From ab6f405ae7286fbe1609520ed29850255a3074ad Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Fri, 6 Sep 2024 12:23:55 +0930
Subject: [PATCH] common/hsm_encryption: use const char * for errors.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 common/hsm_encryption.c | 16 ++++++++++------
 common/hsm_encryption.h |  4 ++--
 lightningd/options.c    |  9 +++++----
 tools/hsmtool.c         | 19 +++++++++++--------
 4 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/common/hsm_encryption.c b/common/hsm_encryption.c
index 796fc33cc..33fc617f7 100644
--- a/common/hsm_encryption.c
+++ b/common/hsm_encryption.c
@@ -7,22 +7,25 @@
 #include <unistd.h>
 
 int hsm_secret_encryption_key_with_exitcode(const char *pass, struct secret *key,
-					      char **err_msg)
+					    const char **err_msg)
 {
 	u8 salt[16] = "c-lightning\0\0\0\0\0";
 
 	/* Don't swap the encryption key ! */
 	if (sodium_mlock(key->data, sizeof(key->data)) != 0) {
-		*err_msg = "Could not lock hsm_secret encryption key memory.";
+		if (err_msg)
+			*err_msg = "Could not lock hsm_secret encryption key memory.";
 		return EXITCODE_HSM_GENERIC_ERROR;
 	}
 
 	/* Check bounds. */
 	if (strlen(pass) < crypto_pwhash_argon2id_PASSWD_MIN) {
-		*err_msg = "Password too short to be able to derive a key from it.";
+		if (err_msg)
+			*err_msg = "Password too short to be able to derive a key from it.";
 		return EXITCODE_HSM_BAD_PASSWORD;
 	} else if (strlen(pass) > crypto_pwhash_argon2id_PASSWD_MAX) {
-		*err_msg = "Password too long to be able to derive a key from it.";
+		if (err_msg)
+			*err_msg = "Password too long to be able to derive a key from it.";
 		return EXITCODE_HSM_BAD_PASSWORD;
 	}
 
@@ -33,7 +36,8 @@ int hsm_secret_encryption_key_with_exitcode(const char *pass, struct secret *key
 			  crypto_pwhash_argon2id_OPSLIMIT_MODERATE,
 			  crypto_pwhash_argon2id_MEMLIMIT_MODERATE,
 			  crypto_pwhash_ALG_ARGON2ID13) != 0) {
-		*err_msg = "Could not derive a key from the password.";
+		if (err_msg)
+			*err_msg = "Could not derive a key from the password.";
 		return EXITCODE_HSM_BAD_PASSWORD;
 	}
 
@@ -112,7 +116,7 @@ static bool getline_stdin_pass(char **passwd, size_t *passwd_size)
 	return true;
 }
 
-char *read_stdin_pass_with_exit_code(char **reason, int *exit_code)
+char *read_stdin_pass_with_exit_code(const char **reason, int *exit_code)
 {
 	struct termios current_term, temp_term;
 	char *passwd = NULL;
diff --git a/common/hsm_encryption.h b/common/hsm_encryption.h
index 867202661..0f1b36097 100644
--- a/common/hsm_encryption.h
+++ b/common/hsm_encryption.h
@@ -27,7 +27,7 @@ struct encrypted_hsm_secret {
  * On success, 0 is returned, on error a value > 0 is returned and it can be used as exit code.
  */
 int hsm_secret_encryption_key_with_exitcode(const char *pass, struct secret *key,
-					    char **err_msg);
+					    const char **err_msg);
 
 /** Encrypt the hsm_secret using a previously derived encryption key.
  * @encryption_key: the key derived from the passphrase.
@@ -62,7 +62,7 @@ void discard_key(struct secret *key TAKES);
  *
  * Caller must free the string as it does tal-reallocate getline's output.
  */
-char *read_stdin_pass_with_exit_code(char **reason, int *exit_code);
+char *read_stdin_pass_with_exit_code(const char **reason, int *exit_code);
 
 /** Returns -1 on error (and sets errno), 0 if not encrypted, 1 if it is */
 int is_hsm_secret_encrypted(const char *path);
diff --git a/lightningd/options.c b/lightningd/options.c
index ecc515680..4cfcac36d 100644
--- a/lightningd/options.c
+++ b/lightningd/options.c
@@ -637,7 +637,8 @@ static void prompt(struct lightningd *ld, const char *str)
  */
 static char *opt_set_hsm_password(struct lightningd *ld)
 {
-	char *passwd, *passwd_confirmation, *err_msg;
+	char *passwd, *passwd_confirmation;
+	const char *err_msg;
 	int is_encrypted;
 
         is_encrypted = is_hsm_secret_encrypted("hsm_secret");
@@ -657,13 +658,13 @@ static char *opt_set_hsm_password(struct lightningd *ld)
 
 	passwd = read_stdin_pass_with_exit_code(&err_msg, &opt_exitcode);
 	if (!passwd)
-		return err_msg;
+		return cast_const(char *, err_msg);
 	if (!is_encrypted) {
 		prompt(ld, "Confirm hsm_secret password:");
 		fflush(stdout);
 		passwd_confirmation = read_stdin_pass_with_exit_code(&err_msg, &opt_exitcode);
 		if (!passwd_confirmation)
-			return err_msg;
+			return cast_const(char *, err_msg);
 
 		if (!streq(passwd, passwd_confirmation)) {
 			opt_exitcode = EXITCODE_HSM_BAD_PASSWORD;
@@ -677,7 +678,7 @@ static char *opt_set_hsm_password(struct lightningd *ld)
 
 	opt_exitcode = hsm_secret_encryption_key_with_exitcode(passwd, ld->config.keypass, &err_msg);
 	if (opt_exitcode > 0)
-		return err_msg;
+		return cast_const(char *, err_msg);
 
 	ld->encrypted_hsm = true;
 	free(passwd);
diff --git a/tools/hsmtool.c b/tools/hsmtool.c
index 3283c0c7e..228b2e17a 100644
--- a/tools/hsmtool.c
+++ b/tools/hsmtool.c
@@ -105,7 +105,7 @@ static void get_encrypted_hsm_secret(struct secret *hsm_secret,
 {
 	struct secret key;
 	struct encrypted_hsm_secret encrypted_secret;
-	char *err;
+	const char *err;
 	int exit_code;
 
 	grab_hsm_file(hsm_secret_path,
@@ -184,7 +184,8 @@ static void get_hsm_secret(struct secret *hsm_secret,
 	/* This checks the file existence, too. */
 	if (hsm_secret_is_encrypted(hsm_secret_path)) {
 		int exit_code;
-		char *err, *passwd;
+		char *passwd;
+		const char *err;
 
 		printf("Enter hsm_secret password:\n");
 		fflush(stdout);
@@ -202,8 +203,8 @@ static int decrypt_hsm(const char *hsm_secret_path)
 {
 	int fd;
 	struct secret hsm_secret;
-	char *passwd, *err;
-	const char *dir, *backup;
+	char *passwd;
+	const char *dir, *backup, *err;
 	int exit_code = 0;
 	/* This checks the file existence, too. */
 	if (!hsm_secret_is_encrypted(hsm_secret_path))
@@ -293,8 +294,8 @@ static int encrypt_hsm(const char *hsm_secret_path)
 	int fd;
 	struct secret key, hsm_secret;
 	struct encrypted_hsm_secret encrypted_hsm_secret;
-	char *passwd, *passwd_confirmation, *err;
-	const char *dir, *backup;
+	char *passwd, *passwd_confirmation;
+	const char *err, *dir, *backup;
 	int exit_code = 0;
 
 	/* This checks the file existence, too. */
@@ -519,7 +520,8 @@ static void read_mnemonic(char *mnemonic) {
 static int generate_hsm(const char *hsm_secret_path)
 {
 	char mnemonic[BIP39_WORDLIST_LEN];
-	char *passphrase, *err;
+	char *passphrase;
+	const char *err;
 	int exit_code = 0;
 
 	read_mnemonic(mnemonic);
@@ -634,7 +636,8 @@ static int check_hsm(const char *hsm_secret_path)
 	u8 bip32_seed[BIP39_SEED_LEN_512];
 	size_t bip32_seed_len;
 	int exit_code;
-	char *passphrase, *err;
+	char *passphrase;
+	const char *err;
 
 	get_hsm_secret(&hsm_secret, hsm_secret_path);