Add X509_getm_notBefore, X509_getm_notAfter

Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.

Rename X509_SIG_get0_mutable to X509_SIG_getm.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

apps/apps.c

@@ -2593,33 +2593,19 @@ void corrupt_signature(const ASN1_STRING *signature)
 int set_cert_times(X509 *x, const char *startdate, const char *enddate,
                    int days)
 {
-    int rv = 0;
-    ASN1_TIME *tm = ASN1_TIME_new();
-    if (tm == NULL)
-        goto err;
     if (startdate == NULL || strcmp(startdate, "today") == 0) {
-        if (!X509_gmtime_adj(tm, 0))
+        if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
-            goto err;
+            return 0;
-    } else if (!ASN1_TIME_set_string(tm, startdate)) {
+    } else {
-            goto err;
+        if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate))
+            return 0;
     }
-
-    if (!X509_set1_notBefore(x, tm))
-        goto err;
-
     if (enddate == NULL) {
-        if (!X509_time_adj_ex(tm, days, 0, NULL))
+        if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
-            goto err;
+            == NULL)
-    } else if (!ASN1_TIME_set_string(tm, enddate)) {
+            return 0;
-            goto err;
+    } else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) {
+        return 0;
     }
-
+    return 1;
-    if (!X509_set1_notAfter(x, tm))
-        goto err;
-
-    rv = 1;
-
-    err:
-    ASN1_TIME_free(tm);
-    return rv;
 }

crypto/asn1/x_sig.c

@@ -29,8 +29,8 @@ void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
         *pdigest = sig->digest;
 }
 
-void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
-                           ASN1_OCTET_STRING **pdigest)
+                   ASN1_OCTET_STRING **pdigest)
 {
     if (palg)
         *palg = sig->algor;

crypto/pkcs12/p12_mutl.c

@@ -170,7 +170,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
         PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
         return 0;
     }
-    X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
     if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
         PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
         return 0;
@@ -208,7 +208,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
             return 0;
     } else
         memcpy(p12->mac->salt->data, salt, saltlen);
-    X509_SIG_get0_mutable(p12->mac->dinfo, &macalg, NULL);
+    X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
     if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
                          V_ASN1_NULL, NULL)) {
         PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);

crypto/pkcs12/p12_npas.c

@@ -110,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
 
     if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
         goto err;
-    X509_SIG_get0_mutable(p12->mac->dinfo, NULL, &macoct);
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
     if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
         goto err;
 

crypto/x509/x509_set.c

@@ -119,17 +119,15 @@ const ASN1_TIME *X509_get0_notAfter(const X509 *x)
     return x->cert_info.validity.notAfter;
 }
 
-#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_getm_notBefore(const X509 *x)
-ASN1_TIME *X509_get_notBefore(const X509 *x)
 {
     return x->cert_info.validity.notBefore;
 }
 
-ASN1_TIME *X509_get_notAfter(const X509 *x)
+ASN1_TIME *X509_getm_notAfter(const X509 *x)
 {
     return x->cert_info.validity.notAfter;
 }
-#endif
 
 int X509_get_signature_type(const X509 *x)
 {

doc/crypto/X509_SIG_get0.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions
+X509_SIG_get0, X509_SIG_getm - DigestInfo functions
 
 =head1 SYNOPSIS
 
@@ -10,13 +10,13 @@ X509_SIG_get0, X509_SIG_get0_mutable - DigestInfo functions
 
  void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
                     const ASN1_OCTET_STRING **pdigest);
- void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
+ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
-                            ASN1_OCTET_STRING **pdigest,
+                    ASN1_OCTET_STRING **pdigest,
 
 =head1 DESCRIPTION
 
 X509_SIG_get0() returns pointers to the algorithm identifier and digest
-value in B<sig>. X509_SIG_get0_mutable() is identical to X509_SIG_get0()
+value in B<sig>. X509_SIG_getm() is identical to X509_SIG_get0()
 except the pointers returned are not constant and can be modified:
 for example to initialise them.
 

doc/crypto/X509_get_notBefore.pod

@@ -2,9 +2,9 @@
 
 =head1 NAME
 
-X509_get0_notBefore, X509_get_notBefore, X509_get0_notAfter, X509_get_notAfter,
+X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter,
-X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate,
+X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter,
-X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
+X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
 X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
 
 =head1 SYNOPSIS
@@ -14,8 +14,8 @@ X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
  const ASN1_TIME *X509_get0_notBefore(const X509 *x);
  const ASN1_TIME *X509_get0_notAfter(const X509 *x);
 
- ASN1_TIME *X509_get_notBefore(const X509 *x);
+ ASN1_TIME *X509_getm_notBefore(const X509 *x);
- ASN1_TIME *X509_get_notAfter(const X509 *x);
+ ASN1_TIME *X509_getm_notAfter(const X509 *x);
 
  int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
  int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
@@ -33,9 +33,10 @@ and B<notAfter> fields of certificate B<x> respectively. The value
 returned is an internal pointer which must not be freed up after
 the call.
 
-X509_get_notBefore() and X509_get_notAfter() are similar to
+X509_getm_notBefore() and X509_getm_notAfter() are similar to
-X509_get0_notBefore() and X509_get0_notAfter() except they do not
+X509_get0_notBefore() and X509_get0_notAfter() except they return
-return constant values. They are deprecated in OpenSSL 1.1.0
+non-constant mutable references to the associated date field of
+the certficate.
 
 X509_set1_notBefore() and X509_set1_notAfter() set the B<notBefore>
 and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed

include/openssl/x509.h

@@ -517,8 +517,8 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
 DECLARE_ASN1_FUNCTIONS(X509_SIG)
 void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
                    const ASN1_OCTET_STRING **pdigest);
-void X509_SIG_get0_mutable(X509_SIG *sig, X509_ALGOR **palg,
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
-                           ASN1_OCTET_STRING **pdigest);
+                   ASN1_OCTET_STRING **pdigest);
 
 DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
 DECLARE_ASN1_FUNCTIONS(X509_REQ)
@@ -622,16 +622,18 @@ X509_NAME *X509_get_issuer_name(const X509 *a);
 int X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *X509_get_subject_name(const X509 *a);
 const ASN1_TIME * X509_get0_notBefore(const X509 *x);
-DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notBefore(const X509 *x))
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
 int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
 const ASN1_TIME *X509_get0_notAfter(const X509 *x);
-DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notAfter(const X509 *x))
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
 int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 int X509_up_ref(X509 *x);
 int X509_get_signature_type(const X509 *x);
 
 # if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_get_notBefore X509_getm_notBefore
+#  define X509_get_notAfter X509_getm_notAfter
 #  define X509_set_notBefore X509_set1_notBefore
 #  define X509_set_notAfter X509_set1_notAfter
 #endif