From: Bob Beck Date: Wed, 15 Apr 2026 19:31:42 +0000 (-0600) Subject: Deprecate the ASN1_BIT_STRING name related funcitons. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96012a62aaeb181affda6351037ead9bd0eed649;p=thirdparty%2Fopenssl.git Deprecate the ASN1_BIT_STRING name related funcitons. These seem to have been from something long long ago that nothing uses anymore. It seems like this is just something we should not be doing in this way. Reviewed-by: Saša Nedvědický Reviewed-by: Norbert Pocs MergeDate: Mon May 11 09:23:13 2026 (Merged from https://github.com/openssl/openssl/pull/30853) --- diff --git a/CHANGES.md b/CHANGES.md index 1dd27df4ba1..cb6771d7bc4 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -64,6 +64,12 @@ OpenSSL Releases *Shane Lontis* + * The functions `ASN1_BIT_STRING_name_print()`, `ASN1_BIT_STRING_num_asc(), + and `ASN1_BIT_STRING_set_asc()`, have been deprecated. Refer to the manual + pages for more information. + + *Bob Beck* + * The API functions `CRYPTO_atomic_load_ptr`, `CRYPTO_atomic_store_ptr`, and `CRYPTO_atomic_cmp_exch_ptr` have been added to libcrypto. diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c index 4982dba5902..4d691b304cb 100644 --- a/crypto/asn1/t_bitst.c +++ b/crypto/asn1/t_bitst.c @@ -12,6 +12,8 @@ #include #include +#if !defined(OPENSSL_NO_DEPRECATED_4_1) +OSSL_BEGIN_ALLOW_DEPRECATED int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, BIT_STRING_BITNAME *tbl, int indent) { @@ -69,3 +71,5 @@ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl) } return -1; } +OSSL_END_ALLOW_DEPRECATED +#endif /* !defined(OPENSSL_NO_DEPRECATED_4_1) */ diff --git a/doc/man3/ASN1_BIT_STRING_get_length.pod b/doc/man3/ASN1_BIT_STRING_get_length.pod index bb3cabab794..7fb935cdde3 100644 --- a/doc/man3/ASN1_BIT_STRING_get_length.pod +++ b/doc/man3/ASN1_BIT_STRING_get_length.pod @@ -27,11 +27,6 @@ ASN1_BIT_STRING_get_length - ASN1_BIT_STRING accessors int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags, int flags_len); - int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent); - int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); - int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, - int value, BIT_STRING_BITNAME *tbl); int ASN1_BIT_STRING_get_length(const ASN1_BIT_STRING *bitstr, size_t *length, int *unused_bits); int ASN1_BIT_STRING_set1(ASN1_BIT_STRING *bitstr, const uint8_t *data, @@ -42,6 +37,11 @@ hidden entirely by defining B with a suitable version value, see L: int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); + int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); + int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); + int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, + int value, BIT_STRING_BITNAME *tbl); =head1 DESCRIPTION @@ -62,17 +62,6 @@ ASN1_BIT_STRING_check() checks if the I bit string contains only bits specified by the I vector. I is the length of I in bytes. -ASN1_BIT_STRING_name_print() prints the corresponding bit name specified -in I to I based on the bit string I. I might be -specified for a number of spaces to indent the line. - -ASN1_BIT_STRING_num_asc() searches for the provided I in I -and I fields of I's elements and returns the corresponding -I field value in case there is a match found. - -ASN1_BIT_STRING_set_asc() sets the corresponding bit to I in I -based on the conversion table I. - ASN1_BIT_STRING_get_length() returns the number of octets in I containing bit values in I and the number of unused bits in the last octet in I. The value returned in @@ -86,6 +75,29 @@ I and its octets to the bits in the byte string I of length I octets, making sure that the last I bits in the last byte are zero. +ASN1_BIT_STRING_name_print() prints the corresponding bit name specified +in I to I based on the bit string I. I might be +specified for a number of spaces to indent the line. This function has +been deprecated as of OpenSSL 4.1. For a replacement strategy, consider +using a descriptive #define for the bit value, or if your application +truly needs to do this with strings, implementing your own string to +integer lookup table. + +ASN1_BIT_STRING_num_asc() searches for the provided I in I +and I fields of I's elements and returns the corresponding +I field value in case there is a match found. This function has +been deprecated as of OpenSSL 4.1. For a replacement strategy, consider +using a descriptive #define for the bit value, or if your application +truly needs to do this with strings, implementing your own string to +integer lookup table. + +ASN1_BIT_STRING_set_asc() sets the corresponding bit to I in I +based on the conversion table I. This function has +been deprecated as of OpenSSL 4.1. For a replacement strategy, consider +using a descriptive #define for the bit value, or if your application +truly needs to do this with strings, implementing your own string to +integer lookup table. + =head1 RETURN VALUES ASN1_BIT_STRING_set_bit() returns 1 on success or 0 on incorrect input @@ -126,6 +138,11 @@ added in OpenSSL version 4.0. ASN1_BIT_STRING_set() was deprecated in OpenSSL 4.1 in favour of ASN1_BIT_STRING_set1(). +ASN1_BIT_STRING_name_print() ASN1_BIT_STRING_num_asc(), and +ASN1_BIT_STRING_set_asc(), Along with the BIT_STRING_BITNAME structure +were present but undocumented in all versions of OpenSSL as public +API. They are unused by the library. They were documented and then +deprecated in OpenSSL 4.1. =head1 COPYRIGHT diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in index b2e8b501a8a..7beef175697 100644 --- a/include/openssl/asn1.h.in +++ b/include/openssl/asn1.h.in @@ -555,11 +555,13 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags, int flags_len); -int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, +#if !defined(OPENSSL_NO_DEPRECATED_4_1) +OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, BIT_STRING_BITNAME *tbl, int indent); -int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); -int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, +OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +OSSL_DEPRECATEDIN_4_1 int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, BIT_STRING_BITNAME *tbl); +#endif /* !defined(OPENSSL_NO_DEPRECATED_4_1) */ int ASN1_BIT_STRING_get_length(const ASN1_BIT_STRING *abs, size_t *length, int *unused_bits); int ASN1_BIT_STRING_set1(ASN1_BIT_STRING *abs, const uint8_t *data, diff --git a/util/libcrypto.num b/util/libcrypto.num index b0d0e7266c8..90c81f1fce7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2587,9 +2587,9 @@ ASN1_BIT_STRING_set_bit 2585 4_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_get_bit 2586 4_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_check 2587 4_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_get_length 2588 4_0_0 EXIST::FUNCTION: -ASN1_BIT_STRING_name_print 2589 4_0_0 EXIST::FUNCTION: -ASN1_BIT_STRING_num_asc 2590 4_0_0 EXIST::FUNCTION: -ASN1_BIT_STRING_set_asc 2591 4_0_0 EXIST::FUNCTION: +ASN1_BIT_STRING_name_print 2589 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_4_1 +ASN1_BIT_STRING_num_asc 2590 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_4_1 +ASN1_BIT_STRING_set_asc 2591 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_4_1 d2i_ASN1_INTEGER 2592 4_0_0 EXIST::FUNCTION: i2d_ASN1_INTEGER 2593 4_0_0 EXIST::FUNCTION: ASN1_INTEGER_free 2594 4_0_0 EXIST::FUNCTION: