Use $Restrict

480eb7a3 · Nils Goroll · 9ad60040 · 480eb7a3 · 480eb7a3 · 480eb7a3
Unverified Commit 480eb7a3 authored Jun 13, 2023 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 28 deletions

README.rst README.rst +2 -4

init_usage.vtc src/tests/init_usage.vtc +3 -16

vmod_gcrypt.c src/vmod_gcrypt.c +1 -4

vmod_gcrypt.vcc src/vmod_gcrypt.vcc +2 -4

No files found.
--- a/README.rst
+++ b/README.rst
@@ -196,6 +196,8 @@ VOID init(ENUM, BYTES n)
 Initialize the libgcrypt library, currently to manage the use of
 secure memory. The ENUM specifies an operation for initialization.
+Restricted to: ``vcl_init``
 Initialization takes place *exactly once* during the lifetime of the
 Varnish child process, and must be performed before any objects are
 created; details below.
@@ -234,10 +236,6 @@ initialization is simply to call ``init(FINISH)``, which results in
 the default configuration for the libgcrypt library -- secure memory
 is enabled with the default pool size.
-The ``init()`` function may only be called in ``vcl_init``; if it is
-called in any other VCL subroutine, then an error message is logged
-with the tag ``VCL_Error``, and the call is ignored.
 Initialization is evaluated only once during the lifetime of the
 Varnish child process. If a new instance of VCL is loaded with calls
 to ``init()`` in ``vcl_init`` after initialization was already

--- a/src/tests/init_usage.vtc
+++ b/src/tests/init_usage.vtc
@@ -2,8 +2,7 @@
 varnishtest "init function usage"
-# init() is illegal in every VCL sub except vcl_init
+varnish v1 -errvcl {Not available in subroutine 'vcl_recv'} {
-varnish v1 -vcl {
 	import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
 	backend b { .host = "${bad_ip}"; }
@@ -11,19 +10,7 @@ varnish v1 -vcl {
 		gcrypt.init(FINISH);
 		return(synth(200));
 	}
-} -start
+}
-client c1 {
-	txreq
-	rxresp
-	expect resp.status == 200
-} -run
-logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
-	expect 0 * Begin req
-	expect * = VCL_Error "^vmod gcrypt error: gcrypt.init.. is only legal in vcl_init$"
-	expect * = End
-} -run
 # Finish default initialization
 varnish v1 -vcl {
@@ -33,7 +20,7 @@ varnish v1 -vcl {
 	sub vcl_init {
 		gcrypt.init(FINISH);
 	}
-}
+} -start
 # Calling init again without restarting Varnish, even after reloading
 # VCL, has no effect except to log the fact that initialization is

--- a/src/vmod_gcrypt.c
+++ b/src/vmod_gcrypt.c
@@ -213,10 +213,7 @@ vmod_init(VRT_CTX, VCL_ENUM cmd, VCL_BYTES n)
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	AN(cmd);
-	if (ctx->method != VCL_MET_INIT) {
+	assert(ctx->method == VCL_MET_INIT);
-		ERR(ctx, "gcrypt.init() is only legal in vcl_init");
-		return;
-	}
 	if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) {
 		VSL(SLT_Debug, NO_VXID, "libgcrypt initialization already finished");
 		return;

--- a/src/vmod_gcrypt.vcc
+++ b/src/vmod_gcrypt.vcc
@@ -149,6 +149,8 @@ $Function VOID init(ENUM {INIT_SECMEM, DISABLE_SECMEM, FINISH}, BYTES n=1)
 Initialize the libgcrypt library, currently to manage the use of
 secure memory. The ENUM specifies an operation for initialization.
+$Restrict vcl_init
 Initialization takes place *exactly once* during the lifetime of the
 Varnish child process, and must be performed before any objects are
 created; details below.
@@ -187,10 +189,6 @@ initialization is simply to call ``init(FINISH)``, which results in
 the default configuration for the libgcrypt library -- secure memory
 is enabled with the default pool size.
-The ``init()`` function may only be called in ``vcl_init``; if it is
-called in any other VCL subroutine, then an error message is logged
-with the tag ``VCL_Error``, and the call is ignored.
 Initialization is evaluated only once during the lifetime of the
 Varnish child process. If a new instance of VCL is loaded with calls
 to ``init()`` in ``vcl_init`` after initialization was already