From 2e0489705cdb2e07f52b3f08a7bcd9376796ac2f Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 22 Nov 2023 01:36:12 -0500
Subject: [PATCH] Const-correct X509_LOOKUP_METHOD

This avoids putting the method tables in writable memory.

Update-Note: Making X509_LOOKUP_file and X509_LOOKUP_hash_dir return
const pointers is not quite source-compatible, but code search suggests
nothing cares. If we have to, we can cast const away in those functions,
but let's try the more type-safe option first.

Change-Id: I562890f9db989c9991bc69b1c2e8174cd04d03a4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64249
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
(cherry picked from commit 5a82702daf7b9f9aac9a7121dc05a4ada4da0625)
---
 crypto/x509/by_dir.c   | 6 ++++--
 crypto/x509/by_file.c  | 4 ++--
 crypto/x509/internal.h | 2 +-
 crypto/x509/x509_lu.c  | 6 +++---
 include/openssl/x509.h | 6 +++---
 5 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 020cb976bb..3807f1f80b 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -92,14 +92,16 @@ static void free_dir(X509_LOOKUP *lu);
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
 static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                                X509_OBJECT *ret);
-static X509_LOOKUP_METHOD x509_dir_lookup = {
+static const X509_LOOKUP_METHOD x509_dir_lookup = {
     new_dir,              // new
     free_dir,             // free
     dir_ctrl,             // ctrl
     get_cert_by_subject,  // get_by_subject
 };
 
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) { return &x509_dir_lookup; }
+const X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) {
+  return &x509_dir_lookup;
+}
 
 static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                     char **retp) {
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 7bcf465c0c..799e16d3cf 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -65,14 +65,14 @@
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
                         char **ret);
-static X509_LOOKUP_METHOD x509_file_lookup = {
+static const X509_LOOKUP_METHOD x509_file_lookup = {
     NULL,          // new
     NULL,          // free
     by_file_ctrl,  // ctrl
     NULL,          // get_by_subject
 };
 
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void) { return &x509_file_lookup; }
+const X509_LOOKUP_METHOD *X509_LOOKUP_file(void) { return &x509_file_lookup; }
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                         char **ret) {
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 282aff79d9..b960997957 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -311,7 +311,7 @@ struct x509_store_st {
 
 // This is the functions plus an instance of the local variables.
 struct x509_lookup_st {
-  X509_LOOKUP_METHOD *method;  // the functions
+  const X509_LOOKUP_METHOD *method;  // the functions
   void *method_data;           // method data
 
   X509_STORE *store_ctx;  // who owns us
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 1923867441..5df64bb368 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -73,12 +73,12 @@ static X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
                                                X509_OBJECT *x);
 static int X509_OBJECT_up_ref_count(X509_OBJECT *a);
 
-static X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method,
+static X509_LOOKUP *X509_LOOKUP_new(const X509_LOOKUP_METHOD *method,
                                     X509_STORE *store);
 static int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
                                   X509_OBJECT *ret);
 
-static X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method,
+static X509_LOOKUP *X509_LOOKUP_new(const X509_LOOKUP_METHOD *method,
                                     X509_STORE *store) {
   X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(X509_LOOKUP));
   if (ret == NULL) {
@@ -207,7 +207,7 @@ void X509_STORE_free(X509_STORE *vfy) {
   OPENSSL_free(vfy);
 }
 
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) {
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, const X509_LOOKUP_METHOD *m) {
   STACK_OF(X509_LOOKUP) *sk = v->get_cert_methods;
   for (size_t i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
     X509_LOOKUP *lu = sk_X509_LOOKUP_value(sk, i);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 5c1ffd72f3..6f47c09f37 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -3208,10 +3208,10 @@ OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
 
 OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v,
-                                                  X509_LOOKUP_METHOD *m);
+                                                  const X509_LOOKUP_METHOD *m);
 
-OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
-OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+OPENSSL_EXPORT const X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+OPENSSL_EXPORT const X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 
 OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
 OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);