grpc 1.41.0 → 1.43.1

data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h

@@ -63,11 +63,10 @@
 #include <time.h>
 
 #include <openssl/bio.h>
-#include <openssl/stack.h>
-
 #include <openssl/bn.h>
+#include <openssl/stack.h>
 
-#ifdef __cplusplus
+#if defined(__cplusplus)
 extern "C" {
 #endif
 
@@ -75,8 +74,12 @@ extern "C" {
 // Legacy ASN.1 library.
 //
 // This header is part of OpenSSL's ASN.1 implementation. It is retained for
-// compatibility but otherwise underdocumented and not actively maintained. Use
-// the new |CBS| and |CBB| library in <openssl/bytestring.h> instead.
+// compatibility but should not be used by new code. The functions are difficult
+// to use correctly, and have buggy or non-standard behaviors. They are thus
+// particularly prone to behavior changes and API removals, as BoringSSL
+// iterates on these issues.
+//
+// Use the new |CBS| and |CBB| library in <openssl/bytestring.h> instead.
 
 
 // Tag constants.
@@ -111,10 +114,6 @@ extern "C" {
 // V_ASN1_UNDEF is used in some APIs to indicate an ASN.1 element is omitted.
 #define V_ASN1_UNDEF (-1)
 
-// V_ASN1_APP_CHOOSE is used in some APIs to specify a default ASN.1 type based
-// on the context.
-#define V_ASN1_APP_CHOOSE (-2)
-
 // V_ASN1_OTHER is used in |ASN1_TYPE| to indicate a non-universal ASN.1 type.
 #define V_ASN1_OTHER (-3)
 
@@ -157,6 +156,327 @@ extern "C" {
 #define V_ASN1_NEG_INTEGER (V_ASN1_INTEGER | V_ASN1_NEG)
 #define V_ASN1_NEG_ENUMERATED (V_ASN1_ENUMERATED | V_ASN1_NEG)
 
+// The following constants are bitmask representations of ASN.1 types.
+#define B_ASN1_NUMERICSTRING 0x0001
+#define B_ASN1_PRINTABLESTRING 0x0002
+#define B_ASN1_T61STRING 0x0004
+#define B_ASN1_TELETEXSTRING 0x0004
+#define B_ASN1_VIDEOTEXSTRING 0x0008
+#define B_ASN1_IA5STRING 0x0010
+#define B_ASN1_GRAPHICSTRING 0x0020
+#define B_ASN1_ISO64STRING 0x0040
+#define B_ASN1_VISIBLESTRING 0x0040
+#define B_ASN1_GENERALSTRING 0x0080
+#define B_ASN1_UNIVERSALSTRING 0x0100
+#define B_ASN1_OCTET_STRING 0x0200
+#define B_ASN1_BIT_STRING 0x0400
+#define B_ASN1_BMPSTRING 0x0800
+#define B_ASN1_UNKNOWN 0x1000
+#define B_ASN1_UTF8STRING 0x2000
+#define B_ASN1_UTCTIME 0x4000
+#define B_ASN1_GENERALIZEDTIME 0x8000
+#define B_ASN1_SEQUENCE 0x10000
+
+// ASN1_tag2bit converts |tag| from the tag number of a universal type to a
+// corresponding |B_ASN1_*| constant, |B_ASN1_UNKNOWN|, or zero. If the
+// |B_ASN1_*| constant above is defined, it will map the corresponding
+// |V_ASN1_*| constant to it. Otherwise, whether it returns |B_ASN1_UNKNOWN| or
+// zero is ill-defined and callers should not rely on it.
+//
+// TODO(https://crbug.com/boringssl/412): Figure out what |B_ASN1_UNNOWN| vs
+// zero is meant to be. The main impact is what values go in |B_ASN1_PRINTABLE|.
+// To that end, we must return zero on types that can't go in |ASN1_STRING|.
+OPENSSL_EXPORT unsigned long ASN1_tag2bit(int tag);
+
+// ASN1_tag2str returns a string representation of |tag|, interpret as a tag
+// number for a universal type, or |V_ASN1_NEG_*|.
+OPENSSL_EXPORT const char *ASN1_tag2str(int tag);
+
+
+// API conventions.
+//
+// The following sample functions document the calling conventions used by
+// legacy ASN.1 APIs.
+
+#if 0  // Sample functions
+
+// d2i_SAMPLE parses a structure from up to |len| bytes at |*inp|. On success,
+// it advances |*inp| by the number of bytes read and returns a newly-allocated
+// |SAMPLE| object containing the parsed structure. If |out| is non-NULL, it
+// additionally frees the previous value at |*out| and updates |*out| to the
+// result. If parsing or allocating the result fails, it returns NULL.
+//
+// This function does not reject trailing data in the input. This allows the
+// caller to parse a sequence of concatenated structures. Callers parsing only
+// one structure should check for trailing data by comparing the updated |*inp|
+// with the end of the input.
+//
+// Note: If |out| and |*out| are both non-NULL, the object at |*out| is not
+// updated in-place. Instead, it is freed, and the pointer is updated to the
+// new object. This differs from OpenSSL, which behaves more like
+// |d2i_SAMPLE_with_reuse|. Callers are recommended to set |out| to NULL and
+// instead use the return value.
+SAMPLE *d2i_SAMPLE(SAMPLE **out, const uint8_t **inp, long len);
+
+// d2i_SAMPLE_with_reuse parses a structure from up to |len| bytes at |*inp|. On
+// success, it advances |*inp| by the number of bytes read and returns a
+// non-NULL pointer to an object containing the parsed structure. The object is
+// determined from |out| as follows:
+//
+// If |out| is NULL, the function places the result in a newly-allocated
+// |SAMPLE| object and returns it. This mode is recommended.
+//
+// If |out| is non-NULL, but |*out| is NULL, the function also places the result
+// in a newly-allocated |SAMPLE| object. It sets |*out| to this object and also
+// returns it.
+//
+// If |out| and |*out| are both non-NULL, the function updates the object at
+// |*out| in-place with the result and returns |*out|.
+//
+// If any of the above fail, the function returns NULL.
+//
+// This function does not reject trailing data in the input. This allows the
+// caller to parse a sequence of concatenated structures. Callers parsing only
+// one structure should check for trailing data by comparing the updated |*inp|
+// with the end of the input.
+//
+// WARNING: Callers should not rely on the in-place update mode. It often
+// produces the wrong result or breaks the type's internal invariants. Future
+// revisions of BoringSSL may standardize on the |d2i_SAMPLE| behavior.
+SAMPLE *d2i_SAMPLE_with_reuse(SAMPLE **out, const uint8_t **inp, long len);
+
+// i2d_SAMPLE marshals |in|. On error, it returns a negative value. On success,
+// it returns the length of the result and outputs it via |outp| as follows:
+//
+// If |outp| is NULL, the function writes nothing. This mode can be used to size
+// buffers.
+//
+// If |outp| is non-NULL but |*outp| is NULL, the function sets |*outp| to a
+// newly-allocated buffer containing the result. The caller is responsible for
+// releasing |*outp| with |OPENSSL_free|. This mode is recommended for most
+// callers.
+//
+// If |outp| and |*outp| are non-NULL, the function writes the result to
+// |*outp|, which must have enough space available, and advances |*outp| just
+// past the output.
+//
+// WARNING: In the third mode, the function does not internally check output
+// bounds. Failing to correctly size the buffer will result in a potentially
+// exploitable memory error.
+int i2d_SAMPLE(const SAMPLE *in, uint8_t **outp);
+
+#endif  // Sample functions
+
+// The following typedefs are sometimes used for pointers to functions like
+// |d2i_SAMPLE| and |i2d_SAMPLE|. Note, however, that these act on |void*|.
+// Calling a function with a different pointer type is undefined in C, so this
+// is only valid with a wrapper.
+typedef void *d2i_of_void(void **, const unsigned char **, long);
+typedef int i2d_of_void(const void *, unsigned char **);
+
+
+// ASN.1 types.
+//
+// An |ASN1_ITEM| represents an ASN.1 type and allows working with ASN.1 types
+// generically.
+//
+// |ASN1_ITEM|s use a different namespace from C types and are accessed via
+// |ASN1_ITEM_*| macros. So, for example, |ASN1_OCTET_STRING| is both a C type
+// and the name of an |ASN1_ITEM|, referenced as
+// |ASN1_ITEM_rptr(ASN1_OCTET_STRING)|.
+//
+// Each |ASN1_ITEM| has a corresponding C type, typically with the same name,
+// which represents values in the ASN.1 type. This type is either a pointer type
+// or |ASN1_BOOLEAN|. When it is a pointer, NULL pointers represent omitted
+// values. For example, an OCTET STRING value is declared with the C type
+// |ASN1_OCTET_STRING*| and uses the |ASN1_ITEM| named |ASN1_OCTET_STRING|. An
+// OPTIONAL OCTET STRING uses the same C type and represents an omitted value
+// with a NULL pointer. |ASN1_BOOLEAN| is described in a later section.
+
+// DECLARE_ASN1_ITEM declares an |ASN1_ITEM| with name |name|. The |ASN1_ITEM|
+// may be referenced with |ASN1_ITEM_rptr|. Uses of this macro should document
+// the corresponding ASN.1 and C types.
+#define DECLARE_ASN1_ITEM(name) extern OPENSSL_EXPORT const ASN1_ITEM name##_it;
+
+// ASN1_ITEM_rptr returns the |const ASN1_ITEM *| named |name|.
+#define ASN1_ITEM_rptr(name) (&(name##_it))
+
+// ASN1_ITEM_EXP is an abstraction for referencing an |ASN1_ITEM| in a
+// constant-initialized structure, such as a method table. It exists because, on
+// some OpenSSL platforms, |ASN1_ITEM| references are indirected through
+// functions. Structures reference the |ASN1_ITEM| by declaring a field like
+// |ASN1_ITEM_EXP *item| and initializing it with |ASN1_ITEM_ref|.
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+// ASN1_ITEM_ref returns an |ASN1_ITEM_EXP*| for the |ASN1_ITEM| named |name|.
+#define ASN1_ITEM_ref(name) (&(name##_it))
+
+// ASN1_ITEM_ptr converts |iptr|, which must be an |ASN1_ITEM_EXP*| to a
+// |const ASN1_ITEM*|.
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+// ASN1_VALUE_st (aka |ASN1_VALUE|) is an opaque type used as a placeholder for
+// the C type corresponding to an |ASN1_ITEM|.
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+// ASN1_item_new allocates a new value of the C type corresponding to |it|, or
+// NULL on error. On success, the caller must release the value with
+// |ASN1_item_free|, or the corresponding C type's free function, when done. The
+// new value will initialize fields of the value to some default state, such as
+// an empty string. Note, however, that this default state sometimes omits
+// required values, such as with CHOICE types.
+//
+// This function may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+//
+// WARNING: Casting the result of this function to the wrong type is a
+// potentially exploitable memory error. Callers must ensure the value is used
+// consistently with |it|. Prefer using type-specific functions such as
+// |ASN1_OCTET_STRING_new|.
+OPENSSL_EXPORT ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+
+// ASN1_item_free releases memory associated with |val|, which must be an object
+// of the C type corresponding to |it|.
+//
+// This function may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+//
+// WARNING: Passing a pointer of the wrong type into this function is a
+// potentially exploitable memory error. Callers must ensure |val| is consistent
+// with |it|. Prefer using type-specific functions such as
+// |ASN1_OCTET_STRING_free|.
+OPENSSL_EXPORT void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+
+// ASN1_item_d2i parses the ASN.1 type |it| from up to |len| bytes at |*inp|.
+// It behaves like |d2i_SAMPLE_with_reuse|, except that |out| and the return
+// value are cast to |ASN1_VALUE| pointers.
+//
+// TODO(https://crbug.com/boringssl/444): C strict aliasing forbids type-punning
+// |T*| and |ASN1_VALUE*| the way this function signature does. When that bug is
+// resolved, we will need to pick which type |*out| is (probably |T*|). Do not
+// use a non-NULL |out| to avoid ending up on the wrong side of this question.
+//
+// This function may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+//
+// WARNING: Casting the result of this function to the wrong type, or passing a
+// pointer of the wrong type into this function, are potentially exploitable
+// memory errors. Callers must ensure |out| is consistent with |it|. Prefer
+// using type-specific functions such as |d2i_ASN1_OCTET_STRING|.
+OPENSSL_EXPORT ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **out,
+                                         const unsigned char **inp, long len,
+                                         const ASN1_ITEM *it);
+
+// ASN1_item_i2d marshals |val| as the ASN.1 type associated with |it|, as
+// described in |i2d_SAMPLE|.
+//
+// This function may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+//
+// WARNING: Passing a pointer of the wrong type into this function is a
+// potentially exploitable memory error. Callers must ensure |val| is consistent
+// with |it|. Prefer using type-specific functions such as
+// |i2d_ASN1_OCTET_STRING|.
+OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **outp,
+                                 const ASN1_ITEM *it);
+
+// ASN1_item_dup returns a newly-allocated copy of |x|, or NULL on error. |x|
+// must be an object of |it|'s C type.
+//
+// This function may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+//
+// WARNING: Casting the result of this function to the wrong type, or passing a
+// pointer of the wrong type into this function, are potentially exploitable
+// memory errors. Prefer using type-specific functions such as
+// |ASN1_STRING_dup|.
+OPENSSL_EXPORT void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+// The following functions behave like |ASN1_item_d2i| but read from |in|
+// instead. |out| is the same parameter as in |ASN1_item_d2i|, but written with
+// |void*| instead. The return values similarly match.
+//
+// These functions may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+//
+// WARNING: These functions do not bound how much data is read from |in|.
+// Parsing an untrusted input could consume unbounded memory.
+OPENSSL_EXPORT void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *out);
+OPENSSL_EXPORT void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *out);
+
+// The following functions behave like |ASN1_item_i2d| but write to |out|
+// instead. |in| is the same parameter as in |ASN1_item_i2d|, but written with
+// |void*| instead.
+//
+// These functions may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+OPENSSL_EXPORT int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *in);
+OPENSSL_EXPORT int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *in);
+
+// ASN1_item_unpack parses |oct|'s contents as |it|'s ASN.1 type. It returns a
+// newly-allocated instance of |it|'s C type on success, or NULL on error.
+//
+// This function may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+//
+// WARNING: Casting the result of this function to the wrong type is a
+// potentially exploitable memory error. Callers must ensure the value is used
+// consistently with |it|.
+OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct,
+                                      const ASN1_ITEM *it);
+
+// ASN1_item_pack marshals |obj| as |it|'s ASN.1 type. If |out| is NULL, it
+// returns a newly-allocated |ASN1_STRING| with the result, or NULL on error.
+// If |out| is non-NULL, but |*out| is NULL, it does the same but additionally
+// sets |*out| to the result. If both |out| and |*out| are non-NULL, it writes
+// the result to |*out| and returns |*out| on success or NULL on error.
+//
+// This function may not be used with |ASN1_ITEM|s whose C type is
+// |ASN1_BOOLEAN|.
+//
+// WARNING: Passing a pointer of the wrong type into this function is a
+// potentially exploitable memory error. Callers must ensure |val| is consistent
+// with |it|.
+OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
+                                           ASN1_STRING **out);
+
+
+// Booleans.
+//
+// This library represents ASN.1 BOOLEAN values with |ASN1_BOOLEAN|, which is an
+// integer type. FALSE is zero, TRUE is 0xff, and an omitted OPTIONAL BOOLEAN is
+// -1.
+
+// d2i_ASN1_BOOLEAN parses a DER-encoded ASN.1 BOOLEAN from up to |len| bytes at
+// |*inp|. On success, it advances |*inp| by the number of bytes read and
+// returns the result. If |out| is non-NULL, it additionally writes the result
+// to |*out|. On error, it returns -1.
+//
+// This function does not reject trailing data in the input. This allows the
+// caller to parse a sequence of concatenated structures. Callers parsing only
+// one structure should check for trailing data by comparing the updated |*inp|
+// with the end of the input.
+//
+// WARNING: This function's is slightly different from other |d2i_*| functions
+// because |ASN1_BOOLEAN| is not a pointer type.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *out,
+                                             const unsigned char **inp,
+                                             long len);
+
+// i2d_ASN1_BOOLEAN marshals |a| as a DER-encoded ASN.1 BOOLEAN, as described in
+// |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **outp);
+
+// The following |ASN1_ITEM|s have ASN.1 type BOOLEAN and C type |ASN1_BOOLEAN|.
+// |ASN1_TBOOLEAN| and |ASN1_FBOOLEAN| must be marked OPTIONAL. When omitted,
+// they are parsed as TRUE and FALSE, respectively, rather than -1.
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+
 
 // Strings.
 //
@@ -216,9 +536,10 @@ extern "C" {
 // invariants on the |X509| object and break the |X509_get0_serialNumber|
 // invariant.
 //
-// TODO(davidben): This is very unfriendly. Getting the type field wrong should
-// not cause memory errors, but it may do strange things. We should add runtime
-// checks to anything that consumes |ASN1_STRING|s from the caller.
+// TODO(https://crbug.com/boringssl/445): This is very unfriendly. Getting the
+// type field wrong should not cause memory errors, but it may do strange
+// things. We should add runtime checks to anything that consumes |ASN1_STRING|s
+// from the caller.
 struct asn1_string_st {
   int length;
   int type;
@@ -232,14 +553,6 @@ struct asn1_string_st {
 // treated as padding. This behavior is deprecated and should not be used.
 #define ASN1_STRING_FLAG_BITS_LEFT 0x08
 
-// ASN1_STRING_FLAG_MSTRING indicates that the |ASN1_STRING| is an MSTRING type,
-// which is how this library refers to a CHOICE type of several string types.
-// For example, DirectoryString as defined in RFC5280.
-//
-// TODO(davidben): This is only used in one place within the library and is easy
-// to accidentally drop. Can it be removed?
-#define ASN1_STRING_FLAG_MSTRING 0x040
-
 // ASN1_STRING_type_new returns a newly-allocated empty |ASN1_STRING| object of
 // type |type|, or NULL on error.
 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_type_new(int type);
@@ -287,12 +600,8 @@ OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str);
 // suitable for sorting, callers should not rely on the exact order when |a|
 // and |b| are different types.
 //
-// If |a| or |b| are BIT STRINGs, this function does not compare the
-// |ASN1_STRING_FLAG_BITS_LEFT| flags. Additionally, if |a| and |b| are
-// INTEGERs, this comparison does not order the values numerically. For a
-// numerical comparison, use |ASN1_INTEGER_cmp|.
-//
-// TODO(davidben): The BIT STRING comparison seems like a bug. Fix it?
+// Note that, if |a| and |b| are INTEGERs, this comparison does not order the
+// values numerically. For a numerical comparison, use |ASN1_INTEGER_cmp|.
 OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
 
 // ASN1_STRING_set sets the contents of |str| to a copy of |len| bytes from
@@ -304,6 +613,102 @@ OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
 // |OPENSSL_malloc|.
 OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
 
+// The following functions call |ASN1_STRING_type_new| with the corresponding
+// |V_ASN1_*| constant.
+OPENSSL_EXPORT ASN1_BMPSTRING *ASN1_BMPSTRING_new(void);
+OPENSSL_EXPORT ASN1_GENERALSTRING *ASN1_GENERALSTRING_new(void);
+OPENSSL_EXPORT ASN1_IA5STRING *ASN1_IA5STRING_new(void);
+OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void);
+OPENSSL_EXPORT ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void);
+OPENSSL_EXPORT ASN1_T61STRING *ASN1_T61STRING_new(void);
+OPENSSL_EXPORT ASN1_UNIVERSALSTRING *ASN1_UNIVERSALSTRING_new(void);
+OPENSSL_EXPORT ASN1_UTF8STRING *ASN1_UTF8STRING_new(void);
+OPENSSL_EXPORT ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void);
+
+// The following functions call |ASN1_STRING_free|.
+OPENSSL_EXPORT void ASN1_BMPSTRING_free(ASN1_BMPSTRING *str);
+OPENSSL_EXPORT void ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *str);
+OPENSSL_EXPORT void ASN1_IA5STRING_free(ASN1_IA5STRING *str);
+OPENSSL_EXPORT void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *str);
+OPENSSL_EXPORT void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *str);
+OPENSSL_EXPORT void ASN1_T61STRING_free(ASN1_T61STRING *str);
+OPENSSL_EXPORT void ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *str);
+OPENSSL_EXPORT void ASN1_UTF8STRING_free(ASN1_UTF8STRING *str);
+OPENSSL_EXPORT void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *str);
+
+// The following functions parse up to |len| bytes from |*inp| as a
+// DER-encoded ASN.1 value of the corresponding type, as described in
+// |d2i_SAMPLE_with_reuse|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **out,
+                                                  const uint8_t **inp,
+                                                  long len);
+OPENSSL_EXPORT ASN1_GENERALSTRING *d2i_ASN1_GENERALSTRING(
+    ASN1_GENERALSTRING **out, const uint8_t **inp, long len);
+OPENSSL_EXPORT ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **out,
+                                                  const uint8_t **inp,
+                                                  long len);
+OPENSSL_EXPORT ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **out,
+                                                        const uint8_t **inp,
+                                                        long len);
+OPENSSL_EXPORT ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(
+    ASN1_PRINTABLESTRING **out, const uint8_t **inp, long len);
+OPENSSL_EXPORT ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **out,
+                                                  const uint8_t **inp,
+                                                  long len);
+OPENSSL_EXPORT ASN1_UNIVERSALSTRING *d2i_ASN1_UNIVERSALSTRING(
+    ASN1_UNIVERSALSTRING **out, const uint8_t **inp, long len);
+OPENSSL_EXPORT ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **out,
+                                                    const uint8_t **inp,
+                                                    long len);
+OPENSSL_EXPORT ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(
+    ASN1_VISIBLESTRING **out, const uint8_t **inp, long len);
+
+// The following functions marshal |in| as a DER-encoded ASN.1 value of the
+// corresponding type, as described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_BMPSTRING(const ASN1_BMPSTRING *in, uint8_t **outp);
+OPENSSL_EXPORT int i2d_ASN1_GENERALSTRING(const ASN1_GENERALSTRING *in,
+                                          uint8_t **outp);
+OPENSSL_EXPORT int i2d_ASN1_IA5STRING(const ASN1_IA5STRING *in, uint8_t **outp);
+OPENSSL_EXPORT int i2d_ASN1_OCTET_STRING(const ASN1_OCTET_STRING *in,
+                                         uint8_t **outp);
+OPENSSL_EXPORT int i2d_ASN1_PRINTABLESTRING(const ASN1_PRINTABLESTRING *in,
+                                            uint8_t **outp);
+OPENSSL_EXPORT int i2d_ASN1_T61STRING(const ASN1_T61STRING *in, uint8_t **outp);
+OPENSSL_EXPORT int i2d_ASN1_UNIVERSALSTRING(const ASN1_UNIVERSALSTRING *in,
+                                            uint8_t **outp);
+OPENSSL_EXPORT int i2d_ASN1_UTF8STRING(const ASN1_UTF8STRING *in,
+                                       uint8_t **outp);
+OPENSSL_EXPORT int i2d_ASN1_VISIBLESTRING(const ASN1_VISIBLESTRING *in,
+                                          uint8_t **outp);
+
+// The following |ASN1_ITEM|s have the ASN.1 type referred to in their name and
+// C type |ASN1_STRING*|. The C type may also be written as the corresponding
+// typedef.
+DECLARE_ASN1_ITEM(ASN1_BMPSTRING)
+DECLARE_ASN1_ITEM(ASN1_GENERALSTRING)
+DECLARE_ASN1_ITEM(ASN1_IA5STRING)
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING)
+DECLARE_ASN1_ITEM(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_ITEM(ASN1_T61STRING)
+DECLARE_ASN1_ITEM(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_ITEM(ASN1_UTF8STRING)
+DECLARE_ASN1_ITEM(ASN1_VISIBLESTRING)
+
+// ASN1_OCTET_STRING_dup calls |ASN1_STRING_dup|.
+OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(
+    const ASN1_OCTET_STRING *a);
+
+// ASN1_OCTET_STRING_cmp calls |ASN1_STRING_cmp|.
+OPENSSL_EXPORT int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+                                         const ASN1_OCTET_STRING *b);
+
+// ASN1_OCTET_STRING_set calls |ASN1_STRING_set|.
+OPENSSL_EXPORT int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str,
+                                         const unsigned char *data, int len);
+
 // ASN1_STRING_to_UTF8 converts |in| to UTF-8. On success, sets |*out| to a
 // newly-allocated buffer containing the resulting string and returns the length
 // of the string. The caller must call |OPENSSL_free| to release |*out| when
@@ -311,7 +716,170 @@ OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
 OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out,
                                        const ASN1_STRING *in);
 
-// TODO(davidben): Expand and document function prototypes generated in macros.
+// The following formats define encodings for use with functions like
+// |ASN1_mbstring_copy|. Note |MBSTRING_ASC| refers to Latin-1, not ASCII.
+#define MBSTRING_FLAG 0x1000
+#define MBSTRING_UTF8 (MBSTRING_FLAG)
+#define MBSTRING_ASC (MBSTRING_FLAG | 1)
+#define MBSTRING_BMP (MBSTRING_FLAG | 2)
+#define MBSTRING_UNIV (MBSTRING_FLAG | 4)
+
+// DIRSTRING_TYPE contains the valid string types in an X.509 DirectoryString.
+#define DIRSTRING_TYPE                                            \
+  (B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING | \
+   B_ASN1_UTF8STRING)
+
+// PKCS9STRING_TYPE contains the valid string types in a PKCS9String.
+#define PKCS9STRING_TYPE (DIRSTRING_TYPE | B_ASN1_IA5STRING)
+
+// ASN1_mbstring_copy converts |len| bytes from |in| to an ASN.1 string. If
+// |len| is -1, |in| must be NUL-terminated and the length is determined by
+// |strlen|. |in| is decoded according to |inform|, which must be one of
+// |MBSTRING_*|. |mask| determines the set of valid output types and is a
+// bitmask containing a subset of |B_ASN1_PRINTABLESTRING|, |B_ASN1_IA5STRING|,
+// |B_ASN1_T61STRING|, |B_ASN1_BMPSTRING|, |B_ASN1_UNIVERSALSTRING|, and
+// |B_ASN1_UTF8STRING|, in that preference order. This function chooses the
+// first output type in |mask| which can represent |in|. It interprets T61String
+// as Latin-1, rather than T.61.
+//
+// If |mask| is zero, |DIRSTRING_TYPE| is used by default.
+//
+// On success, this function returns the |V_ASN1_*| constant corresponding to
+// the selected output type and, if |out| and |*out| are both non-NULL, updates
+// the object at |*out| with the result. If |out| is non-NULL and |*out| is
+// NULL, it instead sets |*out| to a newly-allocated |ASN1_STRING| containing
+// the result. If |out| is NULL, it returns the selected output type without
+// constructing an |ASN1_STRING|. On error, this function returns -1.
+OPENSSL_EXPORT int ASN1_mbstring_copy(ASN1_STRING **out, const uint8_t *in,
+                                      int len, int inform, unsigned long mask);
+
+// ASN1_mbstring_ncopy behaves like |ASN1_mbstring_copy| but returns an error if
+// the input is less than |minsize| or greater than |maxsize| codepoints long. A
+// |maxsize| value of zero is ignored. Note the sizes are measured in
+// codepoints, not output bytes.
+OPENSSL_EXPORT int ASN1_mbstring_ncopy(ASN1_STRING **out, const uint8_t *in,
+                                       int len, int inform, unsigned long mask,
+                                       long minsize, long maxsize);
+
+// ASN1_STRING_set_by_NID behaves like |ASN1_mbstring_ncopy|, but determines
+// |mask|, |minsize|, and |maxsize| based on |nid|. When |nid| is a recognized
+// X.509 attribute type, it will pick a suitable ASN.1 string type and bounds.
+// For most attribute types, it preferentially chooses UTF8String. If |nid| is
+// unrecognized, it uses UTF8String by default.
+//
+// Slightly unlike |ASN1_mbstring_ncopy|, this function interprets |out| and
+// returns its result as follows: If |out| is NULL, it returns a newly-allocated
+// |ASN1_STRING| containing the result. If |out| is non-NULL and
+// |*out| is NULL, it additionally sets |*out| to the result. If both |out| and
+// |*out| are non-NULL, it instead updates the object at |*out| and returns
+// |*out|. In all cases, it returns NULL on error.
+//
+// This function supports the following NIDs: |NID_countryName|,
+// |NID_dnQualifier|, |NID_domainComponent|, |NID_friendlyName|,
+// |NID_givenName|, |NID_initials|, |NID_localityName|, |NID_ms_csp_name|,
+// |NID_name|, |NID_organizationalUnitName|, |NID_organizationName|,
+// |NID_pkcs9_challengePassword|, |NID_pkcs9_emailAddress|,
+// |NID_pkcs9_unstructuredAddress|, |NID_pkcs9_unstructuredName|,
+// |NID_serialNumber|, |NID_stateOrProvinceName|, and |NID_surname|. Additional
+// NIDs may be registered with |ASN1_STRING_set_by_NID|, but it is recommended
+// to call |ASN1_mbstring_ncopy| directly instead.
+OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                                   const unsigned char *in,
+                                                   int len, int inform,
+                                                   int nid);
+
+// STABLE_NO_MASK causes |ASN1_STRING_TABLE_add| to allow types other than
+// UTF8String.
+#define STABLE_NO_MASK 0x02
+
+// ASN1_STRING_TABLE_add registers the corresponding parameters with |nid|, for
+// use with |ASN1_STRING_set_by_NID|. It returns one on success and zero on
+// error. It is an error to call this function if |nid| is a built-in NID, or
+// was already registered by a previous call.
+//
+// WARNING: This function affects global state in the library. If two libraries
+// in the same address space register information for the same OID, one call
+// will fail. Prefer directly passing the desired parametrs to
+// |ASN1_mbstring_copy| or |ASN1_mbstring_ncopy| instead.
+OPENSSL_EXPORT int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
+                                         unsigned long mask,
+                                         unsigned long flags);
+
+
+// Multi-strings.
+//
+// A multi-string, or "MSTRING", is an |ASN1_STRING| that represents a CHOICE of
+// several string or string-like types, such as X.509's DirectoryString. The
+// |ASN1_STRING|'s type field determines which type is used.
+//
+// Multi-string types are associated with a bitmask, using the |B_ASN1_*|
+// constants, which defines which types are valid.
+
+// B_ASN1_DIRECTORYSTRING is a bitmask of types allowed in an X.509
+// DirectoryString (RFC 5280).
+#define B_ASN1_DIRECTORYSTRING                                        \
+  (B_ASN1_PRINTABLESTRING | B_ASN1_TELETEXSTRING | B_ASN1_BMPSTRING | \
+   B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING)
+
+// DIRECTORYSTRING_new returns a newly-allocated |ASN1_STRING| with type -1, or
+// NULL on error. The resulting |ASN1_STRING| is not a valid X.509
+// DirectoryString until initialized with a value.
+OPENSSL_EXPORT ASN1_STRING *DIRECTORYSTRING_new(void);
+
+// DIRECTORYSTRING_free calls |ASN1_STRING_free|.
+OPENSSL_EXPORT void DIRECTORYSTRING_free(ASN1_STRING *str);
+
+// d2i_DIRECTORYSTRING parses up to |len| bytes from |*inp| as a DER-encoded
+// X.509 DirectoryString (RFC 5280), as described in |d2i_SAMPLE_with_reuse|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+//
+// TODO(https://crbug.com/boringssl/449): DirectoryString's non-empty string
+// requirement is not currently enforced.
+OPENSSL_EXPORT ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **out,
+                                                const uint8_t **inp, long len);
+
+// i2d_DIRECTORYSTRING marshals |in| as a DER-encoded X.509 DirectoryString (RFC
+// 5280), as described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_DIRECTORYSTRING(const ASN1_STRING *in, uint8_t **outp);
+
+// DIRECTORYSTRING is an |ASN1_ITEM| whose ASN.1 type is X.509 DirectoryString
+// (RFC 5280) and C type is |ASN1_STRING*|.
+DECLARE_ASN1_ITEM(DIRECTORYSTRING)
+
+// B_ASN1_DISPLAYTEXT is a bitmask of types allowed in an X.509 DisplayText (RFC
+// 5280).
+#define B_ASN1_DISPLAYTEXT                                      \
+  (B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | \
+   B_ASN1_UTF8STRING)
+
+// DISPLAYTEXT_new returns a newly-allocated |ASN1_STRING| with type -1, or NULL
+// on error. The resulting |ASN1_STRING| is not a valid X.509 DisplayText until
+// initialized with a value.
+OPENSSL_EXPORT ASN1_STRING *DISPLAYTEXT_new(void);
+
+// DISPLAYTEXT_free calls |ASN1_STRING_free|.
+OPENSSL_EXPORT void DISPLAYTEXT_free(ASN1_STRING *str);
+
+// d2i_DISPLAYTEXT parses up to |len| bytes from |*inp| as a DER-encoded X.509
+// DisplayText (RFC 5280), as described in |d2i_SAMPLE_with_reuse|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+//
+// TODO(https://crbug.com/boringssl/449): DisplayText's size limits are not
+// currently enforced.
+OPENSSL_EXPORT ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **out,
+                                            const uint8_t **inp, long len);
+
+// i2d_DISPLAYTEXT marshals |in| as a DER-encoded X.509 DisplayText (RFC 5280),
+// as described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_DISPLAYTEXT(const ASN1_STRING *in, uint8_t **outp);
+
+// DISPLAYTEXT is an |ASN1_ITEM| whose ASN.1 type is X.509 DisplayText (RFC
+// 5280) and C type is |ASN1_STRING*|.
+DECLARE_ASN1_ITEM(DISPLAYTEXT)
 
 
 // Bit strings.
@@ -321,7 +889,7 @@ OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out,
 // in several forms:
 //
 // Some BIT STRINGs represent a bitmask of named bits, such as the X.509 key
-// usage extension in RFC5280, section 4.2.1.3. For such bit strings, DER
+// usage extension in RFC 5280, section 4.2.1.3. For such bit strings, DER
 // imposes an additional restriction that trailing zero bits are removed. Some
 // functions like |ASN1_BIT_STRING_set_bit| help in maintaining this.
 //
@@ -347,7 +915,58 @@ OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out,
 // {0x80} and flags of ASN1_STRING_FLAG_BITS_LEFT | 6. If
 // |ASN1_STRING_FLAG_BITS_LEFT| is unset, trailing zero bits are implicitly
 // removed. Callers should not rely this representation when constructing bit
-// strings.
+// strings. The padding bits in the |ASN1_STRING| data must be zero.
+
+// ASN1_BIT_STRING_new calls |ASN1_STRING_type_new| with |V_ASN1_BIT_STRING|.
+OPENSSL_EXPORT ASN1_BIT_STRING *ASN1_BIT_STRING_new(void);
+
+// ASN1_BIT_STRING_free calls |ASN1_STRING_free|.
+OPENSSL_EXPORT void ASN1_BIT_STRING_free(ASN1_BIT_STRING *str);
+
+// d2i_ASN1_BIT_STRING parses up to |len| bytes from |*inp| as a DER-encoded
+// ASN.1 BIT STRING, as described in |d2i_SAMPLE_with_reuse|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out,
+                                                    const uint8_t **inp,
+                                                    long len);
+
+// i2d_ASN1_BIT_STRING marshals |in| as a DER-encoded ASN.1 BIT STRING, as
+// described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_BIT_STRING(const ASN1_BIT_STRING *in,
+                                       uint8_t **outp);
+
+// c2i_ASN1_BIT_STRING decodes |len| bytes from |*inp| as the contents of a
+// DER-encoded BIT STRING, excluding the tag and length. It behaves like
+// |d2i_SAMPLE_with_reuse| except, on success, it always consumes all |len|
+// bytes.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out,
+                                                    const uint8_t **inp,
+                                                    long len);
+
+// i2c_ASN1_BIT_STRING encodes |in| as the contents of a DER-encoded BIT STRING,
+// excluding the tag and length. If |outp| is non-NULL, it writes the result to
+// |*outp|, advances |*outp| just past the output, and returns the number of
+// bytes written. |*outp| must have space available for the result. If |outp| is
+// NULL, it returns the number of bytes without writing anything. On error, it
+// returns a value <= 0.
+//
+// Note this function differs slightly from |i2d_SAMPLE|. If |outp| is non-NULL
+// and |*outp| is NULL, it does not allocate a new buffer.
+//
+// TODO(davidben): This function currently returns zero on error instead of -1,
+// but it is also mostly infallible. I've currently documented <= 0 to suggest
+// callers work with both.
+OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *in,
+                                       uint8_t **outp);
+
+// ASN1_BIT_STRING is an |ASN1_ITEM| with ASN.1 type BIT STRING and C type
+// |ASN1_BIT_STRING*|.
+DECLARE_ASN1_ITEM(ASN1_BIT_STRING)
 
 // ASN1_BIT_STRING_num_bytes computes the length of |str| in bytes. If |str|'s
 // bit length is a multiple of 8, it sets |*out| to the byte length and returns
@@ -386,8 +1005,6 @@ OPENSSL_EXPORT int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *str,
                                          const unsigned char *flags,
                                          int flags_len);
 
-// TODO(davidben): Expand and document function prototypes generated in macros.
-
 
 // Integers and enumerated values.
 //
@@ -398,12 +1015,65 @@ OPENSSL_EXPORT int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *str,
 // |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|. Note this differs from DER's
 // two's complement representation.
 
+DEFINE_STACK_OF(ASN1_INTEGER)
+
+// ASN1_INTEGER_new calls |ASN1_STRING_type_new| with |V_ASN1_INTEGER|. The
+// resulting object has value zero.
+OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_new(void);
+
+// ASN1_INTEGER_free calls |ASN1_STRING_free|.
+OPENSSL_EXPORT void ASN1_INTEGER_free(ASN1_INTEGER *str);
+
+// ASN1_INTEGER_dup calls |ASN1_STRING_dup|.
+OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+
+// d2i_ASN1_INTEGER parses up to |len| bytes from |*inp| as a DER-encoded
+// ASN.1 INTEGER, as described in |d2i_SAMPLE_with_reuse|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **out,
+                                              const uint8_t **inp, long len);
+
+// i2d_ASN1_INTEGER marshals |in| as a DER-encoded ASN.1 INTEGER, as
+// described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_INTEGER(const ASN1_INTEGER *in, uint8_t **outp);
+
+// c2i_ASN1_INTEGER decodes |len| bytes from |*inp| as the contents of a
+// DER-encoded INTEGER, excluding the tag and length. It behaves like
+// |d2i_SAMPLE_with_reuse| except, on success, it always consumes all |len|
+// bytes.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// some invalid inputs, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **in,
+                                              const uint8_t **outp, long len);
+
+// i2c_ASN1_INTEGER encodes |in| as the contents of a DER-encoded INTEGER,
+// excluding the tag and length. If |outp| is non-NULL, it writes the result to
+// |*outp|, advances |*outp| just past the output, and returns the number of
+// bytes written. |*outp| must have space available for the result. If |outp| is
+// NULL, it returns the number of bytes without writing anything. On error, it
+// returns a value <= 0.
+//
+// Note this function differs slightly from |i2d_SAMPLE|. If |outp| is non-NULL
+// and |*outp| is NULL, it does not allocate a new buffer.
+//
+// TODO(davidben): This function currently returns zero on error instead of -1,
+// but it is also mostly infallible. I've currently documented <= 0 to suggest
+// callers work with both.
+OPENSSL_EXPORT int i2c_ASN1_INTEGER(const ASN1_INTEGER *in, uint8_t **outp);
+
+// ASN1_INTEGER is an |ASN1_ITEM| with ASN.1 type INTEGER and C type
+// |ASN1_INTEGER*|.
+DECLARE_ASN1_ITEM(ASN1_INTEGER)
+
 // ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on
 // success and zero on error.
 OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 
-// ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on
-// success and zero on error.
+// ASN1_INTEGER_set_uint64 sets |a| to an INTEGER with value |v|. It returns one
+// on success and zero on error.
 OPENSSL_EXPORT int ASN1_INTEGER_set_uint64(ASN1_INTEGER *out, uint64_t v);
 
 // ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of
@@ -428,12 +1098,37 @@ OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
 OPENSSL_EXPORT int ASN1_INTEGER_cmp(const ASN1_INTEGER *x,
                                     const ASN1_INTEGER *y);
 
+// ASN1_ENUMERATED_new calls |ASN1_STRING_type_new| with |V_ASN1_ENUMERATED|.
+// The resulting object has value zero.
+OPENSSL_EXPORT ASN1_ENUMERATED *ASN1_ENUMERATED_new(void);
+
+// ASN1_ENUMERATED_free calls |ASN1_STRING_free|.
+OPENSSL_EXPORT void ASN1_ENUMERATED_free(ASN1_ENUMERATED *str);
+
+// d2i_ASN1_ENUMERATED parses up to |len| bytes from |*inp| as a DER-encoded
+// ASN.1 ENUMERATED, as described in |d2i_SAMPLE_with_reuse|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **out,
+                                                    const uint8_t **inp,
+                                                    long len);
+
+// i2d_ASN1_ENUMERATED marshals |in| as a DER-encoded ASN.1 ENUMERATED, as
+// described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_ENUMERATED(const ASN1_ENUMERATED *in,
+                                       uint8_t **outp);
+
+// ASN1_ENUMERATED is an |ASN1_ITEM| with ASN.1 type ENUMERATED and C type
+// |ASN1_ENUMERATED*|.
+DECLARE_ASN1_ITEM(ASN1_ENUMERATED)
+
 // ASN1_ENUMERATED_set sets |a| to an ENUMERATED with value |v|. It returns one
 // on success and zero on error.
 OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
 
-// ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of
-// range or the wrong type.
+// ASN1_ENUMERATED_get returns the value of |a| as a |long|, or -1 if |a| is out
+// of range or the wrong type.
 OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
 
 // BN_to_ASN1_ENUMERATED sets |ai| to an ENUMERATED with value |bn| and returns
@@ -449,45 +1144,329 @@ OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn,
 OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai,
                                              BIGNUM *bn);
 
-// TODO(davidben): Expand and document function prototypes generated in macros.
-
 
+// Time.
+//
+// GeneralizedTime and UTCTime values are represented as |ASN1_STRING|s. The
+// type field is |V_ASN1_GENERALIZEDTIME| or |V_ASN1_UTCTIME|, respectively. The
+// data field contains the DER encoding of the value. For example, the UNIX
+// epoch would be "19700101000000Z" for a GeneralizedTime and "700101000000Z"
+// for a UTCTime.
+//
+// ASN.1 does not define how to interpret UTCTime's two-digit year. RFC 5280
+// defines it as a range from 1950 to 2049 for X.509. The library uses the
+// RFC 5280 interpretation. It does not currently enforce the restrictions from
+// BER, and the additional restrictions from RFC 5280, but future versions may.
+// Callers should not rely on fractional seconds and non-UTC time zones.
+//
+// The |ASN1_TIME| typedef is a multi-string representing the X.509 Time type,
+// which is a CHOICE of GeneralizedTime and UTCTime, using UTCTime when the
+// value is in range.
 
-// Arbitrary elements.
+// ASN1_UTCTIME_new calls |ASN1_STRING_type_new| with |V_ASN1_UTCTIME|. The
+// resulting object contains empty contents and must be initialized to be a
+// valid UTCTime.
+OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_new(void);
 
-// ASN1_VALUE_st (aka |ASN1_VALUE|) is an opaque type used internally in the
-// library.
-typedef struct ASN1_VALUE_st ASN1_VALUE;
+// ASN1_UTCTIME_free calls |ASN1_STRING_free|.
+OPENSSL_EXPORT void ASN1_UTCTIME_free(ASN1_UTCTIME *str);
 
-// An asn1_type_st (aka |ASN1_TYPE|) represents an arbitrary ASN.1 element,
-// typically used used for ANY types. It contains a |type| field and a |value|
-// union dependent on |type|.
+// d2i_ASN1_UTCTIME parses up to |len| bytes from |*inp| as a DER-encoded
+// ASN.1 UTCTime, as described in |d2i_SAMPLE_with_reuse|.
 //
-// WARNING: This struct has a complex representation. Callers must not construct
-// |ASN1_TYPE| values manually. Use |ASN1_TYPE_set| and |ASN1_TYPE_set1|
-// instead. Additionally, callers performing non-trivial operations on this type
-// are encouraged to use |CBS| and |CBB| from <openssl/bytestring.h>, and
-// convert to or from |ASN1_TYPE| with |d2i_ASN1_TYPE| or |i2d_ASN1_TYPE|.
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **out,
+                                              const uint8_t **inp, long len);
+
+// i2d_ASN1_UTCTIME marshals |in| as a DER-encoded ASN.1 UTCTime, as
+// described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_UTCTIME(const ASN1_UTCTIME *in, uint8_t **outp);
+
+// ASN1_UTCTIME is an |ASN1_ITEM| with ASN.1 type UTCTime and C type
+// |ASN1_UTCTIME*|.
+DECLARE_ASN1_ITEM(ASN1_UTCTIME)
+
+// ASN1_UTCTIME_check returns one if |a| is a valid UTCTime and zero otherwise.
+OPENSSL_EXPORT int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
+
+// ASN1_UTCTIME_set represents |t| as a UTCTime and writes the result to |s|. It
+// returns |s| on success and NULL on error. If |s| is NULL, it returns a
+// newly-allocated |ASN1_UTCTIME| instead.
 //
-// The |type| field corresponds to the tag of the ASN.1 element being
-// represented:
+// Note this function may fail if the time is out of range for UTCTime.
+OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+
+// ASN1_UTCTIME_adj adds |offset_day| days and |offset_sec| seconds to |t| and
+// writes the result to |s| as a UTCTime. It returns |s| on success and NULL on
+// error. If |s| is NULL, it returns a newly-allocated |ASN1_UTCTIME| instead.
 //
-// If |type| is a |V_ASN1_*| constant for an ASN.1 string-like type, as defined
-// by |ASN1_STRING|, the tag matches the constant. |value| contains an
-// |ASN1_STRING| pointer (equivalently, one of the more specific typedefs). See
-// |ASN1_STRING| for details on the representation. Unlike |ASN1_STRING|,
-// |ASN1_TYPE| does not use the |V_ASN1_NEG| flag for negative INTEGER and
-// ENUMERATE values. For a negative value, the |ASN1_TYPE|'s |type| will be
-// |V_ASN1_INTEGER| or |V_ASN1_ENUMERATED|, but |value| will an |ASN1_STRING|
-// whose |type| is |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|.
+// Note this function may fail if the time overflows or is out of range for
+// UTCTime.
+OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                              int offset_day, long offset_sec);
+
+// ASN1_UTCTIME_set_string sets |s| to a UTCTime whose contents are a copy of
+// |str|. It returns one on success and zero on error or if |str| is not a valid
+// UTCTime.
 //
-// If |type| is |V_ASN1_OBJECT|, the tag is OBJECT IDENTIFIER and |value|
-// contains an |ASN1_OBJECT| pointer.
+// If |s| is NULL, this function validates |str| without copying it.
+OPENSSL_EXPORT int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+
+// ASN1_UTCTIME_cmp_time_t compares |s| to |t|. It returns -1 if |s| < |t|, 0 if
+// they are equal, 1 if |s| > |t|, and -2 on error.
+OPENSSL_EXPORT int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+
+// ASN1_GENERALIZEDTIME_new calls |ASN1_STRING_type_new| with
+// |V_ASN1_GENERALIZEDTIME|. The resulting object contains empty contents and
+// must be initialized to be a valid GeneralizedTime.
+OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void);
+
+// ASN1_GENERALIZEDTIME_free calls |ASN1_STRING_free|.
+OPENSSL_EXPORT void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *str);
+
+// d2i_ASN1_GENERALIZEDTIME parses up to |len| bytes from |*inp| as a
+// DER-encoded ASN.1 GeneralizedTime, as described in |d2i_SAMPLE_with_reuse|.
 //
-// If |type| is |V_ASN1_NULL|, the tag is NULL. |value| contains a NULL pointer.
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(
+    ASN1_GENERALIZEDTIME **out, const uint8_t **inp, long len);
+
+// i2d_ASN1_GENERALIZEDTIME marshals |in| as a DER-encoded ASN.1
+// GeneralizedTime, as described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_GENERALIZEDTIME(const ASN1_GENERALIZEDTIME *in,
+                                            uint8_t **outp);
+
+// ASN1_GENERALIZEDTIME is an |ASN1_ITEM| with ASN.1 type GeneralizedTime and C
+// type |ASN1_GENERALIZEDTIME*|.
+DECLARE_ASN1_ITEM(ASN1_GENERALIZEDTIME)
+
+// ASN1_GENERALIZEDTIME_check returns one if |a| is a valid GeneralizedTime and
+// zero otherwise.
+OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
+
+// ASN1_GENERALIZEDTIME_set represents |t| as a GeneralizedTime and writes the
+// result to |s|. It returns |s| on success and NULL on error. If |s| is NULL,
+// it returns a newly-allocated |ASN1_GENERALIZEDTIME| instead.
 //
-// If |type| is |V_ASN1_BOOLEAN|, the tag is BOOLEAN. |value| contains an
-// |ASN1_BOOLEAN|.
+// Note this function may fail if the time is out of range for GeneralizedTime.
+OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(
+    ASN1_GENERALIZEDTIME *s, time_t t);
+
+// ASN1_GENERALIZEDTIME_adj adds |offset_day| days and |offset_sec| seconds to
+// |t| and writes the result to |s| as a GeneralizedTime. It returns |s| on
+// success and NULL on error. If |s| is NULL, it returns a newly-allocated
+// |ASN1_GENERALIZEDTIME| instead.
+//
+// Note this function may fail if the time overflows or is out of range for
+// GeneralizedTime.
+OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(
+    ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec);
+
+// ASN1_GENERALIZEDTIME_set_string sets |s| to a GeneralizedTime whose contents
+// are a copy of |str|. It returns one on success and zero on error or if |str|
+// is not a valid GeneralizedTime.
+//
+// If |s| is NULL, this function validates |str| without copying it.
+OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s,
+                                                   const char *str);
+
+// B_ASN1_TIME is a bitmask of types allowed in an X.509 Time.
+#define B_ASN1_TIME (B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME)
+
+// ASN1_TIME_new returns a newly-allocated |ASN1_TIME| with type -1, or NULL on
+// error. The resulting |ASN1_TIME| is not a valid X.509 Time until initialized
+// with a value.
+OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_new(void);
+
+// ASN1_TIME_free releases memory associated with |str|.
+OPENSSL_EXPORT void ASN1_TIME_free(ASN1_TIME *str);
+
+// d2i_ASN1_TIME parses up to |len| bytes from |*inp| as a DER-encoded X.509
+// Time (RFC 5280), as described in |d2i_SAMPLE_with_reuse|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **out, const uint8_t **inp,
+                                        long len);
+
+// i2d_ASN1_TIME marshals |in| as a DER-encoded X.509 Time (RFC 5280), as
+// described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_TIME(const ASN1_TIME *in, uint8_t **outp);
+
+// ASN1_TIME is an |ASN1_ITEM| whose ASN.1 type is X.509 Time (RFC 5280) and C
+// type is |ASN1_TIME*|.
+DECLARE_ASN1_ITEM(ASN1_TIME)
+
+// ASN1_TIME_diff computes |to| - |from|. On success, it sets |*out_days| to the
+// difference in days, rounded towards zero, sets |*out_seconds| to the
+// remainder, and returns one. On error, it returns zero.
+//
+// If |from| is before |to|, both outputs will be <= 0, with at least one
+// negative. If |from| is after |to|, both will be >= 0, with at least one
+// positive. If they are equal, ignoring fractional seconds, both will be zero.
+//
+// Note this function may fail on overflow, or if |from| or |to| cannot be
+// decoded.
+OPENSSL_EXPORT int ASN1_TIME_diff(int *out_days, int *out_seconds,
+                                  const ASN1_TIME *from, const ASN1_TIME *to);
+
+// ASN1_TIME_set represents |t| as a GeneralizedTime or UTCTime and writes
+// the result to |s|. As in RFC 5280, section 4.1.2.5, it uses UTCTime when the
+// time fits and GeneralizedTime otherwise. It returns |s| on success and NULL
+// on error. If |s| is NULL, it returns a newly-allocated |ASN1_TIME| instead.
+//
+// Note this function may fail if the time is out of range for GeneralizedTime.
+OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+
+// ASN1_TIME_adj adds |offset_day| days and |offset_sec| seconds to
+// |t| and writes the result to |s|. As in RFC 5280, section 4.1.2.5, it uses
+// UTCTime when the time fits and GeneralizedTime otherwise. It returns |s| on
+// success and NULL on error. If |s| is NULL, it returns a newly-allocated
+// |ASN1_GENERALIZEDTIME| instead.
+//
+// Note this function may fail if the time overflows or is out of range for
+// GeneralizedTime.
+OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
+                                        long offset_sec);
+
+// ASN1_TIME_check returns one if |t| is a valid UTCTime or GeneralizedTime, and
+// zero otherwise. |t|'s type determines which check is performed. This
+// function does not enforce that UTCTime was used when possible.
+OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t);
+
+// ASN1_TIME_to_generalizedtime converts |t| to a GeneralizedTime. If |out| is
+// NULL, it returns a newly-allocated |ASN1_GENERALIZEDTIME| on success, or NULL
+// on error. If |out| is non-NULL and |*out| is NULL, it additionally sets
+// |*out| to the result. If |out| and |*out| are non-NULL, it instead updates
+// the object pointed by |*out| and returns |*out| on success or NULL on error.
+OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(
+    const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+
+// ASN1_TIME_set_string behaves like |ASN1_UTCTIME_set_string| if |str| is a
+// valid UTCTime, and |ASN1_GENERALIZEDTIME_set_string| if |str| is a valid
+// GeneralizedTime. If |str| is neither, it returns zero.
+OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+
+// TODO(davidben): Expand and document function prototypes generated in macros.
+
+
+// NULL values.
+//
+// This library represents the ASN.1 NULL value by a non-NULL pointer to the
+// opaque type |ASN1_NULL|. An omitted OPTIONAL ASN.1 NULL value is a NULL
+// pointer. Unlike other pointer types, it is not necessary to free |ASN1_NULL|
+// pointers, but it is safe to do so.
+
+// ASN1_NULL_new returns an opaque, non-NULL pointer. It is safe to call
+// |ASN1_NULL_free| on the result, but not necessary.
+OPENSSL_EXPORT ASN1_NULL *ASN1_NULL_new(void);
+
+// ASN1_NULL_free does nothing.
+OPENSSL_EXPORT void ASN1_NULL_free(ASN1_NULL *null);
+
+// d2i_ASN1_NULL parses a DER-encoded ASN.1 NULL value from up to |len| bytes
+// at |*inp|, as described in |d2i_SAMPLE|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **out, const uint8_t **inp,
+                                        long len);
+
+// i2d_ASN1_NULL marshals |in| as a DER-encoded ASN.1 NULL value, as described
+// in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_NULL(const ASN1_NULL *in, uint8_t **outp);
+
+// ASN1_NULL is an |ASN1_ITEM| with ASN.1 type NULL and C type |ASN1_NULL*|.
+DECLARE_ASN1_ITEM(ASN1_NULL)
+
+
+// Object identifiers.
+//
+// An |ASN1_OBJECT| represents a ASN.1 OBJECT IDENTIFIER. See also obj.h for
+// additional functions relating to |ASN1_OBJECT|.
+//
+// TODO(davidben): What's the relationship between asn1.h and obj.h? Most of
+// obj.h deals with the large NID table, but then functions like |OBJ_get0_data|
+// or |OBJ_dup| are general |ASN1_OBJECT| functions.
+
+DEFINE_STACK_OF(ASN1_OBJECT)
+
+// ASN1_OBJECT_create returns a newly-allocated |ASN1_OBJECT| with |len| bytes
+// from |data| as the encoded OID, or NULL on error. |data| should contain the
+// DER-encoded identifier, excluding the tag and length.
+//
+// |nid| should be |NID_undef|. Passing a NID value that does not match |data|
+// will cause some functions to misbehave. |sn| and |ln| should be NULL. If
+// non-NULL, they are stored as short and long names, respectively, but these
+// values have no effect for |ASN1_OBJECT|s created through this function.
+//
+// TODO(davidben): Should we just ignore all those parameters? NIDs and names
+// are only relevant for |ASN1_OBJECT|s in the obj.h table.
+OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, const uint8_t *data,
+                                               int len, const char *sn,
+                                               const char *ln);
+
+// ASN1_OBJECT_free releases memory associated with |a|. If |a| is a static
+// |ASN1_OBJECT|, returned from |OBJ_nid2obj|, this function does nothing.
+OPENSSL_EXPORT void ASN1_OBJECT_free(ASN1_OBJECT *a);
+
+// d2i_ASN1_OBJECT parses a DER-encoded ASN.1 OBJECT IDENTIFIER from up to |len|
+// bytes at |*inp|, as described in |d2i_SAMPLE_with_reuse|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **out,
+                                            const uint8_t **inp, long len);
+
+// i2d_ASN1_OBJECT marshals |in| as a DER-encoded ASN.1 OBJECT IDENTIFIER, as
+// described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, uint8_t **outp);
+
+// c2i_ASN1_OBJECT decodes |len| bytes from |*inp| as the contents of a
+// DER-encoded OBJECT IDENTIFIER, excluding the tag and length. It behaves like
+// |d2i_SAMPLE_with_reuse| except, on success, it always consumes all |len|
+// bytes.
+OPENSSL_EXPORT ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **out,
+                                            const uint8_t **inp, long len);
+
+// ASN1_OBJECT is an |ASN1_ITEM| with ASN.1 type OBJECT IDENTIFIER and C type
+// |ASN1_OBJECT*|.
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+
+// Arbitrary elements.
+
+// An asn1_type_st (aka |ASN1_TYPE|) represents an arbitrary ASN.1 element,
+// typically used for ANY types. It contains a |type| field and a |value| union
+// dependent on |type|.
+//
+// WARNING: This struct has a complex representation. Callers must not construct
+// |ASN1_TYPE| values manually. Use |ASN1_TYPE_set| and |ASN1_TYPE_set1|
+// instead. Additionally, callers performing non-trivial operations on this type
+// are encouraged to use |CBS| and |CBB| from <openssl/bytestring.h>, and
+// convert to or from |ASN1_TYPE| with |d2i_ASN1_TYPE| or |i2d_ASN1_TYPE|.
+//
+// The |type| field corresponds to the tag of the ASN.1 element being
+// represented:
+//
+// If |type| is a |V_ASN1_*| constant for an ASN.1 string-like type, as defined
+// by |ASN1_STRING|, the tag matches the constant. |value| contains an
+// |ASN1_STRING| pointer (equivalently, one of the more specific typedefs). See
+// |ASN1_STRING| for details on the representation. Unlike |ASN1_STRING|,
+// |ASN1_TYPE| does not use the |V_ASN1_NEG| flag for negative INTEGER and
+// ENUMERATE values. For a negative value, the |ASN1_TYPE|'s |type| will be
+// |V_ASN1_INTEGER| or |V_ASN1_ENUMERATED|, but |value| will an |ASN1_STRING|
+// whose |type| is |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|.
+//
+// If |type| is |V_ASN1_OBJECT|, the tag is OBJECT IDENTIFIER and |value|
+// contains an |ASN1_OBJECT| pointer.
+//
+// If |type| is |V_ASN1_NULL|, the tag is NULL. |value| contains a NULL pointer.
+//
+// If |type| is |V_ASN1_BOOLEAN|, the tag is BOOLEAN. |value| contains an
+// |ASN1_BOOLEAN|.
 //
 // If |type| is |V_ASN1_SEQUENCE|, |V_ASN1_SET|, or |V_ASN1_OTHER|, the tag is
 // SEQUENCE, SET, or some non-universal tag, respectively. |value| is an
@@ -527,6 +1506,34 @@ struct asn1_type_st {
   } value;
 };
 
+DEFINE_STACK_OF(ASN1_TYPE)
+
+// ASN1_TYPE_new returns a newly-allocated |ASN1_TYPE|, or NULL on allocation
+// failure. The resulting object has type -1 and must be initialized to be
+// a valid ANY value.
+OPENSSL_EXPORT ASN1_TYPE *ASN1_TYPE_new(void);
+
+// ASN1_TYPE_free releases memory associated with |a|.
+OPENSSL_EXPORT void ASN1_TYPE_free(ASN1_TYPE *a);
+
+// d2i_ASN1_TYPE parses up to |len| bytes from |*inp| as an ASN.1 value of any
+// type, as described in |d2i_SAMPLE_with_reuse|. Note this function only
+// validates primitive, universal types supported by this library. Values of
+// type |V_ASN1_SEQUENCE|, |V_ASN1_SET|, |V_ASN1_OTHER|, or an unsupported
+// primitive type must be validated by the caller when interpreting.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **out, const uint8_t **inp,
+                                        long len);
+
+// i2d_ASN1_TYPE marshals |in| as DER, as described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_TYPE(const ASN1_TYPE *in, uint8_t **outp);
+
+// ASN1_ANY is an |ASN1_ITEM| with ASN.1 type ANY and C type |ASN1_TYPE*|. Note
+// the |ASN1_ITEM| name and C type do not match.
+DECLARE_ASN1_ITEM(ASN1_ANY)
+
 // ASN1_TYPE_get returns the type of |a|, which will be one of the |V_ASN1_*|
 // constants, or zero if |a| is not fully initialized.
 OPENSSL_EXPORT int ASN1_TYPE_get(const ASN1_TYPE *a);
@@ -554,97 +1561,217 @@ OPENSSL_EXPORT int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
 // ordering.
 OPENSSL_EXPORT int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
 
-// TODO(davidben): Most of |ASN1_TYPE|'s APIs are hidden behind macros. Expand
-// the macros, document them, and move them to this section.
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
+
+// d2i_ASN1_SEQUENCE_ANY parses up to |len| bytes from |*inp| as a DER-encoded
+// ASN.1 SEQUENCE OF ANY structure, as described in |d2i_SAMPLE_with_reuse|. The
+// resulting |ASN1_SEQUENCE_ANY| owns its contents and thus must be released
+// with |sk_ASN1_TYPE_pop_free| and |ASN1_TYPE_free|, not |sk_ASN1_TYPE_free|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_SEQUENCE_ANY *d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **out,
+                                                        const uint8_t **inp,
+                                                        long len);
+
+// i2d_ASN1_SEQUENCE_ANY marshals |in| as a DER-encoded SEQUENCE OF ANY
+// structure, as described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *in,
+                                         uint8_t **outp);
+
+// d2i_ASN1_SET_ANY parses up to |len| bytes from |*inp| as a DER-encoded ASN.1
+// SET OF ANY structure, as described in |d2i_SAMPLE_with_reuse|. The resulting
+// |ASN1_SEQUENCE_ANY| owns its contents and thus must be released with
+// |sk_ASN1_TYPE_pop_free| and |ASN1_TYPE_free|, not |sk_ASN1_TYPE_free|.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **out,
+                                                   const uint8_t **inp,
+                                                   long len);
+
+// i2d_ASN1_SET_ANY marshals |in| as a DER-encoded SET OF ANY structure, as
+// described in |i2d_SAMPLE|.
+OPENSSL_EXPORT int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *in,
+                                    uint8_t **outp);
 
 
-// Underdocumented functions.
+// Human-readable output.
 //
-// The following functions are not yet documented and organized.
+// The following functions output types in some human-readable format. These
+// functions may be used for debugging and logging. However, the output should
+// not be consumed programmatically. They may be ambiguous or lose information.
 
-// For use with d2i_ASN1_type_bytes()
-#define B_ASN1_NUMERICSTRING 0x0001
-#define B_ASN1_PRINTABLESTRING 0x0002
-#define B_ASN1_T61STRING 0x0004
-#define B_ASN1_TELETEXSTRING 0x0004
-#define B_ASN1_VIDEOTEXSTRING 0x0008
-#define B_ASN1_IA5STRING 0x0010
-#define B_ASN1_GRAPHICSTRING 0x0020
-#define B_ASN1_ISO64STRING 0x0040
-#define B_ASN1_VISIBLESTRING 0x0040
-#define B_ASN1_GENERALSTRING 0x0080
-#define B_ASN1_UNIVERSALSTRING 0x0100
-#define B_ASN1_OCTET_STRING 0x0200
-#define B_ASN1_BIT_STRING 0x0400
-#define B_ASN1_BMPSTRING 0x0800
-#define B_ASN1_UNKNOWN 0x1000
-#define B_ASN1_UTF8STRING 0x2000
-#define B_ASN1_UTCTIME 0x4000
-#define B_ASN1_GENERALIZEDTIME 0x8000
-#define B_ASN1_SEQUENCE 0x10000
+// ASN1_UTCTIME_print writes a human-readable representation of |a| to |out|. It
+// returns one on success and zero on error.
+OPENSSL_EXPORT int ASN1_UTCTIME_print(BIO *out, const ASN1_UTCTIME *a);
 
-// For use with ASN1_mbstring_copy()
-#define MBSTRING_FLAG 0x1000
-#define MBSTRING_UTF8 (MBSTRING_FLAG)
-// |MBSTRING_ASC| refers to Latin-1, not ASCII. It is used with TeletexString
-// which, in turn, is treated as Latin-1 rather than T.61 by OpenSSL and most
-// other software.
-#define MBSTRING_ASC (MBSTRING_FLAG | 1)
-#define MBSTRING_BMP (MBSTRING_FLAG | 2)
-#define MBSTRING_UNIV (MBSTRING_FLAG | 4)
+// ASN1_GENERALIZEDTIME_print writes a human-readable representation of |a| to
+// |out|. It returns one on success and zero on error.
+OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *out,
+                                              const ASN1_GENERALIZEDTIME *a);
 
-DEFINE_STACK_OF(ASN1_OBJECT)
+// ASN1_TIME_print writes a human-readable representation of |a| to |out|. It
+// returns one on success and zero on error.
+OPENSSL_EXPORT int ASN1_TIME_print(BIO *out, const ASN1_TIME *a);
 
-// ASN1_ENCODING structure: this is used to save the received
-// encoding of an ASN1 type. This is useful to get round
-// problems with invalid encodings which can break signatures.
-
-typedef struct ASN1_ENCODING_st {
-  unsigned char *enc;  // DER encoding
-  long len;            // Length of encoding
-  int modified;        // set to 1 if 'enc' is invalid
-  // alias_only is zero if |enc| owns the buffer that it points to
-  // (although |enc| may still be NULL). If one, |enc| points into a
-  // buffer that is owned elsewhere.
-  unsigned alias_only : 1;
-  // alias_only_on_next_parse is one iff the next parsing operation
-  // should avoid taking a copy of the input and rather set
-  // |alias_only|.
-  unsigned alias_only_on_next_parse : 1;
-} ASN1_ENCODING;
-
-#define STABLE_FLAGS_MALLOC 0x01
-#define STABLE_NO_MASK 0x02
-#define DIRSTRING_TYPE                                            \
-  (B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING | \
-   B_ASN1_UTF8STRING)
-#define PKCS9STRING_TYPE (DIRSTRING_TYPE | B_ASN1_IA5STRING)
+// ASN1_STRING_print writes a human-readable representation of |str| to |out|.
+// It returns one on success and zero on error. Unprintable characters are
+// replaced with '.'.
+OPENSSL_EXPORT int ASN1_STRING_print(BIO *out, const ASN1_STRING *str);
+
+// ASN1_STRFLGS_ESC_2253 causes characters to be escaped as in RFC 2253, section
+// 2.4.
+#define ASN1_STRFLGS_ESC_2253 1
+
+// ASN1_STRFLGS_ESC_CTRL causes all control characters to be escaped.
+#define ASN1_STRFLGS_ESC_CTRL 2
+
+// ASN1_STRFLGS_ESC_MSB causes all characters above 127 to be escaped.
+#define ASN1_STRFLGS_ESC_MSB 4
+
+// ASN1_STRFLGS_ESC_QUOTE causes the string to be surrounded by quotes, rather
+// than using backslashes, when characters are escaped. Fewer characters will
+// require escapes in this case.
+#define ASN1_STRFLGS_ESC_QUOTE 8
+
+// ASN1_STRFLGS_UTF8_CONVERT causes the string to be encoded as UTF-8, with each
+// byte in the UTF-8 encoding treated as an individual character for purposes of
+// escape sequences. If not set, each Unicode codepoint in the string is treated
+// as a character, with wide characters escaped as "\Uxxxx" or "\Wxxxxxxxx".
+// Note this can be ambiguous if |ASN1_STRFLGS_ESC_*| are all unset. In that
+// case, backslashes are not escaped, but wide characters are.
+#define ASN1_STRFLGS_UTF8_CONVERT 0x10
+
+// ASN1_STRFLGS_IGNORE_TYPE causes the string type to be ignored. The
+// |ASN1_STRING| in-memory representation will be printed directly.
+#define ASN1_STRFLGS_IGNORE_TYPE 0x20
+
+// ASN1_STRFLGS_SHOW_TYPE causes the string type to be included in the output.
+#define ASN1_STRFLGS_SHOW_TYPE 0x40
+
+// ASN1_STRFLGS_DUMP_ALL causes all strings to be printed as a hexdump, using
+// RFC 2253 hexstring notation, such as "#0123456789ABCDEF".
+#define ASN1_STRFLGS_DUMP_ALL 0x80
+
+// ASN1_STRFLGS_DUMP_UNKNOWN behaves like |ASN1_STRFLGS_DUMP_ALL| but only
+// applies to values of unknown type. If unset, unknown values will print
+// their contents as single-byte characters with escape sequences.
+#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
+
+// ASN1_STRFLGS_DUMP_DER causes hexdumped strings (as determined by
+// |ASN1_STRFLGS_DUMP_ALL| or |ASN1_STRFLGS_DUMP_UNKNOWN|) to print the entire
+// DER element as in RFC 2253, rather than only the contents of the
+// |ASN1_STRING|.
+#define ASN1_STRFLGS_DUMP_DER 0x200
+
+// ASN1_STRFLGS_RFC2253 causes the string to be escaped as in RFC 2253,
+// additionally escaping control characters.
+#define ASN1_STRFLGS_RFC2253                                              \
+  (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | \
+   ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN |                \
+   ASN1_STRFLGS_DUMP_DER)
+
+// ASN1_STRING_print_ex writes a human-readable representation of |str| to
+// |out|. It returns the number of bytes written on success and -1 on error. If
+// |out| is NULL, it returns the number of bytes it would have written, without
+// writing anything.
+//
+// The |flags| should be a combination of combination of |ASN1_STRFLGS_*|
+// constants. See the documentation for each flag for how it controls the
+// output. If unsure, use |ASN1_STRFLGS_RFC2253|.
+OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str,
+                                        unsigned long flags);
+
+// ASN1_STRING_print_ex_fp behaves like |ASN1_STRING_print_ex| but writes to a
+// |FILE| rather than a |BIO|.
+OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str,
+                                           unsigned long flags);
+
+// i2a_ASN1_INTEGER writes a human-readable representation of |a| to |bp|. It
+// returns the number of bytes written on success, or a negative number on
+// error. On error, this function may have written a partial output to |bp|.
+OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
+
+// i2a_ASN1_ENUMERATED writes a human-readable representation of |a| to |bp|. It
+// returns the number of bytes written on success, or a negative number on
+// error. On error, this function may have written a partial output to |bp|.
+OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
+
+// i2a_ASN1_OBJECT writes a human-readable representation of |a| to |bp|. It
+// returns the number of bytes written on success, or a negative number on
+// error. On error, this function may have written a partial output to |bp|.
+OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
+
+// i2a_ASN1_STRING writes a text representation of |a|'s contents to |bp|. It
+// returns the number of bytes written on success, or a negative number on
+// error. On error, this function may have written a partial output to |bp|.
+// |type| is ignored.
+//
+// This function does not decode |a| into a Unicode string. It only hex-encodes
+// the internal representation of |a|. This is suitable for printing an OCTET
+// STRING, but may not be human-readable for any other string type.
+OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
+
+// i2t_ASN1_OBJECT calls |OBJ_obj2txt| with |always_return_oid| set to zero.
+OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf, int buf_len,
+                                   const ASN1_OBJECT *a);
 
-typedef struct asn1_string_table_st {
-  int nid;
-  long minsize;
-  long maxsize;
-  unsigned long mask;
-  unsigned long flags;
-} ASN1_STRING_TABLE;
 
-// size limits: this stuff is taken straight from RFC2459
+// Low-level encoding functions.
 
-#define ub_name 32768
-#define ub_common_name 64
-#define ub_locality_name 128
-#define ub_state_name 128
-#define ub_organization_name 64
-#define ub_organization_unit_name 64
-#define ub_title 64
-#define ub_email_address 128
+// ASN1_get_object parses a BER element from up to |max_len| bytes at |*inp|. It
+// returns |V_ASN1_CONSTRUCTED| if it successfully parsed a constructed element,
+// zero if it successfully parsed a primitive element, and 0x80 on error. On
+// success, it additionally advances |*inp| to the element body, sets
+// |*out_length|, |*out_tag|, and |*out_class| to the element's length, tag
+// number, and tag class, respectively,
+//
+// Unlike OpenSSL, this function does not support indefinite-length elements.
+//
+// This function is difficult to use correctly. Use |CBS_get_asn1| and related
+// functions from bytestring.h.
+//
+// TODO(https://crbug.com/boringssl/354): Remove support for non-minimal
+// lengths.
+OPENSSL_EXPORT int ASN1_get_object(const unsigned char **inp, long *out_length,
+                                   int *out_tag, int *out_class, long max_len);
+
+// ASN1_put_object writes the header for a DER or BER element to |*outp| and
+// advances |*outp| by the number of bytes written. The caller is responsible
+// for ensuring |*outp| has enough space for the output. The header describes an
+// element with length |length|, tag number |tag|, and class |xclass|. |xclass|
+// should be one of the |V_ASN1_*| tag class constants. The element is primitive
+// if |constructed| is zero and constructed if it is one or two. If
+// |constructed| is two, |length| is ignored and the element uses
+// indefinite-length encoding.
+//
+// Use |CBB_add_asn1| instead.
+OPENSSL_EXPORT void ASN1_put_object(unsigned char **outp, int constructed,
+                                    int length, int tag, int xclass);
+
+// ASN1_put_eoc writes two zero bytes to |*outp|, advances |*outp| to point past
+// those bytes, and returns two.
+//
+// Use definite-length encoding instead.
+OPENSSL_EXPORT int ASN1_put_eoc(unsigned char **outp);
+
+// ASN1_object_size returns the number of bytes needed to encode a DER or BER
+// value with length |length| and tag number |tag|, or -1 on error. |tag| should
+// not include the constructed bit or tag class. If |constructed| is zero or
+// one, the result uses a definite-length encoding with minimally-encoded
+// length, as in DER. If |constructed| is two, the result uses BER
+// indefinite-length encoding.
+//
+// Use |CBB_add_asn1| instead.
+OPENSSL_EXPORT int ASN1_object_size(int constructed, int length, int tag);
 
-// Declarations for template structures: for full definitions
-// see asn1t.h
-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_TLC_st ASN1_TLC;
 
-// Declare ASN1 functions: the implement macro in in asn1t.h
+// Function declaration macros.
+//
+// The following macros declare functions for ASN.1 types. Prefer writing the
+// prototypes directly. Particularly when |type|, |itname|, or |name| differ,
+// the macros can be difficult to understand.
 
 #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
 
@@ -679,154 +1806,29 @@ typedef struct ASN1_TLC_st ASN1_TLC;
   OPENSSL_EXPORT type *name##_new(void);              \
   OPENSSL_EXPORT void name##_free(type *a);
 
-#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
-  DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
-
-#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname)                \
-  OPENSSL_EXPORT int fname##_print_ctx(BIO *out, stname *x, int indent, \
-                                       const ASN1_PCTX *pctx);
 
-typedef void *d2i_of_void(void **, const unsigned char **, long);
-typedef int i2d_of_void(const void *, unsigned char **);
+// Deprecated functions.
 
-// The following macros and typedefs allow an ASN1_ITEM
-// to be embedded in a structure and referenced. Since
-// the ASN1_ITEM pointers need to be globally accessible
-// (possibly from shared libraries) they may exist in
-// different forms. On platforms that support it the
-// ASN1_ITEM structure itself will be globally exported.
-// Other platforms will export a function that returns
-// an ASN1_ITEM pointer.
-//
-// To handle both cases transparently the macros below
-// should be used instead of hard coding an ASN1_ITEM
-// pointer in a structure.
-//
-// The structure will look like this:
-//
-// typedef struct SOMETHING_st {
-//      ...
-//      ASN1_ITEM_EXP *iptr;
-//      ...
-// } SOMETHING;
-//
-// It would be initialised as e.g.:
-//
-// SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
-//
-// and the actual pointer extracted with:
-//
-// const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+// ASN1_PRINTABLE_type interprets |len| bytes from |s| as a Latin-1 string. It
+// returns the first of |V_ASN1_PRINTABLESTRING|, |V_ASN1_IA5STRING|, or
+// |V_ASN1_T61STRING| that can represent every character. If |len| is negative,
+// |strlen(s)| is used instead.
 //
-// Finally an ASN1_ITEM pointer can be extracted from an
-// appropriate reference with: ASN1_ITEM_rptr(X509). This
-// would be used when a function takes an ASN1_ITEM * argument.
-//
-
-// ASN1_ITEM pointer exported type
-typedef const ASN1_ITEM ASN1_ITEM_EXP;
-
-// Macro to obtain ASN1_ITEM pointer from exported type
-#define ASN1_ITEM_ptr(iptr) (iptr)
-
-// Macro to include ASN1_ITEM pointer from base type
-#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
-
-#define ASN1_ITEM_rptr(ref) (&(ref##_it))
-
-#define DECLARE_ASN1_ITEM(name) extern OPENSSL_EXPORT const ASN1_ITEM name##_it;
-
-// Parameters used by ASN1_STRING_print_ex()
-
-// These determine which characters to escape:
-// RFC2253 special characters, control characters and
-// MSB set characters
-
-#define ASN1_STRFLGS_ESC_2253 1
-#define ASN1_STRFLGS_ESC_CTRL 2
-#define ASN1_STRFLGS_ESC_MSB 4
-
-
-// This flag determines how we do escaping: normally
-// RC2253 backslash only, set this to use backslash and
-// quote.
-
-#define ASN1_STRFLGS_ESC_QUOTE 8
-
-
-// These three flags are internal use only.
+// TODO(davidben): Remove this once all copies of Conscrypt have been updated
+// past https://github.com/google/conscrypt/pull/1032.
+OPENSSL_EXPORT int ASN1_PRINTABLE_type(const unsigned char *s, int len);
 
-// Character is a valid PrintableString character
-#define CHARTYPE_PRINTABLESTRING 0x10
-// Character needs escaping if it is the first character
-#define CHARTYPE_FIRST_ESC_2253 0x20
-// Character needs escaping if it is the last character
-#define CHARTYPE_LAST_ESC_2253 0x40
-
-// NB the internal flags are safely reused below by flags
-// handled at the top level.
-
-// If this is set we convert all character strings
-// to UTF8 first
-
-#define ASN1_STRFLGS_UTF8_CONVERT 0x10
-
-// If this is set we don't attempt to interpret content:
-// just assume all strings are 1 byte per character. This
-// will produce some pretty odd looking output!
-
-#define ASN1_STRFLGS_IGNORE_TYPE 0x20
-
-// If this is set we include the string type in the output
-#define ASN1_STRFLGS_SHOW_TYPE 0x40
-
-// This determines which strings to display and which to
-// 'dump' (hex dump of content octets or DER encoding). We can
-// only dump non character strings or everything. If we
-// don't dump 'unknown' they are interpreted as character
-// strings with 1 octet per character and are subject to
-// the usual escaping options.
-
-#define ASN1_STRFLGS_DUMP_ALL 0x80
-#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
-
-// These determine what 'dumping' does, we can dump the
-// content octets or the DER encoding: both use the
-// RFC2253 #XXXXX notation.
-
-#define ASN1_STRFLGS_DUMP_DER 0x200
-
-// All the string flags consistent with RFC2253,
-// escaping control characters isn't essential in
-// RFC2253 but it is advisable anyway.
-
-#define ASN1_STRFLGS_RFC2253                                              \
-  (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | \
-   ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN |                \
-   ASN1_STRFLGS_DUMP_DER)
-
-DEFINE_STACK_OF(ASN1_INTEGER)
-
-DEFINE_STACK_OF(ASN1_TYPE)
-
-typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
+// ASN1_STRING_set_default_mask does nothing.
+OPENSSL_EXPORT void ASN1_STRING_set_default_mask(unsigned long mask);
 
-struct X509_algor_st {
-  ASN1_OBJECT *algorithm;
-  ASN1_TYPE *parameter;
-} /* X509_ALGOR */;
+// ASN1_STRING_set_default_mask_asc returns one.
+OPENSSL_EXPORT int ASN1_STRING_set_default_mask_asc(const char *p);
 
-DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+// ASN1_STRING_get_default_mask returns |B_ASN1_UTF8STRING|.
+OPENSSL_EXPORT unsigned long ASN1_STRING_get_default_mask(void);
 
-// This is used to contain a list of bit names
-typedef struct BIT_STRING_BITNAME_st {
-  int bitnum;
-  const char *lname;
-  const char *sname;
-} BIT_STRING_BITNAME;
+// ASN1_STRING_TABLE_cleanup does nothing.
+OPENSSL_EXPORT void ASN1_STRING_TABLE_cleanup(void);
 
 // M_ASN1_* are legacy aliases for various |ASN1_STRING| functions. Use the
 // functions themselves.
@@ -876,199 +1878,53 @@ typedef struct BIT_STRING_BITNAME_st {
 #define M_ASN1_UTF8STRING_new() ASN1_UTF8STRING_new()
 #define M_ASN1_UTF8STRING_free(a) ASN1_UTF8STRING_free(a)
 
-#define B_ASN1_TIME B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME
-
+// B_ASN1_PRINTABLE is a bitmask for an ad-hoc subset of string-like types. Note
+// the presence of |B_ASN1_UNKNOWN| means it includes types which |ASN1_tag2bit|
+// maps to |B_ASN1_UNKNOWN|.
+//
+// Do not use this. Despite the name, it has no connection to PrintableString or
+// printable characters. See https://crbug.com/boringssl/412.
 #define B_ASN1_PRINTABLE                                              \
-  B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING |  \
-      B_ASN1_IA5STRING | B_ASN1_BIT_STRING | B_ASN1_UNIVERSALSTRING | \
-      B_ASN1_BMPSTRING | B_ASN1_UTF8STRING | B_ASN1_SEQUENCE | B_ASN1_UNKNOWN
-
-#define B_ASN1_DIRECTORYSTRING                                       \
-  B_ASN1_PRINTABLESTRING | B_ASN1_TELETEXSTRING | B_ASN1_BMPSTRING | \
-      B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING
-
-#define B_ASN1_DISPLAYTEXT \
-  B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING
-
-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+  (B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | \
+   B_ASN1_IA5STRING | B_ASN1_BIT_STRING | B_ASN1_UNIVERSALSTRING |    \
+   B_ASN1_BMPSTRING | B_ASN1_UTF8STRING | B_ASN1_SEQUENCE | B_ASN1_UNKNOWN)
 
-OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_new(void);
-OPENSSL_EXPORT void ASN1_OBJECT_free(ASN1_OBJECT *a);
-OPENSSL_EXPORT int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
-OPENSSL_EXPORT ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a,
-                                            const unsigned char **pp,
-                                            long length);
-OPENSSL_EXPORT ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a,
-                                            const unsigned char **pp,
-                                            long length);
-
-DECLARE_ASN1_ITEM(ASN1_OBJECT)
-
-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a,
-                                       unsigned char **pp);
-OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
-                                                    const unsigned char **pp,
-                                                    long length);
-
-OPENSSL_EXPORT int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
-OPENSSL_EXPORT int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp,
-                                    long length);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-OPENSSL_EXPORT int i2c_ASN1_INTEGER(const ASN1_INTEGER *a, unsigned char **pp);
-OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,
-                                              const unsigned char **pp,
-                                              long length);
-OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+// ASN1_PRINTABLE_new returns a newly-allocated |ASN1_STRING| with type -1, or
+// NULL on error. The resulting |ASN1_STRING| is not a valid ASN.1 value until
+// initialized with a value.
+OPENSSL_EXPORT ASN1_STRING *ASN1_PRINTABLE_new(void);
 
-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+// ASN1_PRINTABLE_free calls |ASN1_STRING_free|.
+OPENSSL_EXPORT void ASN1_PRINTABLE_free(ASN1_STRING *str);
 
-OPENSSL_EXPORT int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
-OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
-OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
-                                              int offset_day, long offset_sec);
-OPENSSL_EXPORT int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
-OPENSSL_EXPORT int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
-#endif
-
-OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
-OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(
-    ASN1_GENERALIZEDTIME *s, time_t t);
-OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(
-    ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec);
-OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s,
-                                                   const char *str);
-OPENSSL_EXPORT int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from,
-                                  const ASN1_TIME *to);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(
-    const ASN1_OCTET_STRING *a);
-OPENSSL_EXPORT int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
-                                         const ASN1_OCTET_STRING *b);
-OPENSSL_EXPORT int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str,
-                                         const unsigned char *data, int len);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
-
-OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
-OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
-                                        long offset_sec);
-OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t);
-OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(
-    const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
-OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-
-OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
-OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
-OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
-OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
-OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf, int buf_len,
-                                   const ASN1_OBJECT *a);
-
-OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid,
-                                               const unsigned char *data,
-                                               int len, const char *sn,
-                                               const char *ln);
-
-// General
-// given a string, return the correct type, max is the maximum length
-OPENSSL_EXPORT int ASN1_PRINTABLE_type(const unsigned char *s, int max);
-
-OPENSSL_EXPORT unsigned long ASN1_tag2bit(int tag);
-
-// SPECIALS
-OPENSSL_EXPORT int ASN1_get_object(const unsigned char **pp, long *plength,
-                                   int *ptag, int *pclass, long omax);
-OPENSSL_EXPORT void ASN1_put_object(unsigned char **pp, int constructed,
-                                    int length, int tag, int xclass);
-OPENSSL_EXPORT int ASN1_put_eoc(unsigned char **pp);
-OPENSSL_EXPORT int ASN1_object_size(int constructed, int length, int tag);
-
-OPENSSL_EXPORT void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
-
-#ifndef OPENSSL_NO_FP_API
-OPENSSL_EXPORT void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
-OPENSSL_EXPORT int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
-OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str,
-                                           unsigned long flags);
-#endif
-
-OPENSSL_EXPORT void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
-OPENSSL_EXPORT int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-OPENSSL_EXPORT int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
-OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *fp,
-                                              const ASN1_GENERALIZEDTIME *a);
-OPENSSL_EXPORT int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
-OPENSSL_EXPORT int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
-OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str,
-                                        unsigned long flags);
-OPENSSL_EXPORT const char *ASN1_tag2str(int tag);
-
-// Used to load and write netscape format cert
-
-OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct,
-                                      const ASN1_ITEM *it);
-
-OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
-                                           ASN1_OCTET_STRING **oct);
-
-OPENSSL_EXPORT void ASN1_STRING_set_default_mask(unsigned long mask);
-OPENSSL_EXPORT int ASN1_STRING_set_default_mask_asc(const char *p);
-OPENSSL_EXPORT unsigned long ASN1_STRING_get_default_mask(void);
-OPENSSL_EXPORT int ASN1_mbstring_copy(ASN1_STRING **out,
-                                      const unsigned char *in, int len,
-                                      int inform, unsigned long mask);
-OPENSSL_EXPORT int ASN1_mbstring_ncopy(ASN1_STRING **out,
-                                       const unsigned char *in, int len,
-                                       int inform, unsigned long mask,
-                                       long minsize, long maxsize);
-
-OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
-                                                   const unsigned char *in,
-                                                   int inlen, int inform,
-                                                   int nid);
-OPENSSL_EXPORT ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
-OPENSSL_EXPORT int ASN1_STRING_TABLE_add(int, long, long, unsigned long,
-                                         unsigned long);
-OPENSSL_EXPORT void ASN1_STRING_TABLE_cleanup(void);
-
-// ASN1 template functions
+// d2i_ASN1_PRINTABLE parses up to |len| bytes from |*inp| as a DER-encoded
+// CHOICE of an ad-hoc subset of string-like types, as described in
+// |d2i_SAMPLE_with_reuse|.
+//
+// Do not use this. Despite, the name it has no connection to PrintableString or
+// printable characters. See https://crbug.com/boringssl/412.
+//
+// TODO(https://crbug.com/boringssl/354): This function currently also accepts
+// BER, but this will be removed in the future.
+OPENSSL_EXPORT ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **out,
+                                               const uint8_t **inp, long len);
 
-// Old API compatible functions
-OPENSSL_EXPORT ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
-OPENSSL_EXPORT void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-OPENSSL_EXPORT ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val,
-                                         const unsigned char **in, long len,
-                                         const ASN1_ITEM *it);
-OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out,
-                                 const ASN1_ITEM *it);
+// i2d_ASN1_PRINTABLE marshals |in| as DER, as described in |i2d_SAMPLE|.
+//
+// Do not use this. Despite the name, it has no connection to PrintableString or
+// printable characters. See https://crbug.com/boringssl/412.
+OPENSSL_EXPORT int i2d_ASN1_PRINTABLE(const ASN1_STRING *in, uint8_t **outp);
 
-OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
-OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+// ASN1_PRINTABLE is an |ASN1_ITEM| whose ASN.1 type is a CHOICE of an ad-hoc
+// subset of string-like types, and whose C type is |ASN1_STRING*|.
+//
+// Do not use this. Despite the name, it has no connection to PrintableString or
+// printable characters. See https://crbug.com/boringssl/412.
+DECLARE_ASN1_ITEM(ASN1_PRINTABLE)
 
 
-#ifdef __cplusplus
-}
+#if defined(__cplusplus)
+}  // extern C
 
 extern "C++" {
 
@@ -1178,5 +2034,6 @@ BSSL_NAMESPACE_END
 #define ASN1_R_WRONG_TYPE 191
 #define ASN1_R_NESTED_TOO_DEEP 192
 #define ASN1_R_BAD_TEMPLATE 193
+#define ASN1_R_INVALID_BIT_STRING_PADDING 194
 
 #endif