libcrypto: constify most error string tables

These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.

The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.

In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.

Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.

ok jsing

1 files changed, 11 insertions, 9 deletions

diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index 2cbd349350..cff045b105 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_err.c,v 1.22 2023/05/14 17:20:26 tb Exp $ */
+/* $OpenBSD: x509_err.c,v 1.23 2024/06/24 06:43:23 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -61,17 +61,19 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+#include "err_local.h"
+
 #ifndef OPENSSL_NO_ERR
 
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
 
-static ERR_STRING_DATA X509_str_functs[] = {
+static const ERR_STRING_DATA X509_str_functs[] = {
         {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
-static ERR_STRING_DATA X509_str_reasons[] = {
+static const ERR_STRING_DATA X509_str_reasons[] = {
         {ERR_REASON(X509_R_BAD_X509_FILETYPE)    , "bad x509 filetype"},
         {ERR_REASON(X509_R_BASE64_DECODE_ERROR)  , "base64 decode error"},
         {ERR_REASON(X509_R_CANT_CHECK_DH_KEY)    , "cant check dh key"},
@@ -108,12 +110,12 @@ static ERR_STRING_DATA X509_str_reasons[] = {
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
 
-static ERR_STRING_DATA X509V3_str_functs[] = {
+static const ERR_STRING_DATA X509V3_str_functs[] = {
         {ERR_FUNC(0xfff), "CRYPTO_internal"},
         {0, NULL}
 };
 
-static ERR_STRING_DATA X509V3_str_reasons[] = {
+static const ERR_STRING_DATA X509V3_str_reasons[] = {
         {ERR_REASON(X509V3_R_BAD_IP_ADDRESS)     , "bad ip address"},
         {ERR_REASON(X509V3_R_BAD_OBJECT)         , "bad object"},
         {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    , "bn dec2bn error"},
@@ -192,8 +194,8 @@ ERR_load_X509_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
         if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
-                ERR_load_strings(0, X509_str_functs);
-                ERR_load_strings(0, X509_str_reasons);
+                ERR_load_const_strings(X509_str_functs);
+                ERR_load_const_strings(X509_str_reasons);
         }
 #endif
 }
@@ -205,8 +207,8 @@ ERR_load_X509V3_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
         if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
-                ERR_load_strings(0, X509V3_str_functs);
-                ERR_load_strings(0, X509V3_str_reasons);
+                ERR_load_const_strings(X509V3_str_functs);
+                ERR_load_const_strings(X509V3_str_reasons);
         }
 #endif
 }