*Helen Zhang*
+ * Deprecated `ASN1_BIT_STRING_set()` in favour of `ASN1_BIT_STRING_set1()`.
+
+ *Norbert Pócs*
+
### Changes between 3.6 and 4.0.0 [14 Apr 2026]
* Added `-expected-rpks` option to the `openssl s_client`
#include <crypto/asn1.h>
+#ifndef OPENSSL_NO_DEPRECATED_4_1
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
{
return ASN1_STRING_set(x, d, len);
}
+#endif
int ossl_i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, unsigned char **pp)
{
if (sig_len > INT_MAX || (prot = ASN1_BIT_STRING_new()) == NULL)
goto end;
/* OpenSSL by default encodes all bit strings as ASN.1 NamedBitList */
- ossl_asn1_bit_string_set_unused_bits(prot, 0);
- if (!ASN1_BIT_STRING_set(prot, protection, (int)sig_len)) {
+ if (!ASN1_BIT_STRING_set1(prot, protection, (int)sig_len, 0)) {
ASN1_BIT_STRING_free(prot);
prot = NULL;
}
ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB);
goto err;
}
- ossl_asn1_bit_string_set_unused_bits(curve->seed, 0);
- if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
- (int)group->seed_len)) {
+ if (!ASN1_BIT_STRING_set1(curve->seed, group->seed,
+ (int)group->seed_len, 0)) {
ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB);
goto err;
}
aor->type = IPAddressOrRange_addressPrefix;
if (aor->u.addressPrefix == NULL && (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
goto err;
- if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+ /* BIT_STRING is a typedef of STRING
+ * this function allows to set value without checking invalid bits
+ * as they are nullified after setting */
+ if (!ASN1_STRING_set(aor->u.addressPrefix, addr, bytelen))
goto err;
if (bitlen > 0)
aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
for (i = length; i > 0 && min[i - 1] == 0x00; --i)
;
- if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+ if (!ASN1_BIT_STRING_set1(aor->u.addressRange->min, min, i, 0))
goto err;
- ossl_asn1_bit_string_set_unused_bits(aor->u.addressRange->min, 0);
if (i > 0) {
unsigned char b = min[i - 1];
int j = 1;
for (i = length; i > 0 && max[i - 1] == 0xFF; --i)
;
- if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+ if (!ASN1_BIT_STRING_set1(aor->u.addressRange->max, max, i, 0))
goto err;
- ossl_asn1_bit_string_set_unused_bits(aor->u.addressRange->max, 0);
if (i > 0) {
unsigned char b = max[i - 1];
int j = 1;
}
if ((pubkey->algor = X509_ALGOR_dup(a->algor)) == NULL
|| (pubkey->public_key = ASN1_BIT_STRING_new()) == NULL
- || !ASN1_BIT_STRING_set(pubkey->public_key,
- a->public_key->data,
- a->public_key->length)) {
+ || !ASN1_BIT_STRING_set1(pubkey->public_key,
+ a->public_key->data, a->public_key->length, 0)) {
x509_pubkey_ex_free((ASN1_VALUE **)&pubkey,
ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL));
ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
=head1 NAME
+ASN1_BIT_STRING_set,
ASN1_BIT_STRING_set1,
ASN1_BIT_STRING_set_bit,
ASN1_BIT_STRING_get_bit,
int ASN1_BIT_STRING_set1(ASN1_BIT_STRING *bitstr, const uint8_t *data,
size_t length, int unused_bits);
+The following function have been deprecated since OpenSSL 4.1, and can be
+hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
+see L<openssl_user_macros(7)>:
+
+ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+
=head1 DESCRIPTION
The ASN.1 BIT STRING type holds a bit string of arbitrary bit length.
the last octet in I<unused_bits>. The value returned in
I<unused_bits> is guaranteed to be between 0 and 7, inclusive.
+ASN1_BIT_STRING_set() sets the octets of I<a> to the bits in the
+byte string I<d> of I<length> octets.
+
ASN1_BIT_STRING_set1() sets the type of I<bitstr> to
I<V_ASN1_BIT_STRING> and its octets to the bits in the byte string
I<data> of length I<length> octets, making sure that the last
of I<bitstr> is internally inconsistent, or if one of I<bitstr>,
I<length>, or I<unused_bits> is NULL.
+ASN1_BIT_STRING_set() returns 1 on success or 0 if memory allocation fails,
+I<length> is not specified (value less than 0) and I<d> is NULL or
+I<length> is larger than INT_MAX-1.
+
ASN1_BIT_STRING_set1() returns 1 on success or 0 if memory allocation
-fails or if I<bitstr> is NULL , I<length> is too large, I<length>is
+fails or if I<bitstr> is NULL, I<length> is too large, I<length> is
zero and I<unused_bits> is nonzero, I<unused_bits> is less than 0 or
greater than 7, or any unused bit in the last octet of I<data> is
nonzero.
Functions ASN1_BIT_STRING_get_length() and ASN1_BIT_STRING_set1() were
added in OpenSSL version 4.0.
+ASN1_BIT_STRING_set() was deprecated in OpenSSL 4.1 in favour of
+ASN1_BIT_STRING_set1().
+
=head1 COPYRIGHT
Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved.
via an OSSL_PARAM, bearing in mind that the bounds must be checked if setting
this value.
+=head3 Deprecation of ASN1_BIT_STRING_set()
+
+This function was deprecated in OpenSSL 4.1 in favour of
+ASN1_BIT_STRING_set1(). The new functions in addition to what
+ASN1_BIT_STRING_set() does, validates the function arguments and sets
+unused bits after setting the BIT STRING value.
+
=head1 OPENSSL 4.0
=head2 Main Changes from OpenSSL 3.6
const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+#ifndef OPENSSL_NO_DEPRECATED_4_1
+OSSL_DEPRECATEDIN_4_1_FOR("use ASN1_BIT_STRING_set1()")
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a,
+ unsigned char *d, int length);
+#endif
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
|| !TEST_true(X509_NAME_add_entry_by_NID(name, NID_commonName,
MBSTRING_ASC,
namestr, -1, -1, 1))
- || !TEST_true(ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)))
+ || !TEST_true(ASN1_BIT_STRING_set1(key, keybytes, sizeof(keybytes), 0))
|| !TEST_true(ASN1_INTEGER_set_uint64(serial, (uint64_t)1)))
goto err;
cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);
ASN1_BIT_STRING_free 2581 4_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_new 2582 4_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_it 2583 4_0_0 EXIST::FUNCTION:
-ASN1_BIT_STRING_set 2584 4_0_0 EXIST::FUNCTION:
+ASN1_BIT_STRING_set 2584 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_4_1
ASN1_BIT_STRING_set_bit 2585 4_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_get_bit 2586 4_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_check 2587 4_0_0 EXIST::FUNCTION:
ASIdentifiers_it(3)
ASN1_ANY_it(3)
ASN1_BIT_STRING_it(3)
-ASN1_BIT_STRING_set(3)
ASN1_BMPSTRING_free(3)
ASN1_BMPSTRING_it(3)
ASN1_BMPSTRING_new(3)
projects / thirdparty / openssl.git / commitdiff
