-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[refactor] replace methods removed in BC 1.75 #286
Conversation
I don't see any meaningful output from the PR tests. Should I? |
there seems to be this error:
which seems like a regression |
5b9798b
to
dd3e170
Compare
Thanks @kares ! I believe I've resolved the failure. At least locally I would love for you to weigh in on whether However, for ASN1TaggedObject there's also |
Thanks Justin, this does seem good as far as I checked. Have been looking into some other related PRs, such as #265, which made me sure we need to bring in more ASN.1 tests to make sure things work ~ as before. So it might take me a bit until I get those .rb tests in to merge this... |
@@ -1696,13 +1698,13 @@ ASN1Encodable toASN1(final ThreadContext context) { | |||
} | |||
|
|||
if ( type == DERGeneralString.class ) { | |||
return DERGeneralString.getInstance( val.asString().getBytes() ); | |||
return new DERGeneralString( val.asString().toString() ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
believe we should simply switch to ASN1GeneralString.getInstance
passing byte[]
, any reason not to?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't sure if moving from the more specific DER* instances to the more generic ASN1* instances would have knock on effects farther down the road. So went with a refactor that kept the same class but newer invocation. It does seem like ASN1* is what BC wants folks to be using. I'll move to using that instead.
2b96413
to
589bcd0
Compare
Been looking into that one and to me it seems risky in it's current state. However, this PR, seems much smaller in scope and should not cause regressions or at least not that much as #265. |
Bouncycastle 1.77 entered Debian recently, so landing this would help a lot with packaging JRuby in Debian. |
Hey, this requires more work and testing (e.g. getting more ASN.1 test from upstream) as it seems to me there's potential for a lot of regressions. The current way ASN.1 works is not aligned with C OpenSSL and we at least need to make sure it does not diverge further. I only have limited bandwidth and already tried looking into the ASN.1 PRs such as #283 which turned out a breaking change. I feel like the changes here might end up the same and need to allocate a few day to look into the upgrade. |
Let me know if there's something you'd like me to do @kares |
I also wish I could do something to help here, as there are CVEs resolved in BC 1.78 which are about to hit the dependency scanner noise soon :( https://www.bouncycastle.org/releasenotes.html |
wanted to take a look and borrow some of MRI's ASN.1 tests (a lot of them are likely to fail but at least they should fail the same between BC version changes) been also looking at ASN.1 since tagged objects are broken (#283 and #265 both of them not mergeable atm). maybe we should take it just one step at a time, for starters could we rebase please (there's a lot of changes on master). |
589bcd0
to
b4a533a
Compare
Rebased. I'll check out MRI's openssl tests later today. |
I added a single test and it fails, though cherry picking the commit to master, it fails the same way there. It looks like you've been very busy lately updating those tests @kares . I'm happy to add more of the MRI tests and open them in a separate PR against master, but I'm probably not going to be able to triage and update the failures in a reasonable amount of time, and I'm not sure if I'd just be interrupting the work you have in progress. Let me know if my continued attempts at porting are worth the while. |
fwiw, I imported some more tests and commented out the failing assertions with comments as to what is failing in master here: #296 |
looks good thanks, please give me a week or two to circle back here... indeed I have been busy but master should always be in a pretty much "stable" usable state. |
Several methods and classes were deprecated in BC 1.70 and many of those in the org.bouncycastle.asn1.* were removed in 1.75. This commit moves away from removed method and classes so BouncyCastle can be updated to 1.76.
554c938
to
6dc57df
Compare
I've rebased onto master and cherry-picked the full MRI asn.1 tests from #296 . Note, I've commented out the tests that fail on the master PR (with notes as to what is failing about them) and likewise have the failing tests on master commented out in this. However, this should show that no new tests fail with this PR. I've also ran the test_asn1.rb file using BC 1.78 and it passed. I'm not sure what's up with the CA test failures. I assume it's from me rebasing onto master? I will look at them in the morning. |
If help can be offered I may have some time to dive into looking at some of these in the next couple of weeks. I have a bit of ASN.1 experience from the bouncy castle world (mainly x509, CRL, oscp) so might be able to dredge some of that knowledge back up if it's relevant. |
The tests failing in this PR will fail if the tests on I attempted to follow the steps in |
I tried uncommenting out tests in |
As far as this PR and my test import PR go. Once I hear back from kares that these are mostly correct (not sure if all the tests that are completely commented out are valuable at this point), I can rebase my test import PR and remove the test import commits from this PR. Forward looking, I'm not sure if I'll be able to clear time to work on it in the next few weeks, but it seems like the tests point to several potentially low hanging fruit:
|
💟 thanks - its a good start.
oh man, was about to circle back here and got surprised by 🔴 CI, guess nothing can go smooth when you do not have dedicated maintainers on a project 😞. the
awesome if anyone can take a look at those "low hanging fruits" esp. if it's ASN.1 related... feel free to open follow up PRs |
thanks for the MR, master is now on 1.76 ... |
Several methods and classes were deprecated in BC 1.70 and many of those in the org.bouncycastle.asn1.* were removed in 1.75.
This commit moves away from removed method and classes so BouncyCastle can be updated to 1.76.