Test some error conditions for custom encryption VFPs.

And improve an error message.

src/tests/encrypt_err.vtc

 # looks like -*- vcl -*-
 
-varnishtest "errors and corner cases for the encryption VFP"
+varnishtest "errors and corner cases for encryption VFPs"
 
 server s1 {
 	# Empty body
@@ -112,3 +112,113 @@ client c1 {
 } -run
 
 varnish v1 -expect ECE.vfp.ece_encrypt.ops == 2
+
+# Errors for custom VFPs
+
+varnish v1 -errvcl {vmod ece failure: new vfp: filter name must be non-empty} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("");
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: key header name may not be empty} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("enc", key_hdr="");
+	}
+}
+
+varnish v1 -errvcl {too long} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("enc", key_hdr="1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890");
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: rs 17 too small (must be >= 18)} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("enc", rs=17B);
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: rs 4294967296 too large} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("enc", rs=4GB);
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: filter name ece_encrypt already in use by another VFP} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("ece_encrypt");
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: filter name ece_decrypt already in use by another VFP} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("ece_decrypt");
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: filter name esi already in use by another VFP} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("esi");
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: filter name esi_gzip already in use by another VFP} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("esi_gzip");
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: filter name gunzip already in use by another VFP} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("gunzip");
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: filter name gzip already in use by another VFP} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("gzip");
+	}
+}
+
+varnish v1 -errvcl {vmod ece failure: new vfp: filter name testgunzip already in use by another VFP} {
+	import ${vmod_ece};
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new vfp = ece.encrypter("testgunzip");
+	}
+}

src/vmod_ece.c

@@ -293,7 +293,7 @@ vmod_encrypter__init(VRT_CTX, struct VPFX(ece_encrypter) **encp,
 
 	/* Catches rs < 0. */
 	if (rs < MIN_RS) {
-		VFAIL(ctx, "new %s: rs %jd too small (must >= %d)", vcl_name,
+		VFAIL(ctx, "new %s: rs %jd too small (must be >= %d)", vcl_name,
 		      (intmax_t)rs, MIN_RS);
 		return;
 	}