Document the bizarre fact that {CMS,PCKS7}_get0_signers() needs some

freeing of what they return despite being get0 functions: the stack of X509s that they return must be freed with sk_X509_free(). The get0 thus probably refers to the individual certs, but not to the stack itself. The libcrypto and libssl APIs never cease to amaze with new traps. ok inoguchi
author: tb <> 2022-01-19 20:28:06 +0000
committer: tb <> 2022-01-19 20:28:06 +0000
commit: 558550abe5c4597d963f18f62f5b20100bce2373 (patch)
tree: 7fd5a5942f76de33914a8387621afd027413907d /src
parent: c4161525adc0bd91fa0cb11f7ffdd545e7e12717 (diff)
download: openbsd-558550abe5c4597d963f18f62f5b20100bce2373.tar.gz
openbsd-558550abe5c4597d963f18f62f5b20100bce2373.tar.bz2
openbsd-558550abe5c4597d963f18f62f5b20100bce2373.zip
2 files changed, 12 insertions, 4 deletions
diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3
index 6bee927fbc..bd9599deed 100644
--- a/src/lib/libcrypto/man/CMS_verify.3
+++ b/src/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_verify.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $
+.\" $OpenBSD: CMS_verify.3,v 1.8 2022/01/19 20:28:06 tb Exp $
 .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 2 2019 $
+.Dd $Mdocdate: January 19 2022 $
 .Dt CMS_VERIFY 3
 .Os
 .Sh NAME
@@ -95,6 +95,8 @@ retrieves the signing certificate(s) from
 It must be called after a successful
 .Fn CMS_verify
 operation.
+The signers must be freed with
+.Fn sk_X509_free .
 .Pp
 Normally the verify process proceeds as follows.
 .Pp
@@ -198,6 +200,8 @@ returns 1 for a successful verification or 0 if an error occurred.
 returns all signers or
 .Dv NULL
 if an error occurred.
+The signers must be freed with
+.Fn sk_X509_free .
 .Pp
 The error can be obtained from
 .Xr ERR_get_error 3 .
diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3
index 42c3338e67..2895da16d8 100644
--- a/src/lib/libcrypto/man/PKCS7_verify.3
+++ b/src/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: PKCS7_verify.3,v 1.9 2019/06/10 14:58:48 schwarze Exp $
+.\"     $OpenBSD: PKCS7_verify.3,v 1.10 2022/01/19 20:28:06 tb Exp $
 .\"     OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: January 19 2022 $
 .Dt PKCS7_VERIFY 3
 .Os
 .Sh NAME
@@ -100,6 +100,8 @@ operation.
 .Fn PKCS7_get0_signers
 retrieves the signer's certificates from
 .Fa p7 .
+The signers must be freed with
+.Fn sk_X509_free .
 It does
 .Sy not
 check their validity or whether any signatures are valid.
@@ -220,6 +222,8 @@ an error occurs.
 returns all signers or
 .Dv NULL
 if an error occurred.
+The signers must be freed with
+.Fn sk_X509_free .
 .Pp
 The error can be obtained from
 .Xr ERR_get_error 3 .
author	tb <>	2022-01-19 20:28:06 +0000
committer	tb <>	2022-01-19 20:28:06 +0000
commit	558550abe5c4597d963f18f62f5b20100bce2373 (patch)
tree	7fd5a5942f76de33914a8387621afd027413907d /src
parent	c4161525adc0bd91fa0cb11f7ffdd545e7e12717 (diff)
download	openbsd-558550abe5c4597d963f18f62f5b20100bce2373.tar.gz openbsd-558550abe5c4597d963f18f62f5b20100bce2373.tar.bz2 openbsd-558550abe5c4597d963f18f62f5b20100bce2373.zip

diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3 index 6bee927fbc..bd9599deed 100644 --- a/src/lib/libcrypto/man/CMS_verify.3 +++ b/src/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: CMS_verify.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $	1	.\" $OpenBSD: CMS_verify.3,v 1.8 2022/01/19 20:28:06 tb Exp $
2	.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200	2	.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: November 2 2019 $	51	.Dd $Mdocdate: January 19 2022 $
52	.Dt CMS_VERIFY 3	52	.Dt CMS_VERIFY 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -95,6 +95,8 @@ retrieves the signing certificate(s) from
95	It must be called after a successful	95	It must be called after a successful
96	.Fn CMS_verify	96	.Fn CMS_verify
97	operation.	97	operation.
		98	The signers must be freed with
		99	.Fn sk_X509_free .
98	.Pp	100	.Pp
99	Normally the verify process proceeds as follows.	101	Normally the verify process proceeds as follows.
100	.Pp	102	.Pp
@@ -198,6 +200,8 @@ returns 1 for a successful verification or 0 if an error occurred.
198	returns all signers or	200	returns all signers or
199	.Dv NULL	201	.Dv NULL
200	if an error occurred.	202	if an error occurred.
		203	The signers must be freed with
		204	.Fn sk_X509_free .
201	.Pp	205	.Pp
202	The error can be obtained from	206	The error can be obtained from
203	.Xr ERR_get_error 3 .	207	.Xr ERR_get_error 3 .


diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3 index 42c3338e67..2895da16d8 100644 --- a/src/lib/libcrypto/man/PKCS7_verify.3 +++ b/src/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: PKCS7_verify.3,v 1.9 2019/06/10 14:58:48 schwarze Exp $	1	.\" $OpenBSD: PKCS7_verify.3,v 1.10 2022/01/19 20:28:06 tb Exp $
2	.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400	2	.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: June 10 2019 $	51	.Dd $Mdocdate: January 19 2022 $
52	.Dt PKCS7_VERIFY 3	52	.Dt PKCS7_VERIFY 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -100,6 +100,8 @@ operation.
100	.Fn PKCS7_get0_signers	100	.Fn PKCS7_get0_signers
101	retrieves the signer's certificates from	101	retrieves the signer's certificates from
102	.Fa p7 .	102	.Fa p7 .
		103	The signers must be freed with
		104	.Fn sk_X509_free .
103	It does	105	It does
104	.Sy not	106	.Sy not
105	check their validity or whether any signatures are valid.	107	check their validity or whether any signatures are valid.
@@ -220,6 +222,8 @@ an error occurs.
220	returns all signers or	222	returns all signers or
221	.Dv NULL	223	.Dv NULL
222	if an error occurred.	224	if an error occurred.
		225	The signers must be freed with
		226	.Fn sk_X509_free .
223	.Pp	227	.Pp
224	The error can be obtained from	228	The error can be obtained from
225	.Xr ERR_get_error 3 .	229	.Xr ERR_get_error 3 .