Skip to content

Treat ASN1_STRING as opaque #978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rhenium merged 6 commits into from
Dec 6, 2025
Merged

Treat ASN1_STRING as opaque #978

rhenium merged 6 commits into from
Dec 6, 2025
+17 −15

Conversation

@botovq
Copy link
Contributor

@botovq botovq commented Dec 6, 2025

OpenSSL plans to make ASN1_STRING opaque along with all the other types sharing the same underlying struct asn1_string_st:

For most purposes there are accessors available in all supported libraries. The one exception is the ASN1_BIT_STRING type, which requires new API to deal with the unused bits octet, see:

Dealing with this has to wait until the interface has settled, at which point we can provide a compat-interface, so this PR doesn't touch BIT STRINGS.

The diff in this pull request is almost entirely mechanical.

A better approach might be to move asn1str_to_str to ossl.[ch] (and rename it to ossl_asn1str_to_str()?) and then convert the various calls to rb_str_new() with nested ASN1_STRING unpacking to that.

Finally, in the diff you can see that there's also a /* const_cast: workaround for old OpenSSL */ in ossl_asn1.c that can be removed along with the cast. Happy to send a PR for that.

@botovq
const correct ossl_bin2hex()
970d576 
This helper only reads from its in parameter. Making that const
avoids a couple of casts in an upcoming change.
@botovq
Copy link
Contributor Author

botovq commented Dec 6, 2025

The test failure seems unrelated.

I forgot to mention: I have versions of this patch that apply to the version of this gem bundled in Ruby 3.3.10 and 3.4.7 which I'm happy to share if it helps you.

rhenium
rhenium reviewed Dec 6, 2025
View reviewed changes
botovq added 2 commits December 6, 2025 17:18
@botovq
Convert ossl_ocsp.c to opaque ASN1_STRING
3742624 
OpenSSL plans to make asn1_string_st opaque, the struct underlying most
ASN.1 types such as ASN1_*STRING, ASN1_ENUMERATED, ASN1_INTEGER, etc. 
Most of ruby/openssl's C code can be straigtforwardly converted to use
accessors available since OpenSS
@botovq
Convert some of ossl_asn1.c to opaque ASN1_STRING
ba3d1cc 
This uses the normal accessors but leaves out BIT STRINGS, which will
need compat implementations for ASN1_BIT_STRING_get_length() and
ASN1_BIT_STRING_set1() for older libcryptos.

openssl/openssl#29184
openssl/openssl#29185
@botovq botovq force-pushed the opaque-asn1-string branch from 6cd4e38 to 0dc34ce Compare December 6, 2025 16:22
@rhenium
Copy link
Member

rhenium commented Dec 6, 2025

Thanks for the PR! This makes sense.

A better approach might be to move asn1str_to_str to ossl.[ch] (and rename it to ossl_asn1str_to_str()?) and then convert the various calls to rb_str_new() with nested ASN1_STRING unpacking to that.

That sounds even better. Actually, asn1str_to_str() is already usable everywhere (because ossl.h includes ossl_asn1.h) and these should have been using it. The missing ossl_ prefix in the name is just historical.

I'd appreciate if you can update these, but this can also be left for later.

I forgot to mention: I have versions of this patch that apply to the version of this gem bundled in Ruby 3.3.10 and 3.4.7 which I'm happy to share if it helps you.

This is unlikely to be backported since maintenance branches accept bugfixes only. Anyone needing to use an old Ruby with OpenSSL 4.x should be able to skip the bundled openssl and later install a newer version via RubyGems. So let's fix it in master only for now.

botovq
botovq commented Dec 6, 2025
View reviewed changes
@botovq botovq force-pushed the opaque-asn1-string branch from 0dc34ce to a41cf28 Compare December 6, 2025 16:34
@botovq
Copy link
Contributor Author

botovq commented Dec 6, 2025

I'd appreciate if you can update these, but this can also be left for later.

Done.

This is unlikely to be backported since maintenance branches accept bugfixes only.

Understood. Thanks for the quick turnaround.

rhenium
rhenium approved these changes Dec 6, 2025
View reviewed changes
Copy link
Member

@rhenium rhenium left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@rhenium rhenium merged commit 4db2605 into ruby:master Dec 6, 2025
43 of 44 checks passed
@botovq botovq deleted the opaque-asn1-string branch December 6, 2025 16:59
@botovq botovq mentioned this pull request Dec 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhenium rhenium rhenium approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@botovq @rhenium