CStr UTF-8 improvements

kornelski · kornelski · commit 79338a99ea3f · 2025-09-26T10:55:46.000+01:00
diff --git a/boring/src/asn1.rs b/boring/src/asn1.rs
@@ -63,20 +63,19 @@ foreign_type_and_impl_send_sync! {
 
 impl fmt::Display for Asn1GeneralizedTimeRef {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        unsafe {
-            let mem_bio = match MemBio::new() {
-                Err(_) => return f.write_str("error"),
-                Ok(m) => m,
-            };
-            let print_result = cvt(ffi::ASN1_GENERALIZEDTIME_print(
-                mem_bio.as_ptr(),
-                self.as_ptr(),
-            ));
-            match print_result {
-                Err(_) => f.write_str("error"),
-                Ok(_) => f.write_str(str::from_utf8_unchecked(mem_bio.get_buf())),
-            }
-        }
+        let bio = MemBio::new().ok();
+        let msg = bio
+            .as_ref()
+            .and_then(|mem_bio| unsafe {
+                cvt(ffi::ASN1_GENERALIZEDTIME_print(
+                    mem_bio.as_ptr(),
+                    self.as_ptr(),
+                ))
+                .ok()?;
+                str::from_utf8(mem_bio.get_buf()).ok()
+            })
+            .unwrap_or("error");
+        f.write_str(msg)
     }
 }
 
@@ -528,7 +527,20 @@ impl Asn1BitStringRef {
     #[corresponds(ASN1_STRING_get0_data)]
     #[must_use]
     pub fn as_slice(&self) -> &[u8] {
-        unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr() as *mut _), self.len()) }
+        unsafe {
+            let ptr = ASN1_STRING_get0_data(self.as_ptr().cast());
+            if ptr.is_null() {
+                return &[];
+            }
+            slice::from_raw_parts(ptr, self.len())
+        }
+    }
+
+    /// Returns the Asn1BitString as a str, if possible.
+    #[corresponds(ASN1_STRING_get0_data)]
+    #[must_use]
+    pub fn to_str(&self) -> Option<&str> {
+        str::from_utf8(self.as_slice()).ok()
     }
 
     /// Returns the number of bytes in the string.
@@ -601,10 +613,11 @@ impl fmt::Display for Asn1ObjectRef {
                 self.as_ptr(),
                 0,
             );
-            match str::from_utf8(&buf[..len as usize]) {
-                Err(_) => fmt.write_str("error"),
-                Ok(s) => fmt.write_str(s),
-            }
+            fmt.write_str(
+                buf.get(..len as usize)
+                    .and_then(|s| str::from_utf8(s).ok())
+                    .unwrap_or("error"),
+            )
         }
     }
 }
diff --git a/boring/src/bio.rs b/boring/src/bio.rs
@@ -68,7 +68,10 @@ impl MemBio {
         unsafe {
             let mut ptr = ptr::null_mut();
             let len = ffi::BIO_get_mem_data(self.0, &mut ptr);
-            slice::from_raw_parts(ptr as *const _ as *const _, len as usize)
+            if ptr.is_null() {
+                return &[];
+            }
+            slice::from_raw_parts(ptr.cast_const().cast(), len as usize)
         }
     }
 }
diff --git a/boring/src/error.rs b/boring/src/error.rs
@@ -146,9 +146,9 @@ impl Error {
                     // The memory referenced by data is only valid until that slot is overwritten
                     // in the error stack, so we'll need to copy it off if it's dynamic
                     let data = if flags & ffi::ERR_FLAG_STRING != 0 {
-                        let bytes = CStr::from_ptr(data as *const _).to_bytes();
-                        let data = String::from_utf8_lossy(bytes).into_owned();
-                        Some(data.into())
+                        Some(Cow::Owned(
+                            CStr::from_ptr(data.cast()).to_string_lossy().into_owned(),
+                        ))
                     } else {
                         None
                     };
@@ -214,8 +214,10 @@ impl Error {
             if cstr.is_null() {
                 return None;
             }
-            let bytes = CStr::from_ptr(cstr as *const _).to_bytes();
-            str::from_utf8(bytes).ok()
+            CStr::from_ptr(cstr.cast())
+                .to_str()
+                .ok()
+                .filter(|&msg| msg != "unknown library")
         }
     }
 
@@ -240,8 +242,7 @@ impl Error {
             if cstr.is_null() {
                 return None;
             }
-            let bytes = CStr::from_ptr(cstr as *const _).to_bytes();
-            str::from_utf8(bytes).ok()
+            CStr::from_ptr(cstr.cast()).to_str().ok()
         }
     }
 
@@ -263,8 +264,9 @@ impl Error {
             if self.file.is_null() {
                 return "";
             }
-            let bytes = CStr::from_ptr(self.file as *const _).to_bytes();
-            str::from_utf8(bytes).unwrap_or_default()
+            CStr::from_ptr(self.file.cast())
+                .to_str()
+                .unwrap_or_default()
         }
     }
 
diff --git a/boring/src/nid.rs b/boring/src/nid.rs
@@ -88,7 +88,9 @@ impl Nid {
     pub fn long_name(&self) -> Result<&'static str, ErrorStack> {
         unsafe {
             let nameptr = cvt_p(ffi::OBJ_nid2ln(self.0) as *mut c_char)?;
-            str::from_utf8(CStr::from_ptr(nameptr).to_bytes()).map_err(ErrorStack::internal_error)
+            CStr::from_ptr(nameptr)
+                .to_str()
+                .map_err(ErrorStack::internal_error)
         }
     }
 
@@ -98,7 +100,9 @@ impl Nid {
     pub fn short_name(&self) -> Result<&'static str, ErrorStack> {
         unsafe {
             let nameptr = cvt_p(ffi::OBJ_nid2sn(self.0) as *mut c_char)?;
-            str::from_utf8(CStr::from_ptr(nameptr).to_bytes()).map_err(ErrorStack::internal_error)
+            CStr::from_ptr(nameptr)
+                .to_str()
+                .map_err(ErrorStack::internal_error)
         }
     }
 
diff --git a/boring/src/ssl/callbacks.rs b/boring/src/ssl/callbacks.rs
@@ -451,14 +451,14 @@ where
 {
     // SAFETY: boring provides valid inputs.
     let ssl = unsafe { SslRef::from_ptr(ssl as *mut _) };
-    let line = unsafe { str::from_utf8_unchecked(CStr::from_ptr(line).to_bytes()) };
+    let line = unsafe { CStr::from_ptr(line).to_string_lossy() };
 
     let callback = ssl
         .ssl_context()
         .ex_data(SslContext::cached_ex_index::<F>())
         .expect("BUG: get session callback missing");
 
-    callback(ssl, line);
+    callback(ssl, &line);
 }
 
 pub(super) unsafe extern "C" fn raw_sign<M>(
diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
@@ -2564,7 +2564,7 @@ impl SslCipherRef {
             CStr::from_ptr(ptr as *const _)
         };
 
-        str::from_utf8(version.to_bytes()).unwrap()
+        version.to_str().unwrap()
     }
 
     /// Returns the number of bits used for the cipher.
@@ -2590,7 +2590,7 @@ impl SslCipherRef {
             // SSL_CIPHER_description requires a buffer of at least 128 bytes.
             let mut buf = [0; 128];
             let ptr = ffi::SSL_CIPHER_description(self.as_ptr(), buf.as_mut_ptr(), 128);
-            String::from_utf8(CStr::from_ptr(ptr as *const _).to_bytes().to_vec()).unwrap()
+            CStr::from_ptr(ptr.cast()).to_string_lossy().into_owned()
         }
     }
 
@@ -3216,6 +3216,8 @@ impl SslRef {
     }
 
     /// Returns a short string describing the state of the session.
+    ///
+    /// Returns empty string if the state wasn't valid UTF-8
     #[corresponds(SSL_state_string)]
     #[must_use]
     pub fn state_string(&self) -> &'static str {
@@ -3224,10 +3226,12 @@ impl SslRef {
             CStr::from_ptr(ptr as *const _)
         };
 
-        str::from_utf8(state.to_bytes()).unwrap()
+        state.to_str().unwrap_or_default()
     }
 
     /// Returns a longer string describing the state of the session.
+    ///
+    /// Returns empty string if the state wasn't valid UTF-8
     #[corresponds(SSL_state_string_long)]
     #[must_use]
     pub fn state_string_long(&self) -> &'static str {
@@ -3236,7 +3240,7 @@ impl SslRef {
             CStr::from_ptr(ptr as *const _)
         };
 
-        str::from_utf8(state.to_bytes()).unwrap()
+        state.to_str().unwrap_or_default()
     }
 
     /// Sets the host name to be sent to the server for Server Name Indication (SNI).
@@ -3348,6 +3352,8 @@ impl SslRef {
     }
 
     /// Returns a string describing the protocol version of the session.
+    ///
+    /// This may panic if the string isn't valid UTF-8 for some reason. Use [`Self::version2`] instead.
     #[corresponds(SSL_get_version)]
     #[must_use]
     pub fn version_str(&self) -> &'static str {
@@ -3356,7 +3362,7 @@ impl SslRef {
             CStr::from_ptr(ptr as *const _)
         };
 
-        str::from_utf8(version.to_bytes()).unwrap()
+        version.to_str().unwrap()
     }
 
     /// Sets the minimum supported protocol version.
diff --git a/boring/src/string.rs b/boring/src/string.rs
@@ -13,6 +13,9 @@ foreign_type_and_impl_send_sync! {
     type CType = c_char;
     fn drop = free;
 
+    /// # Safety
+    ///
+    /// MUST be UTF-8
     pub struct OpensslString;
 }
 
diff --git a/boring/src/x509/mod.rs b/boring/src/x509/mod.rs
@@ -19,7 +19,6 @@ use std::mem;
 use std::net::IpAddr;
 use std::path::Path;
 use std::ptr;
-use std::slice;
 use std::str;
 use std::sync::{LazyLock, Once};
 
@@ -1535,6 +1534,8 @@ impl X509VerifyError {
     }
 
     /// Return a human readable error string from the verification error.
+    ///
+    /// Returns empty string if the message was not UTF-8
     #[corresponds(X509_verify_cert_error_string)]
     #[allow(clippy::trivially_copy_pass_by_ref)]
     #[must_use]
@@ -1543,7 +1544,7 @@ impl X509VerifyError {
 
         unsafe {
             let s = ffi::X509_verify_cert_error_string(c_long::from(self.0));
-            str::from_utf8(CStr::from_ptr(s).to_bytes()).unwrap()
+            CStr::from_ptr(s).to_str().unwrap_or_default()
         }
     }
 }
@@ -1695,14 +1696,12 @@ impl GeneralNameRef {
                 return None;
             }
 
-            let ptr = ASN1_STRING_get0_data((*self.as_ptr()).d.ia5 as *mut _);
-            let len = ffi::ASN1_STRING_length((*self.as_ptr()).d.ia5 as *mut _);
+            let asn = Asn1BitStringRef::from_ptr((*self.as_ptr()).d.ia5);
 
-            let slice = slice::from_raw_parts(ptr, len as usize);
             // IA5Strings are stated to be ASCII (specifically IA5). Hopefully
             // OpenSSL checks that when loading a certificate but if not we'll
             // use this instead of from_utf8_unchecked just in case.
-            str::from_utf8(slice).ok()
+            asn.to_str()
         }
     }
 
@@ -1732,10 +1731,7 @@ impl GeneralNameRef {
                 return None;
             }
 
-            let ptr = ASN1_STRING_get0_data((*self.as_ptr()).d.ip as *mut _);
-            let len = ffi::ASN1_STRING_length((*self.as_ptr()).d.ip as *mut _);
-
-            Some(slice::from_raw_parts(ptr, len as usize))
+            Some(Asn1BitStringRef::from_ptr((*self.as_ptr()).d.ip).as_slice())
         }
     }
 }
@@ -1811,8 +1807,8 @@ impl Stackable for X509Object {
 use crate::ffi::{X509_get0_signature, X509_getm_notAfter, X509_getm_notBefore, X509_up_ref};
 
 use crate::ffi::{
-    ASN1_STRING_get0_data, X509_ALGOR_get0, X509_REQ_get_subject_name, X509_REQ_get_version,
-    X509_STORE_CTX_get0_chain, X509_set1_notAfter, X509_set1_notBefore,
+    X509_ALGOR_get0, X509_REQ_get_subject_name, X509_REQ_get_version, X509_STORE_CTX_get0_chain,
+    X509_set1_notAfter, X509_set1_notBefore,
 };
 
 use crate::ffi::X509_OBJECT_get0_X509;

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,10 @@ impl MemBio {`
`68`	`68`	`unsafe {`
`69`	`69`	`let mut ptr = ptr::null_mut();`
`70`	`70`	`let len = ffi::BIO_get_mem_data(self.0, &mut ptr);`
`71`		`- slice::from_raw_parts(ptr as const _ as const _, len as usize)`
	`71`	`+ if ptr.is_null() {`
	`72`	`+ return &[];`
	`73`	`+ }`
	`74`	`+ slice::from_raw_parts(ptr.cast_const().cast(), len as usize)`
`72`	`75`	`}`
`73`	`76`	`}`
`74`	`77`	`}`
Original file line number	Diff line number	Diff line change
`@@ -146,9 +146,9 @@ impl Error {`
`146`	`146`	`// The memory referenced by data is only valid until that slot is overwritten`
`147`	`147`	`// in the error stack, so we'll need to copy it off if it's dynamic`
`148`	`148`	`let data = if flags & ffi::ERR_FLAG_STRING != 0 {`
`149`		`- let bytes = CStr::from_ptr(data as *const _).to_bytes();`
`150`		`- let data = String::from_utf8_lossy(bytes).into_owned();`
`151`		`- Some(data.into())`
	`149`	`+ Some(Cow::Owned(`
	`150`	`+ CStr::from_ptr(data.cast()).to_string_lossy().into_owned(),`
	`151`	`+ ))`
`152`	`152`	`} else {`
`153`	`153`	`None`
`154`	`154`	`};`
`@@ -214,8 +214,10 @@ impl Error {`
`214`	`214`	`if cstr.is_null() {`
`215`	`215`	`return None;`
`216`	`216`	`}`
`217`		`- let bytes = CStr::from_ptr(cstr as *const _).to_bytes();`
`218`		`- str::from_utf8(bytes).ok()`
	`217`	`+ CStr::from_ptr(cstr.cast())`
	`218`	`+ .to_str()`
	`219`	`+ .ok()`
	`220`	`+ .filter(\|&msg\| msg != "unknown library")`
`219`	`221`	`}`
`220`	`222`	`}`
`221`	`223`
`@@ -240,8 +242,7 @@ impl Error {`
`240`	`242`	`if cstr.is_null() {`
`241`	`243`	`return None;`
`242`	`244`	`}`
`243`		`- let bytes = CStr::from_ptr(cstr as *const _).to_bytes();`
`244`		`- str::from_utf8(bytes).ok()`
	`245`	`+ CStr::from_ptr(cstr.cast()).to_str().ok()`
`245`	`246`	`}`
`246`	`247`	`}`
`247`	`248`
`@@ -263,8 +264,9 @@ impl Error {`
`263`	`264`	`if self.file.is_null() {`
`264`	`265`	`return "";`
`265`	`266`	`}`
`266`		`- let bytes = CStr::from_ptr(self.file as *const _).to_bytes();`
`267`		`- str::from_utf8(bytes).unwrap_or_default()`
	`267`	`+ CStr::from_ptr(self.file.cast())`
	`268`	`+ .to_str()`
	`269`	`+ .unwrap_or_default()`
`268`	`270`	`}`
`269`	`271`	`}`
`270`	`272`
Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,9 @@ impl Nid {`
`88`	`88`	`pub fn long_name(&self) -> Result<&'static str, ErrorStack> {`
`89`	`89`	`unsafe {`
`90`	`90`	`let nameptr = cvt_p(ffi::OBJ_nid2ln(self.0) as *mut c_char)?;`
`91`		`- str::from_utf8(CStr::from_ptr(nameptr).to_bytes()).map_err(ErrorStack::internal_error)`
	`91`	`+ CStr::from_ptr(nameptr)`
	`92`	`+ .to_str()`
	`93`	`+ .map_err(ErrorStack::internal_error)`
`92`	`94`	`}`
`93`	`95`	`}`
`94`	`96`
`@@ -98,7 +100,9 @@ impl Nid {`
`98`	`100`	`pub fn short_name(&self) -> Result<&'static str, ErrorStack> {`
`99`	`101`	`unsafe {`
`100`	`102`	`let nameptr = cvt_p(ffi::OBJ_nid2sn(self.0) as *mut c_char)?;`
`101`		`- str::from_utf8(CStr::from_ptr(nameptr).to_bytes()).map_err(ErrorStack::internal_error)`
	`103`	`+ CStr::from_ptr(nameptr)`
	`104`	`+ .to_str()`
	`105`	`+ .map_err(ErrorStack::internal_error)`
`102`	`106`	`}`
`103`	`107`	`}`
`104`	`108`
Original file line number	Diff line number	Diff line change
`@@ -451,14 +451,14 @@ where`
`451`	`451`	`{`
`452`	`452`	`// SAFETY: boring provides valid inputs.`
`453`	`453`	`let ssl = unsafe { SslRef::from_ptr(ssl as *mut _) };`
`454`		`- let line = unsafe { str::from_utf8_unchecked(CStr::from_ptr(line).to_bytes()) };`
	`454`	`+ let line = unsafe { CStr::from_ptr(line).to_string_lossy() };`
`455`	`455`
`456`	`456`	`let callback = ssl`
`457`	`457`	`.ssl_context()`
`458`	`458`	`.ex_data(SslContext::cached_ex_index::<F>())`
`459`	`459`	`.expect("BUG: get session callback missing");`
`460`	`460`
`461`		`- callback(ssl, line);`
	`461`	`+ callback(ssl, &line);`
`462`	`462`	`}`
`463`	`463`
`464`	`464`	`pub(super) unsafe extern "C" fn raw_sign<M>(`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,9 @@ foreign_type_and_impl_send_sync! {`
`13`	`13`	`type CType = c_char;`
`14`	`14`	`fn drop = free;`
`15`	`15`
	`16`	`+ /// # Safety`
	`17`	`+ ///`
	`18`	`+ /// MUST be UTF-8`
`16`	`19`	`pub struct OpensslString;`
`17`	`20`	`}`
`18`	`21`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,6 @@ use std::mem;`
`19`	`19`	`use std::net::IpAddr;`
`20`	`20`	`use std::path::Path;`
`21`	`21`	`use std::ptr;`
`22`		`-use std::slice;`
`23`	`22`	`use std::str;`
`24`	`23`	`use std::sync::{LazyLock, Once};`
`25`	`24`
`@@ -1535,6 +1534,8 @@ impl X509VerifyError {`
`1535`	`1534`	`}`
`1536`	`1535`
`1537`	`1536`	`/// Return a human readable error string from the verification error.`
	`1537`	`+ ///`
	`1538`	`+ /// Returns empty string if the message was not UTF-8`
`1538`	`1539`	`#[corresponds(X509_verify_cert_error_string)]`
`1539`	`1540`	`#[allow(clippy::trivially_copy_pass_by_ref)]`
`1540`	`1541`	`#[must_use]`
`@@ -1543,7 +1544,7 @@ impl X509VerifyError {`
`1543`	`1544`
`1544`	`1545`	`unsafe {`
`1545`	`1546`	`let s = ffi::X509_verify_cert_error_string(c_long::from(self.0));`
`1546`		`- str::from_utf8(CStr::from_ptr(s).to_bytes()).unwrap()`
	`1547`	`+ CStr::from_ptr(s).to_str().unwrap_or_default()`
`1547`	`1548`	`}`
`1548`	`1549`	`}`
`1549`	`1550`	`}`
`@@ -1695,14 +1696,12 @@ impl GeneralNameRef {`
`1695`	`1696`	`return None;`
`1696`	`1697`	`}`
`1697`	`1698`
`1698`		`- let ptr = ASN1_STRING_get0_data((self.as_ptr()).d.ia5 as mut _);`
`1699`		`- let len = ffi::ASN1_STRING_length((self.as_ptr()).d.ia5 as mut _);`
	`1699`	`+ let asn = Asn1BitStringRef::from_ptr((*self.as_ptr()).d.ia5);`
`1700`	`1700`
`1701`		`- let slice = slice::from_raw_parts(ptr, len as usize);`
`1702`	`1701`	`// IA5Strings are stated to be ASCII (specifically IA5). Hopefully`
`1703`	`1702`	`// OpenSSL checks that when loading a certificate but if not we'll`
`1704`	`1703`	`// use this instead of from_utf8_unchecked just in case.`
`1705`		`- str::from_utf8(slice).ok()`
	`1704`	`+ asn.to_str()`
`1706`	`1705`	`}`
`1707`	`1706`	`}`
`1708`	`1707`
`@@ -1732,10 +1731,7 @@ impl GeneralNameRef {`
`1732`	`1731`	`return None;`
`1733`	`1732`	`}`
`1734`	`1733`
`1735`		`- let ptr = ASN1_STRING_get0_data((self.as_ptr()).d.ip as mut _);`
`1736`		`- let len = ffi::ASN1_STRING_length((self.as_ptr()).d.ip as mut _);`
`1737`		`-`
`1738`		`- Some(slice::from_raw_parts(ptr, len as usize))`
	`1734`	`+ Some(Asn1BitStringRef::from_ptr((*self.as_ptr()).d.ip).as_slice())`
`1739`	`1735`	`}`
`1740`	`1736`	`}`
`1741`	`1737`	`}`
`@@ -1811,8 +1807,8 @@ impl Stackable for X509Object {`
`1811`	`1807`	`use crate::ffi::{X509_get0_signature, X509_getm_notAfter, X509_getm_notBefore, X509_up_ref};`
`1812`	`1808`
`1813`	`1809`	`use crate::ffi::{`
`1814`		`- ASN1_STRING_get0_data, X509_ALGOR_get0, X509_REQ_get_subject_name, X509_REQ_get_version,`
`1815`		`- X509_STORE_CTX_get0_chain, X509_set1_notAfter, X509_set1_notBefore,`
	`1810`	`+ X509_ALGOR_get0, X509_REQ_get_subject_name, X509_REQ_get_version, X509_STORE_CTX_get0_chain,`
	`1811`	`+ X509_set1_notAfter, X509_set1_notBefore,`
`1816`	`1812`	`};`
`1817`	`1813`
`1818`	`1814`	`use crate::ffi::X509_OBJECT_get0_X509;`