Use $Restrict

README.rst

@@ -196,6 +196,8 @@ VOID init(ENUM, BYTES n)
 Initialize the libgcrypt library, currently to manage the use of
 secure memory. The ENUM specifies an operation for initialization.
 
+Restricted to: ``vcl_init``
+
 Initialization takes place *exactly once* during the lifetime of the
 Varnish child process, and must be performed before any objects are
 created; details below.
@@ -234,10 +236,6 @@ initialization is simply to call ``init(FINISH)``, which results in
 the default configuration for the libgcrypt library -- secure memory
 is enabled with the default pool size.
 
-The ``init()`` function may only be called in ``vcl_init``; if it is
-called in any other VCL subroutine, then an error message is logged
-with the tag ``VCL_Error``, and the call is ignored.
-
 Initialization is evaluated only once during the lifetime of the
 Varnish child process. If a new instance of VCL is loaded with calls
 to ``init()`` in ``vcl_init`` after initialization was already

src/tests/init_usage.vtc

@@ -2,8 +2,7 @@
 
 varnishtest "init function usage"
 
-# init() is illegal in every VCL sub except vcl_init
-varnish v1 -vcl {
+varnish v1 -errvcl {Not available in subroutine 'vcl_recv'} {
 	import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
 	backend b { .host = "${bad_ip}"; }
 
@@ -11,19 +10,7 @@ varnish v1 -vcl {
 		gcrypt.init(FINISH);
 		return(synth(200));
 	}
-} -start
-
-client c1 {
-	txreq
-	rxresp
-	expect resp.status == 200
-} -run
-
-logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
-	expect 0 * Begin req
-	expect * = VCL_Error "^vmod gcrypt error: gcrypt.init.. is only legal in vcl_init$"
-	expect * = End
-} -run
+}
 
 # Finish default initialization
 varnish v1 -vcl {
@@ -33,7 +20,7 @@ varnish v1 -vcl {
 	sub vcl_init {
 		gcrypt.init(FINISH);
 	}
-}
+} -start
 
 # Calling init again without restarting Varnish, even after reloading
 # VCL, has no effect except to log the fact that initialization is

src/vmod_gcrypt.c

@@ -213,10 +213,7 @@ vmod_init(VRT_CTX, VCL_ENUM cmd, VCL_BYTES n)
 
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	AN(cmd);
-	if (ctx->method != VCL_MET_INIT) {
-		ERR(ctx, "gcrypt.init() is only legal in vcl_init");
-		return;
-	}
+	assert(ctx->method == VCL_MET_INIT);
 	if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) {
 		VSL(SLT_Debug, NO_VXID, "libgcrypt initialization already finished");
 		return;

src/vmod_gcrypt.vcc

@@ -149,6 +149,8 @@ $Function VOID init(ENUM {INIT_SECMEM, DISABLE_SECMEM, FINISH}, BYTES n=1)
 Initialize the libgcrypt library, currently to manage the use of
 secure memory. The ENUM specifies an operation for initialization.
 
+$Restrict vcl_init
+
 Initialization takes place *exactly once* during the lifetime of the
 Varnish child process, and must be performed before any objects are
 created; details below.
@@ -187,10 +189,6 @@ initialization is simply to call ``init(FINISH)``, which results in
 the default configuration for the libgcrypt library -- secure memory
 is enabled with the default pool size.
 
-The ``init()`` function may only be called in ``vcl_init``; if it is
-called in any other VCL subroutine, then an error message is logged
-with the tag ``VCL_Error``, and the call is ignored.
-
 Initialization is evaluated only once during the lifetime of the
 Varnish child process. If a new instance of VCL is loaded with calls
 to ``init()`` in ``vcl_init`` after initialization was already