diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-01-19 20:28:07 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-01-19 20:28:07 +0000 |
| commit | 0345c80b40abdce37067049614d21f170e307d8c (patch) | |
| tree | fa9d22aa46113fe214b96e0da2535c32b1fbf59b /lib/libcrypto | |
| parent | d523cfe6a56ef2020422eff145c065267794790a (diff) | |
Document the bizarre fact that {CMS,PCKS7}_get0_signers() needs some
freeing of what they return despite being get0 functions: the stack
of X509s that they return must be freed with sk_X509_free(). The get0
thus probably refers to the individual certs, but not to the stack
itself.
The libcrypto and libssl APIs never cease to amaze with new traps.
ok inoguchi
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/man/CMS_verify.3 | 8 | ||||
| -rw-r--r-- | lib/libcrypto/man/PKCS7_verify.3 | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/lib/libcrypto/man/CMS_verify.3 b/lib/libcrypto/man/CMS_verify.3 index 6bee927fbc6..bd9599deedf 100644 --- a/lib/libcrypto/man/CMS_verify.3 +++ b/lib/libcrypto/man/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_verify.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: CMS_verify.3,v 1.8 2022/01/19 20:28:06 tb Exp $ .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: January 19 2022 $ .Dt CMS_VERIFY 3 .Os .Sh NAME @@ -95,6 +95,8 @@ retrieves the signing certificate(s) from It must be called after a successful .Fn CMS_verify operation. +The signers must be freed with +.Fn sk_X509_free . .Pp Normally the verify process proceeds as follows. .Pp @@ -198,6 +200,8 @@ returns 1 for a successful verification or 0 if an error occurred. returns all signers or .Dv NULL if an error occurred. +The signers must be freed with +.Fn sk_X509_free . .Pp The error can be obtained from .Xr ERR_get_error 3 . diff --git a/lib/libcrypto/man/PKCS7_verify.3 b/lib/libcrypto/man/PKCS7_verify.3 index 42c3338e672..2895da16d85 100644 --- a/lib/libcrypto/man/PKCS7_verify.3 +++ b/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS7_verify.3,v 1.9 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: PKCS7_verify.3,v 1.10 2022/01/19 20:28:06 tb Exp $ .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: January 19 2022 $ .Dt PKCS7_VERIFY 3 .Os .Sh NAME @@ -100,6 +100,8 @@ operation. .Fn PKCS7_get0_signers retrieves the signer's certificates from .Fa p7 . +The signers must be freed with +.Fn sk_X509_free . It does .Sy not check their validity or whether any signatures are valid. @@ -220,6 +222,8 @@ an error occurs. returns all signers or .Dv NULL if an error occurred. +The signers must be freed with +.Fn sk_X509_free . .Pp The error can be obtained from .Xr ERR_get_error 3 . |