From 8a8c7d5cf6199fff6a9661022048f09172d6779e Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 19 Jan 2022 20:28:06 +0000 Subject: [PATCH] Document the bizarre fact that {CMS,PCKS7}_get0_signers() needs some freeing of what they return despite being get0 functions: the stack of X509s that they return must be freed with sk_X509_free(). The get0 thus probably refers to the individual certs, but not to the stack itself. The libcrypto and libssl APIs never cease to amaze with new traps. ok inoguchi --- lib/libcrypto/man/CMS_verify.3 | 8 ++++++-- lib/libcrypto/man/PKCS7_verify.3 | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/man/CMS_verify.3 b/lib/libcrypto/man/CMS_verify.3 index 6bee927fbc6..bd9599deedf 100644 --- a/lib/libcrypto/man/CMS_verify.3 +++ b/lib/libcrypto/man/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_verify.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: CMS_verify.3,v 1.8 2022/01/19 20:28:06 tb Exp $ .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: January 19 2022 $ .Dt CMS_VERIFY 3 .Os .Sh NAME @@ -95,6 +95,8 @@ retrieves the signing certificate(s) from It must be called after a successful .Fn CMS_verify operation. +The signers must be freed with +.Fn sk_X509_free . .Pp Normally the verify process proceeds as follows. .Pp @@ -198,6 +200,8 @@ returns 1 for a successful verification or 0 if an error occurred. returns all signers or .Dv NULL if an error occurred. +The signers must be freed with +.Fn sk_X509_free . .Pp The error can be obtained from .Xr ERR_get_error 3 . diff --git a/lib/libcrypto/man/PKCS7_verify.3 b/lib/libcrypto/man/PKCS7_verify.3 index 42c3338e672..2895da16d85 100644 --- a/lib/libcrypto/man/PKCS7_verify.3 +++ b/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS7_verify.3,v 1.9 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: PKCS7_verify.3,v 1.10 2022/01/19 20:28:06 tb Exp $ .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: January 19 2022 $ .Dt PKCS7_VERIFY 3 .Os .Sh NAME @@ -100,6 +100,8 @@ operation. .Fn PKCS7_get0_signers retrieves the signer's certificates from .Fa p7 . +The signers must be freed with +.Fn sk_X509_free . It does .Sy not check their validity or whether any signatures are valid. @@ -220,6 +222,8 @@ an error occurs. returns all signers or .Dv NULL if an error occurred. +The signers must be freed with +.Fn sk_X509_free . .Pp The error can be obtained from .Xr ERR_get_error 3 . -- 2.20.1