Deprecate the ASN1_BIT_STRING name related funcitons.

These seem to have been from something long long ago
that nothing uses anymore. It seems like this is just something
we should not be doing in this way.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon May 11 09:23:13 2026
(Merged from https://github.com/openssl/openssl/pull/30853)

diff --git a/CHANGES.md b/CHANGES.md
index 1dd27df4ba14e9652b962a473b137690c58e61d2..cb6771d7bc4c800b2ff73685820a9ef5b4d4583f 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -64,6 +64,12 @@ OpenSSL Releases
 
    *Shane Lontis*
 
+ * The functions `ASN1_BIT_STRING_name_print()`, `ASN1_BIT_STRING_num_asc(),
+   and `ASN1_BIT_STRING_set_asc()`, have been deprecated. Refer to the manual
+   pages for more information.
+
+   *Bob Beck*
+
  * The API functions `CRYPTO_atomic_load_ptr`, `CRYPTO_atomic_store_ptr`, and
    `CRYPTO_atomic_cmp_exch_ptr` have been added to libcrypto.
 

diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c
index 4982dba5902e7637620590c937e5aef02df15922..4d691b304cb85725020f83a2b12be4fbb58e101e 100644 (file)
--- a/crypto/asn1/t_bitst.c
+++ b/crypto/asn1/t_bitst.c
@@ -12,6 +12,8 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
+#if !defined(OPENSSL_NO_DEPRECATED_4_1)
+OSSL_BEGIN_ALLOW_DEPRECATED
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
     BIT_STRING_BITNAME *tbl, int indent)
 {
@@ -69,3 +71,5 @@ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
     }
     return -1;
 }
+OSSL_END_ALLOW_DEPRECATED
+#endif /* !defined(OPENSSL_NO_DEPRECATED_4_1) */

diff --git a/doc/man3/ASN1_BIT_STRING_get_length.pod b/doc/man3/ASN1_BIT_STRING_get_length.pod
index bb3cabab7943de2ee7928d50007ec661aa57345d..7fb935cdde3992ab4133a1b24b11601880776d40 100644 (file)
--- a/doc/man3/ASN1_BIT_STRING_get_length.pod
+++ b/doc/man3/ASN1_BIT_STRING_get_length.pod
@@ -27,11 +27,6 @@ ASN1_BIT_STRING_get_length - ASN1_BIT_STRING accessors
   int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
     const unsigned char *flags, int flags_len);
 
-  int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
-    BIT_STRING_BITNAME *tbl, int indent);
-  int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
-  int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name,
-    int value, BIT_STRING_BITNAME *tbl);
   int ASN1_BIT_STRING_get_length(const ASN1_BIT_STRING *bitstr,
     size_t *length, int *unused_bits);
   int ASN1_BIT_STRING_set1(ASN1_BIT_STRING *bitstr, const uint8_t *data,
@@ -42,6 +37,11 @@ hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
 see L<openssl_user_macros(7)>:
 
   int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+  int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+    BIT_STRING_BITNAME *tbl, int indent);
+  int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+  int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name,
+    int value, BIT_STRING_BITNAME *tbl);
 
 =head1 DESCRIPTION
 
@@ -62,17 +62,6 @@ ASN1_BIT_STRING_check() checks if the I<a> bit string contains only bits
 specified by the I<flags> vector. I<flags_len> is the length of I<flags>
 in bytes.
 
-ASN1_BIT_STRING_name_print() prints the corresponding bit name specified
-in I<tbl> to I<out> based on the bit string I<bs>. I<indent> might be
-specified for a number of spaces to indent the line.
-
-ASN1_BIT_STRING_num_asc() searches for the provided I<name> in I<lname>
-and I<sname> fields of I<tbl>'s elements and returns the corresponding
-I<bitnum> field value in case there is a match found.
-
-ASN1_BIT_STRING_set_asc() sets the corresponding bit to I<name> in I<bs>
-based on the conversion table I<tbl>.
-
 ASN1_BIT_STRING_get_length() returns the number of octets in I<bitstr>
 containing bit values in I<length> and the number of unused bits in
 the last octet in I<unused_bits>. The value returned in
@@ -86,6 +75,29 @@ I<V_ASN1_BIT_STRING> and its octets to the bits in the byte string
 I<data> of length I<length> octets, making sure that the last
 I<unused_bits> bits in the last byte are zero.
 
+ASN1_BIT_STRING_name_print() prints the corresponding bit name specified
+in I<tbl> to I<out> based on the bit string I<bs>. I<indent> might be
+specified for a number of spaces to indent the line. This function has
+been deprecated as of OpenSSL 4.1. For a replacement strategy, consider
+using a descriptive #define for the bit value, or if your application
+truly needs to do this with strings, implementing your own string to
+integer lookup table.
+
+ASN1_BIT_STRING_num_asc() searches for the provided I<name> in I<lname>
+and I<sname> fields of I<tbl>'s elements and returns the corresponding
+I<bitnum> field value in case there is a match found. This function has
+been deprecated as of OpenSSL 4.1. For a replacement strategy, consider
+using a descriptive #define for the bit value, or if your application
+truly needs to do this with strings, implementing your own string to
+integer lookup table.
+
+ASN1_BIT_STRING_set_asc() sets the corresponding bit to I<name> in I<bs>
+based on the conversion table I<tbl>.  This function has
+been deprecated as of OpenSSL 4.1. For a replacement strategy, consider
+using a descriptive #define for the bit value, or if your application
+truly needs to do this with strings, implementing your own string to
+integer lookup table.
+
 =head1 RETURN VALUES
 
 ASN1_BIT_STRING_set_bit() returns 1 on success or 0 on incorrect input
@@ -126,6 +138,11 @@ added in OpenSSL version 4.0.
 
 ASN1_BIT_STRING_set() was deprecated in OpenSSL 4.1 in favour of
 ASN1_BIT_STRING_set1().
+ASN1_BIT_STRING_name_print() ASN1_BIT_STRING_num_asc(), and
+ASN1_BIT_STRING_set_asc(), Along with the BIT_STRING_BITNAME structure
+were present but undocumented in all versions of OpenSSL as public
+API.  They are unused by the library. They were documented and then
+deprecated in OpenSSL 4.1.
 
 =head1 COPYRIGHT
 

diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in
index b2e8b501a8a25ae69ea0c12c6b9d40d543c0123d..7beef17569745cd96c33a2a6b1c40928042da0ce 100644 (file)
--- a/include/openssl/asn1.h.in
+++ b/include/openssl/asn1.h.in
@@ -555,11 +555,13 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
 int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
     const unsigned char *flags, int flags_len);
 
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+#if !defined(OPENSSL_NO_DEPRECATED_4_1)
+OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
     BIT_STRING_BITNAME *tbl, int indent);
-int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
     BIT_STRING_BITNAME *tbl);
+#endif /* !defined(OPENSSL_NO_DEPRECATED_4_1) */
 int ASN1_BIT_STRING_get_length(const ASN1_BIT_STRING *abs, size_t *length,
     int *unused_bits);
 int ASN1_BIT_STRING_set1(ASN1_BIT_STRING *abs, const uint8_t *data,

diff --git a/util/libcrypto.num b/util/libcrypto.num
index b0d0e7266c836f7bd53134139738a7869c95c767..90c81f1fce730af5e8f8579e556bc69f21b97ee7 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2587,9 +2587,9 @@ ASN1_BIT_STRING_set_bit                 2585      4_0_0   EXIST::FUNCTION:
 ASN1_BIT_STRING_get_bit                 2586   4_0_0   EXIST::FUNCTION:
 ASN1_BIT_STRING_check                   2587   4_0_0   EXIST::FUNCTION:
 ASN1_BIT_STRING_get_length              2588   4_0_0   EXIST::FUNCTION:
-ASN1_BIT_STRING_name_print              2589   4_0_0   EXIST::FUNCTION:
-ASN1_BIT_STRING_num_asc                 2590   4_0_0   EXIST::FUNCTION:
-ASN1_BIT_STRING_set_asc                 2591   4_0_0   EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              2589   4_0_0   EXIST::FUNCTION:DEPRECATEDIN_4_1
+ASN1_BIT_STRING_num_asc                 2590   4_0_0   EXIST::FUNCTION:DEPRECATEDIN_4_1
+ASN1_BIT_STRING_set_asc                 2591   4_0_0   EXIST::FUNCTION:DEPRECATEDIN_4_1
 d2i_ASN1_INTEGER                        2592   4_0_0   EXIST::FUNCTION:
 i2d_ASN1_INTEGER                        2593   4_0_0   EXIST::FUNCTION:
 ASN1_INTEGER_free                       2594   4_0_0   EXIST::FUNCTION: