #ifdef USE_OPENSSL
-       { "sha2",   sample_conv_sha2,      ARG1(0, SINT),            NULL, SMP_T_BIN,  SMP_T_BIN  },
+       { "sha2",   sample_conv_sha2,      ARG1(0, SINT), smp_check_sha2, SMP_T_BIN,  SMP_T_BIN  },
 #endif
        { "concat", sample_conv_concat,    ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR,  SMP_T_STR },
        { "strcmp", sample_conv_strcmp,    ARG1(1,STR), smp_check_strcmp, SMP_T_STR,  SMP_T_SINT },