Use $Restrict

517be163 · Nils Goroll · fc9291af · 517be163 · 517be163 · 517be163
Unverified Commit 517be163 authored Jun 13, 2023 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 13 deletions

vmod_crypto.c src/vmod_crypto.c +5 -13

vmod_crypto.rst src/vmod_crypto.rst +16 -0

vmod_crypto.vcc src/vmod_crypto.vcc +8 -0

No files found.
--- a/src/vmod_crypto.c
+++ b/src/vmod_crypto.c
@@ -227,23 +227,17 @@ vmod_key__fini(struct VPFX(crypto_key) **kp)
 	*kp = NULL;
 }

-static int
+static void
 key_ctx_ok(VRT_CTX)
 {
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
-
-	if (ctx->method == VCL_MET_INIT)
-		return (1);
-
-	VRT_fail(ctx, "key methods can only be used in vcl_init {}");
-	return (0);
+	assert(ctx->method == VCL_MET_INIT);
 }

 VCL_BLOB
 vmod_key_use(VRT_CTX, struct VPFX(crypto_key) *k)
 {
-	if (! key_ctx_ok(ctx))
-		return (NULL);
+	key_ctx_ok(ctx);

 	CHECK_OBJ_NOTNULL(k, VMOD_CRYPTO_KEY_MAGIC);
 	return (VRT_blob(ctx, "xkey.use()", k, sizeof *k, CRYPTO_KEY_BLOB));
@@ -339,8 +333,7 @@ privkey_pem(VRT_CTX, VCL_STRING pem, VCL_STRING password)
 static struct VPFX(crypto_key) *
 crypto_key_ok(VRT_CTX, VCL_STRING name, struct VPFX(crypto_key) *k)
 {
-	if (! key_ctx_ok(ctx))
-		return (NULL);
+	key_ctx_ok(ctx);

 	CHECK_OBJ_NOTNULL(k, VMOD_CRYPTO_KEY_MAGIC);

@@ -381,8 +374,7 @@ vmod_key_rsa(VRT_CTX, struct VPFX(crypto_key) *k, struct VARGS(key_rsa) *args) {
 	EVP_PKEY *pkey;
 	RSA *rsa;

-	if (! key_ctx_ok(ctx))
-		return;
+	key_ctx_ok(ctx);

 	CHECK_OBJ_NOTNULL(k, VMOD_CRYPTO_KEY_MAGIC);


--- a/src/vmod_crypto.rst
+++ b/src/vmod_crypto.rst
@@ -95,6 +95,10 @@ BLOB xkey.use()

 Wrap the key in a blob to be passed to `crypto.verifier()`_

+Restricted to: ``vcl_init``.
+
+
+
 .. _xkey.pem_pubkey():

 VOID xkey.pem_pubkey(STRING)
@@ -108,6 +112,10 @@ comprise RSA and DSA.

 Any error is fatal to vcl initialization.

+Restricted to: ``vcl_init``.
+
+
+
 .. _xkey.pem_privkey():

 VOID xkey.pem_privkey(STRING, STRING password=0)
@@ -122,6 +130,10 @@ comprise RSA and DSA.

 Any error is fatal to vcl initialization.

+Restricted to: ``vcl_init``.
+
+
+
 .. _xkey.rsa():

 VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
@@ -131,6 +143,10 @@ Create an RSA key from the parameters n, e, and optionally d.

 Any error is fatal to vcl initialization.

+Restricted to: ``vcl_init``.
+
+
+
 .. _crypto.verifier():

 new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])

--- a/src/vmod_crypto.vcc
+++ b/src/vmod_crypto.vcc
@@ -48,6 +48,8 @@ $Method BLOB .use()

 Wrap the key in a blob to be passed to `crypto.verifier()`_

+$Restrict vcl_init
+
 $Method VOID .pem_pubkey(STRING)

 Create a key from the PEM-encoded public key.
@@ -58,6 +60,8 @@ comprise RSA and DSA.

 Any error is fatal to vcl initialization.

+$Restrict vcl_init
+
 $Method VOID .pem_privkey(STRING, STRING password=0)

 Create a key from the PEM-encoded private key, optionally decrypting
@@ -69,12 +73,16 @@ comprise RSA and DSA.

 Any error is fatal to vcl initialization.

+$Restrict vcl_init
+
 $Method VOID .rsa(BLOB n, BLOB e, [BLOB d])

 Create an RSA key from the parameters n, e, and optionally d.

 Any error is fatal to vcl initialization.

+$Restrict vcl_init
+
 $Object verifier(ENUM {md_null, md4, md5, sha1, sha224,
 	sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
 	[STRING pem], [BLOB key])