MINOR: sample: Validate the number of bits for the sha2 converter
Instead of failing the conversion when an invalid number of bits is
given the sha2 converter now fails with an appropriate error message
during startup.
The sha2 converter was introduced in d4376302377e4f51f43a183c2c91d929b27e1ae3,
which is in 2.1 and higher.
diff --git a/reg-tests/converter/sha2.vtc b/reg-tests/converter/sha2.vtc
index 0354b0a..6ca021a 100644
--- a/reg-tests/converter/sha2.vtc
+++ b/reg-tests/converter/sha2.vtc
@@ -8,7 +8,7 @@
server s1 {
rxreq
txresp
-} -repeat 3 -start
+} -repeat 2 -start
haproxy h1 -conf {
defaults
@@ -28,7 +28,6 @@
http-response set-header SHA2-256 "%[var(txn.hash),sha2(256),hex,lower]"
http-response set-header SHA2-384 "%[var(txn.hash),sha2(384),hex,lower]"
http-response set-header SHA2-512 "%[var(txn.hash),sha2(512),hex,lower]"
- http-response set-header SHA2-invalid "%[var(txn.hash),sha2(1),hex,lower]"
default_backend be
@@ -46,7 +45,6 @@
expect resp.http.sha2-256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
expect resp.http.sha2-384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776"
expect resp.http.sha2-512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a"
- expect resp.http.sha2-invalid == ""
txreq -url "/" \
-hdr "Hash: 2"
rxresp
@@ -56,5 +54,4 @@
expect resp.http.sha2-256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35"
expect resp.http.sha2-384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e"
expect resp.http.sha2-512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114"
- expect resp.http.sha2-invalid == ""
} -run
diff --git a/src/sample.c b/src/sample.c
index b124c4b..82078fc 100644
--- a/src/sample.c
+++ b/src/sample.c
@@ -1531,6 +1531,29 @@
}
#ifdef USE_OPENSSL
+static int smp_check_sha2(struct arg *args, struct sample_conv *conv,
+ const char *file, int line, char **err)
+{
+ if (args[0].type == ARGT_STOP)
+ return 1;
+ if (args[0].type != ARGT_SINT) {
+ memprintf(err, "Invalid type '%s'", arg_type_names[args[0].type]);
+ return 0;
+ }
+
+ switch (args[0].data.sint) {
+ case 224:
+ case 256:
+ case 384:
+ case 512:
+ /* this is okay */
+ return 1;
+ default:
+ memprintf(err, "Unsupported number of bits: '%lld'", args[0].data.sint);
+ return 0;
+ }
+}
+
static int sample_conv_sha2(const struct arg *arg_p, struct sample *smp, void *private)
{
struct buffer *trash = get_trash_chunk();
@@ -3362,7 +3385,7 @@
{ "regsub", sample_conv_regsub, ARG3(2,REG,STR,STR), sample_conv_regsub_check, SMP_T_STR, SMP_T_STR },
{ "sha1", sample_conv_sha1, 0, NULL, SMP_T_BIN, SMP_T_BIN },
#ifdef USE_OPENSSL
- { "sha2", sample_conv_sha2, ARG1(0, SINT), NULL, SMP_T_BIN, SMP_T_BIN },
+ { "sha2", sample_conv_sha2, ARG1(0, SINT), smp_check_sha2, SMP_T_BIN, SMP_T_BIN },
#endif
{ "concat", sample_conv_concat, ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR, SMP_T_STR },
{ "strcmp", sample_conv_strcmp, ARG1(1,STR), smp_check_strcmp, SMP_T_STR, SMP_T_SINT },