Commit 96012a62aa for openssl.org
commit 96012a62aaeb181affda6351037ead9bd0eed649
Author: Bob Beck <beck@openssl.org>
Date: Wed Apr 15 13:31:42 2026 -0600
Deprecate the ASN1_BIT_STRING name related funcitons.
These seem to have been from something long long ago
that nothing uses anymore. It seems like this is just something
we should not be doing in this way.
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon May 11 09:23:13 2026
(Merged from https://github.com/openssl/openssl/pull/30853)
diff --git a/CHANGES.md b/CHANGES.md
index 1dd27df4ba..cb6771d7bc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -64,6 +64,12 @@ OpenSSL Releases
*Shane Lontis*
+ * The functions `ASN1_BIT_STRING_name_print()`, `ASN1_BIT_STRING_num_asc(),
+ and `ASN1_BIT_STRING_set_asc()`, have been deprecated. Refer to the manual
+ pages for more information.
+
+ *Bob Beck*
+
* The API functions `CRYPTO_atomic_load_ptr`, `CRYPTO_atomic_store_ptr`, and
`CRYPTO_atomic_cmp_exch_ptr` have been added to libcrypto.
diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c
index 4982dba590..4d691b304c 100644
--- a/crypto/asn1/t_bitst.c
+++ b/crypto/asn1/t_bitst.c
@@ -12,6 +12,8 @@
#include <openssl/conf.h>
#include <openssl/x509v3.h>
+#if !defined(OPENSSL_NO_DEPRECATED_4_1)
+OSSL_BEGIN_ALLOW_DEPRECATED
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
BIT_STRING_BITNAME *tbl, int indent)
{
@@ -69,3 +71,5 @@ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
}
return -1;
}
+OSSL_END_ALLOW_DEPRECATED
+#endif /* !defined(OPENSSL_NO_DEPRECATED_4_1) */
diff --git a/doc/man3/ASN1_BIT_STRING_get_length.pod b/doc/man3/ASN1_BIT_STRING_get_length.pod
index bb3cabab79..7fb935cdde 100644
--- a/doc/man3/ASN1_BIT_STRING_get_length.pod
+++ b/doc/man3/ASN1_BIT_STRING_get_length.pod
@@ -27,11 +27,6 @@ ASN1_BIT_STRING_get_length - ASN1_BIT_STRING accessors
int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
const unsigned char *flags, int flags_len);
- int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
- BIT_STRING_BITNAME *tbl, int indent);
- int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
- int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name,
- int value, BIT_STRING_BITNAME *tbl);
int ASN1_BIT_STRING_get_length(const ASN1_BIT_STRING *bitstr,
size_t *length, int *unused_bits);
int ASN1_BIT_STRING_set1(ASN1_BIT_STRING *bitstr, const uint8_t *data,
@@ -42,6 +37,11 @@ hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
see L<openssl_user_macros(7)>:
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+ int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+ BIT_STRING_BITNAME *tbl, int indent);
+ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name,
+ int value, BIT_STRING_BITNAME *tbl);
=head1 DESCRIPTION
@@ -62,17 +62,6 @@ ASN1_BIT_STRING_check() checks if the I<a> bit string contains only bits
specified by the I<flags> vector. I<flags_len> is the length of I<flags>
in bytes.
-ASN1_BIT_STRING_name_print() prints the corresponding bit name specified
-in I<tbl> to I<out> based on the bit string I<bs>. I<indent> might be
-specified for a number of spaces to indent the line.
-
-ASN1_BIT_STRING_num_asc() searches for the provided I<name> in I<lname>
-and I<sname> fields of I<tbl>'s elements and returns the corresponding
-I<bitnum> field value in case there is a match found.
-
-ASN1_BIT_STRING_set_asc() sets the corresponding bit to I<name> in I<bs>
-based on the conversion table I<tbl>.
-
ASN1_BIT_STRING_get_length() returns the number of octets in I<bitstr>
containing bit values in I<length> and the number of unused bits in
the last octet in I<unused_bits>. The value returned in
@@ -86,6 +75,29 @@ I<V_ASN1_BIT_STRING> and its octets to the bits in the byte string
I<data> of length I<length> octets, making sure that the last
I<unused_bits> bits in the last byte are zero.
+ASN1_BIT_STRING_name_print() prints the corresponding bit name specified
+in I<tbl> to I<out> based on the bit string I<bs>. I<indent> might be
+specified for a number of spaces to indent the line. This function has
+been deprecated as of OpenSSL 4.1. For a replacement strategy, consider
+using a descriptive #define for the bit value, or if your application
+truly needs to do this with strings, implementing your own string to
+integer lookup table.
+
+ASN1_BIT_STRING_num_asc() searches for the provided I<name> in I<lname>
+and I<sname> fields of I<tbl>'s elements and returns the corresponding
+I<bitnum> field value in case there is a match found. This function has
+been deprecated as of OpenSSL 4.1. For a replacement strategy, consider
+using a descriptive #define for the bit value, or if your application
+truly needs to do this with strings, implementing your own string to
+integer lookup table.
+
+ASN1_BIT_STRING_set_asc() sets the corresponding bit to I<name> in I<bs>
+based on the conversion table I<tbl>. This function has
+been deprecated as of OpenSSL 4.1. For a replacement strategy, consider
+using a descriptive #define for the bit value, or if your application
+truly needs to do this with strings, implementing your own string to
+integer lookup table.
+
=head1 RETURN VALUES
ASN1_BIT_STRING_set_bit() returns 1 on success or 0 on incorrect input
@@ -126,6 +138,11 @@ added in OpenSSL version 4.0.
ASN1_BIT_STRING_set() was deprecated in OpenSSL 4.1 in favour of
ASN1_BIT_STRING_set1().
+ASN1_BIT_STRING_name_print() ASN1_BIT_STRING_num_asc(), and
+ASN1_BIT_STRING_set_asc(), Along with the BIT_STRING_BITNAME structure
+were present but undocumented in all versions of OpenSSL as public
+API. They are unused by the library. They were documented and then
+deprecated in OpenSSL 4.1.
=head1 COPYRIGHT
diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in
index b2e8b501a8..7beef17569 100644
--- a/include/openssl/asn1.h.in
+++ b/include/openssl/asn1.h.in
@@ -555,11 +555,13 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
const unsigned char *flags, int flags_len);
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+#if !defined(OPENSSL_NO_DEPRECATED_4_1)
+OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
BIT_STRING_BITNAME *tbl, int indent);
-int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
BIT_STRING_BITNAME *tbl);
+#endif /* !defined(OPENSSL_NO_DEPRECATED_4_1) */
int ASN1_BIT_STRING_get_length(const ASN1_BIT_STRING *abs, size_t *length,
int *unused_bits);
int ASN1_BIT_STRING_set1(ASN1_BIT_STRING *abs, const uint8_t *data,
diff --git a/util/libcrypto.num b/util/libcrypto.num
index b0d0e7266c..90c81f1fce 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2587,9 +2587,9 @@ ASN1_BIT_STRING_set_bit 2585 4_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_get_bit 2586 4_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_check 2587 4_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_get_length 2588 4_0_0 EXIST::FUNCTION:
-ASN1_BIT_STRING_name_print 2589 4_0_0 EXIST::FUNCTION:
-ASN1_BIT_STRING_num_asc 2590 4_0_0 EXIST::FUNCTION:
-ASN1_BIT_STRING_set_asc 2591 4_0_0 EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print 2589 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_4_1
+ASN1_BIT_STRING_num_asc 2590 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_4_1
+ASN1_BIT_STRING_set_asc 2591 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_4_1
d2i_ASN1_INTEGER 2592 4_0_0 EXIST::FUNCTION:
i2d_ASN1_INTEGER 2593 4_0_0 EXIST::FUNCTION:
ASN1_INTEGER_free 2594 4_0_0 EXIST::FUNCTION: