From bc05b9fc92243f4a9182e52c91cc3a9a010329a5 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Mon, 24 Jun 2024 06:43:24 +0000 Subject: libcrypto: constify most error string tables These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing --- lib/libcrypto/bio/bio_err.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'lib/libcrypto/bio') diff --git a/lib/libcrypto/bio/bio_err.c b/lib/libcrypto/bio/bio_err.c index 36fabca21c8..4541adb240b 100644 --- a/lib/libcrypto/bio/bio_err.c +++ b/lib/libcrypto/bio/bio_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_err.c,v 1.20 2023/07/05 21:23:37 beck Exp $ */ +/* $OpenBSD: bio_err.c,v 1.21 2024/06/24 06:43:22 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -60,17 +60,19 @@ #include #include +#include "err_local.h" + #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) -static ERR_STRING_DATA BIO_str_functs[] = { +static const ERR_STRING_DATA BIO_str_functs[] = { {ERR_FUNC(0xfff), "CRYPTO_internal"}, {0, NULL} }; -static ERR_STRING_DATA BIO_str_reasons[] = { +static const ERR_STRING_DATA BIO_str_reasons[] = { {ERR_REASON(BIO_R_ACCEPT_ERROR) , "accept error"}, {ERR_REASON(BIO_R_BAD_FOPEN_MODE) , "bad fopen mode"}, {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) , "bad hostname lookup"}, @@ -112,8 +114,8 @@ ERR_load_BIO_strings(void) { #ifndef OPENSSL_NO_ERR if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) { - ERR_load_strings(0, BIO_str_functs); - ERR_load_strings(0, BIO_str_reasons); + ERR_load_const_strings(BIO_str_functs); + ERR_load_const_strings(BIO_str_reasons); } #endif } -- cgit v1.2.3