ruby.git/ext/openssl/ossl_asn1.c, branch v4.0.2 The Ruby Programming Language [ruby/openssl] Freeze more constants for Ractor compatibility 2025-12-15T09:09:49+00:00 Kazuki Yamaguchi k@rhe.jp 2025-12-14T10:55:28+00:00 ee6ba41bfdc82110468598467cd10ce850b44f0c https://github.com/ruby/openssl/commit/695126f582 
https://github.com/ruby/openssl/commit/695126f582
[ruby/openssl] asn1integer_to_num: don't cast away const 2025-12-06T17:26:32+00:00 Theo Buehler tb@openbsd.org 2025-12-06T16:58:56+00:00 47c0dae188162798c50fdb2580d852ceec89f2ec ASN1_ENUMERATED_to_BN() has been const-correct for a long time in all supported libcrytos, so we can remove this workaround. https://github.com/ruby/openssl/commit/d0f36a7c65 
ASN1_ENUMERATED_to_BN() has been const-correct for a long time in all
supported libcrytos, so we can remove this workaround.

https://github.com/ruby/openssl/commit/d0f36a7c65
[ruby/openssl] Convert some of ossl_asn1.c to opaque ASN1_STRING 2025-12-06T16:50:16+00:00 Theo Buehler tb@openbsd.org 2025-12-05T12:44:18+00:00 98c151b0e55e25217334a94c17102ea8382027f2 This uses the normal accessors but leaves out BIT STRINGS, which will need compat implementations for ASN1_BIT_STRING_get_length() and ASN1_BIT_STRING_set1() for older libcryptos. https://github.com/openssl/openssl/issues/29184 https://github.com/openssl/openssl/issues/29185 https://github.com/ruby/openssl/commit/ba3d1cc5c2 
This uses the normal accessors but leaves out BIT STRINGS, which will
need compat implementations for ASN1_BIT_STRING_get_length() and
ASN1_BIT_STRING_set1() for older libcryptos.

https://github.com/openssl/openssl/issues/29184
https://github.com/openssl/openssl/issues/29185

https://github.com/ruby/openssl/commit/ba3d1cc5c2
[ruby/openssl] asn1: use ASN1_TIME_to_tm() to decode UTCTime and GeneralizedTime 2025-12-05T12:24:54+00:00 Kazuki Yamaguchi k@rhe.jp 2025-02-27T18:10:35+00:00 f179885d3c454c6a98c23b2a977480657bb0f676 The current logic relies on sscanf() and error checks are almost entirely missing. It also assumes that ASN1_STRING contents are NUL terminated, which is undocumented and not guaranteed for all valid ASN1_TIME objects. Switch to using ASN1_TIME_to_tm() added in OpenSSL 1.1.1. It is also supported by LibreSSL and AWS-LC. In the long term, we may want to replace ASN1_TIME_to_tm() with a hand-rolled decoder, since the function is intended for a specific use-case. It is too permissive for strict DER, yet still does not support all valid DER inputs and silently drops information such as fractional seconds. However, it handles everything that the current sscanf() code could handle. https://github.com/ruby/openssl/commit/73484f6794 
The current logic relies on sscanf() and error checks are almost
entirely missing. It also assumes that ASN1_STRING contents are NUL
terminated, which is undocumented and not guaranteed for all valid
ASN1_TIME objects.

Switch to using ASN1_TIME_to_tm() added in OpenSSL 1.1.1. It is also
supported by LibreSSL and AWS-LC.

In the long term, we may want to replace ASN1_TIME_to_tm() with a
hand-rolled decoder, since the function is intended for a specific
use-case. It is too permissive for strict DER, yet still does not
support all valid DER inputs and silently drops information such as
fractional seconds. However, it handles everything that the current
sscanf() code could handle.

https://github.com/ruby/openssl/commit/73484f6794
[ruby/openssl] asn1: reorder declarations 2025-12-05T12:24:54+00:00 Kazuki Yamaguchi k@rhe.jp 2025-12-04T17:52:38+00:00 bf2b9c09473ee1a49766c6d7c6e1d683236a13ee Move variable declarations for OpenSSL::ASN1 classes to the top of the file. asn1time_to_time() will need eASN1Error in the next patch. https://github.com/ruby/openssl/commit/6c0ef87897 
Move variable declarations for OpenSSL::ASN1 classes to the top of the
file. asn1time_to_time() will need eASN1Error in the next patch.

https://github.com/ruby/openssl/commit/6c0ef87897
[ruby/openssl] Expand tabs in C source files 2025-12-04T17:46:59+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-29T18:40:32+00:00 5062c0c621d887367af8a054e5e5d83d7ec57dd3 Since around 2018, we have been using spaces for indentation for newly added code[1]. The mixed use of tabs and spaces has repeatedly confused new contributors who configured their editors to use a different tab size than 8. Since git blame can now skip specific commits, ruby/ruby did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl. While at it, fix a few indentation issues, mainly in switch-case labels and in ossl_ssl_session.c, which used doubled indentation size. This patch contains white-space changes only. git diff -w output should be empty. [1] https://bugs.ruby-lang.org/issues/14246 [2] https://bugs.ruby-lang.org/issues/18891 https://github.com/ruby/openssl/commit/4d6214f507 
Since around 2018, we have been using spaces for indentation for newly
added code[1]. The mixed use of tabs and spaces has repeatedly confused
new contributors who configured their editors to use a different tab
size than 8. Since git blame can now skip specific commits, ruby/ruby
did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl.

While at it, fix a few indentation issues, mainly in switch-case labels
and in ossl_ssl_session.c, which used doubled indentation size.

This patch contains white-space changes only. git diff -w output should
be empty.

[1] https://bugs.ruby-lang.org/issues/14246
[2] https://bugs.ruby-lang.org/issues/18891

https://github.com/ruby/openssl/commit/4d6214f507
[ruby/openssl] Revert "rewriting most of the asn1 init code in ruby" 2025-12-04T17:32:37+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-18T13:40:42+00:00 6fe1c1591106ef428f42cd5601be1cab994dae9a This reverts commit https://github.com/ruby/openssl/commit/830505172882. The commit is part of the bigger effort to rewrite OpenSSL::ASN1 in Ruby. OpenSSL::ASN1 is relatively isolated from the rest of ruby/openssl and is not tightly bound to the OpenSSL API. The current implementation also needs a major refactor for several reasons, so this remains a long-term goal. However, the work is not yet complete. We are close to releasing v4.0.0, and we want to avoid shipping fragmented code in a stable branch. The changes can be reapplied when the rest is ready. https://github.com/ruby/openssl/commit/362942dcbf 
This reverts commit https://github.com/ruby/openssl/commit/830505172882.

The commit is part of the bigger effort to rewrite OpenSSL::ASN1 in
Ruby. OpenSSL::ASN1 is relatively isolated from the rest of ruby/openssl
and is not tightly bound to the OpenSSL API. The current implementation
also needs a major refactor for several reasons, so this remains a
long-term goal.

However, the work is not yet complete. We are close to releasing v4.0.0,
and we want to avoid shipping fragmented code in a stable branch. The
changes can be reapplied when the rest is ready.

https://github.com/ruby/openssl/commit/362942dcbf
[ruby/openssl] Remove dummy declarations for mOSSL and eOSSLError 2025-11-29T17:05:19+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-29T16:47:26+00:00 bae06ce22c5ab6a4a3085300274f258d55858e90 These declarations were added to every source file because older versions of RDoc did not resolve ancestor tree across files. Since RDoc 6.9.0 supports this, this workaround is no longer needed. https://redirect.github.com/ruby/rdoc/pull/1217 https://github.com/ruby/openssl/commit/6491ce63be 
These declarations were added to every source file because older
versions of RDoc did not resolve ancestor tree across files. Since
RDoc 6.9.0 supports this, this workaround is no longer needed.

    https://redirect.github.com/ruby/rdoc/pull/1217

https://github.com/ruby/openssl/commit/6491ce63be
[ruby/openssl] asn1: refactor converting ASN1_OBJECT to string 2025-11-22T16:48:13+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-18T16:41:35+00:00 dd489ee9c48fc8c2b499b80f3ebcd053de33bb0a ruby/openssl exposes OIDs to Ruby as strings in many places, but the conversion logic has been duplicated and the behavior is inconsistent. There are mainly two patterns: - Returns the short name associated with the OID/NID, or the dotted decimal notation if it is unknown to OpenSSL. - Returns the long name, or the dotted decimal notation. These patterns are implemented using different OpenSSL APIs and that caused subtle differences. Add helper functions ossl_asn1obj_to_string() and ossl_asn1obj_to_string_long_name() to unify the logic. Also, document the current behaviors where it is not yet done. The inconsistency was likely unintentional, but since it dates back to the original implementations, standardizing it now would cause more issues than it resolves. https://github.com/ruby/openssl/commit/2ea36c21a4 
ruby/openssl exposes OIDs to Ruby as strings in many places, but the
conversion logic has been duplicated and the behavior is inconsistent.
There are mainly two patterns:

 - Returns the short name associated with the OID/NID, or the dotted
   decimal notation if it is unknown to OpenSSL.
 - Returns the long name, or the dotted decimal notation.

These patterns are implemented using different OpenSSL APIs and that
caused subtle differences. Add helper functions ossl_asn1obj_to_string()
and ossl_asn1obj_to_string_long_name() to unify the logic.

Also, document the current behaviors where it is not yet done. The
inconsistency was likely unintentional, but since it dates back to the
original implementations, standardizing it now would cause more issues
than it resolves.

https://github.com/ruby/openssl/commit/2ea36c21a4
[ruby/openssl] ts: refactor converting string to ASN1_OBJECT 2025-11-22T16:48:13+00:00 Kazuki Yamaguchi k@rhe.jp 2025-05-17T09:42:28+00:00 424499dd10aa01b3d84957761b19dde63b28113c obj_to_asn1obj() in ossl_ts.c and ossl_asn1.c are identical. Let's remove one in ossl_ts.c. eASN1Error can now be made static to ossl_asn1.c. https://github.com/ruby/openssl/commit/dcb05c40c2 
obj_to_asn1obj() in ossl_ts.c and ossl_asn1.c are identical. Let's
remove one in ossl_ts.c.

eASN1Error can now be made static to ossl_asn1.c.

https://github.com/ruby/openssl/commit/dcb05c40c2