kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

security/openssl-quictls: Security update to 3.0.9

Browse source 
PR:		271779
MFH:		2023Q2
Security:	eb9a3c57-ff9e-11ed-a0d1-84a93843eb75
This commit is contained in:
Bernard Spil 2023-06-13 22:45:33 +02:00
parent da72c7e369
commit ecb497e8c1
5 changed files with 5 additions and 516 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
security/openssl-quictls/Makefile
View file

@ -1,6 +1,5 @@
PORTNAME= openssl
PORTVERSION= 3.0.8
PORTREVISION= 2
PORTVERSION= 3.0.9
CATEGORIES= security devel
PKGNAMESUFFIX= -quictls
@ -25,7 +24,7 @@ USES= cpe perl5
USE_PERL5= build
USE_GITHUB= yes
GH_ACCOUNT= ${PKGNAMESUFFIX:S/-//}
GH_TAGNAME= 183e548d93a6aeedab0fd6cb737923a93f807b83
GH_TAGNAME= d2cc208d34cfe2b56d4ef8bcd8e3983a4d00d6bd
TEST_TARGET= test

6
security/openssl-quictls/distinfo
View file

@ -1,3 +1,3 @@
TIMESTAMP = 1675800208
SHA256 (quictls-openssl-3.0.8-183e548d93a6aeedab0fd6cb737923a93f807b83_GH0.tar.gz) = dcba83c3a194d2e9095ab232c9784b4e6b678ca66f99cde6b386bcf31148ea63
SIZE (quictls-openssl-3.0.8-183e548d93a6aeedab0fd6cb737923a93f807b83_GH0.tar.gz) = 15323766
TIMESTAMP = 1686556357
SHA256 (quictls-openssl-3.0.9-d2cc208d34cfe2b56d4ef8bcd8e3983a4d00d6bd_GH0.tar.gz) = d8604ccf92af54fd89f71bfe1996018ed9bcf69edf9af385a45c7ad2b202ee11
SIZE (quictls-openssl-3.0.9-d2cc208d34cfe2b56d4ef8bcd8e3983a4d00d6bd_GH0.tar.gz) = 15355867

293
security/openssl-quictls/files/patch-CVE-2023-0464
View file

@ -1,293 +0,0 @@
From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Wed, 8 Mar 2023 15:28:20 +1100
Subject: [PATCH] x509: excessive resource use verifying policy constraints
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit this
vulnerability by creating a malicious certificate chain that triggers
exponential use of computational resources, leading to a denial-of-service
(DoS) attack on affected systems.
Fixes CVE-2023-0464
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20568)
---
crypto/x509/pcy_local.h | 8 +++++++-
crypto/x509/pcy_node.c | 12 +++++++++---
crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++----------
3 files changed, 42 insertions(+), 14 deletions(-)
diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
index 18b53cc09ebf..cba107ca0358 100644
--- crypto/x509/pcy_local.h.orig
+++ crypto/x509/pcy_local.h
@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
};
struct X509_POLICY_TREE_st {
+ /* The number of nodes in the tree */
+ size_t node_count;
+ /* The maximum number of nodes in the tree */
+ size_t node_maximum;
+
/* This is the tree 'level' data */
X509_POLICY_LEVEL *levels;
int nlevel;
@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
X509_POLICY_DATA *data,
X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree);
+ X509_POLICY_TREE *tree,
+ int extra_data);
void ossl_policy_node_free(X509_POLICY_NODE *node);
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
index 9d9a7ea1799c..450f95a655fb 100644
--- crypto/x509/pcy_node.c.orig
+++ crypto/x509/pcy_node.c
@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
X509_POLICY_DATA *data,
X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree)
+ X509_POLICY_TREE *tree,
+ int extra_data)
{
X509_POLICY_NODE *node;
+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
+ return NULL;
+
node = OPENSSL_zalloc(sizeof(*node));
if (node == NULL) {
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
}
node->data = data;
node->parent = parent;
- if (level) {
+ if (level != NULL) {
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
if (level->anyPolicy)
goto node_error;
@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
}
}
- if (tree) {
+ if (extra_data) {
if (tree->extra_data == NULL)
tree->extra_data = sk_X509_POLICY_DATA_new_null();
if (tree->extra_data == NULL){
@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
}
}
+ tree->node_count++;
if (parent)
parent->nchild++;
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
index fa45da5117a1..f953a05a41a6 100644
--- crypto/x509/pcy_tree.c.orig
+++ crypto/x509/pcy_tree.c
@@ -14,6 +14,17 @@
#include "pcy_local.h"
+/*
+ * If the maximum number of nodes in the policy tree isn't defined, set it to
+ * a generous default of 1000 nodes.
+ *
+ * Defining this to be zero means unlimited policy tree growth which opens the
+ * door on CVE-2023-0464.
+ */
+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
+#endif
+
static void expected_print(BIO *channel,
X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
int indent)
@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
return X509_PCY_TREE_INTERNAL;
}
+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
+
/*
* http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
*
@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
if ((data = ossl_policy_data_new(NULL,
OBJ_nid2obj(NID_any_policy), 0)) == NULL)
goto bad_tree;
- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
ossl_policy_data_free(data);
goto bad_tree;
}
@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
* Return value: 1 on success, 0 otherwise
*/
static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data)
+ X509_POLICY_DATA *data,
+ X509_POLICY_TREE *tree)
{
X509_POLICY_LEVEL *last = curr - 1;
int i, matched = 0;
@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
if (ossl_policy_node_match(last, node, data->valid_policy)) {
- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
return 0;
matched = 1;
}
}
if (!matched && last->anyPolicy) {
- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
return 0;
}
return 1;
@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
* Return value: 1 on success, 0 otherwise.
*/
static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- const X509_POLICY_CACHE *cache)
+ const X509_POLICY_CACHE *cache,
+ X509_POLICY_TREE *tree)
{
int i;
@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
/* Look for matching nodes in previous level */
- if (!tree_link_matching_nodes(curr, data))
+ if (!tree_link_matching_nodes(curr, data, tree))
return 0;
}
return 1;
@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
/* Curr may not have anyPolicy */
data->qualifier_set = cache->anyPolicy->qualifier_set;
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
ossl_policy_data_free(data);
return 0;
}
@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
/* Finally add link to anyPolicy */
if (last->anyPolicy &&
ossl_policy_level_add_node(curr, cache->anyPolicy,
- last->anyPolicy, NULL) == NULL)
+ last->anyPolicy, tree, 0) == NULL)
return 0;
return 1;
}
@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
| POLICY_DATA_FLAG_EXTRA_NODE;
node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
- tree);
+ tree, 1);
}
if (!tree->user_policies) {
tree->user_policies = sk_X509_POLICY_NODE_new_null();
@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
for (i = 1; i < tree->nlevel; i++, curr++) {
cache = ossl_policy_cache_set(curr->cert);
- if (!tree_link_nodes(curr, cache))
+ if (!tree_link_nodes(curr, cache, tree))
return X509_PCY_TREE_INTERNAL;
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
From 2389cdc9f74268a0d5164a998929ffe50102c0eb Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Tue, 7 Feb 2023 14:44:20 +0100
Subject: [PATCH] Prepare for 3.0.9
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
---
CHANGES.md | 4 ++++
NEWS.md | 4 ++++
VERSION.dat | 4 ++--
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 7cdd9d974536..0e4fdebfde4e 100644
--- CHANGES.md.orig
+++ CHANGES.md
@@ -28,6 +28,10 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
+### Changes between 3.0.8 and 3.0.9 [xx XXX xxxx]
+
+ * none yet
+
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
* Fixed NULL dereference during PKCS7 data verification.
diff --git a/NEWS.md b/NEWS.md
index 36dbfa72f6d5..e7a23e908c1f 100644
--- NEWS.md.orig
+++ NEWS.md
@@ -18,6 +18,10 @@ OpenSSL Releases
OpenSSL 3.0
-----------
+### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [under development]
+
+ * none
+
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
From f8fe66e3f13350b527da871183b727e0fb9632ca Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Wed, 15 Mar 2023 14:18:53 +1100
Subject: [PATCH] changes: note about policy tree size limits and circumvention
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20568)
---
CHANGES.md | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/CHANGES.md b/CHANGES.md
index 2ba422c09a32..3eddb6f10e02 100644
--- CHANGES.md.orig
+++ CHANGES.md
@@ -30,7 +30,14 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 3.0.8 and 3.0.9 [xx XXX xxxx]
- * none yet
+ * Limited the number of nodes created in a policy tree to mitigate
+ against CVE-2023-0464. The default limit is set to 1000 nodes, which
+ should be sufficient for most installations. If required, the limit
+ can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
+ time define to a desired maximum number of nodes or zero to allow
+ unlimited growth.
+
+ *Paul Dale*
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]

126
security/openssl-quictls/files/patch-CVE-2023-0465
View file

@ -1,126 +0,0 @@
From 9a1410bd393c594f852222392c36bc7895d82d57 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 23 Mar 2023 15:31:25 +0000
Subject: [PATCH] Updated CHANGES.md and NEWS.md for CVE-2023-0465
Also updated the entries for CVE-2023-0464
Related-to: CVE-2023-0465
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20587)
---
CHANGES.md | 12 ++++++++++++
NEWS.md | 6 +++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/CHANGES.md b/CHANGES.md
index 3eddb6f10e02..31cc6095cc3b 100644
--- CHANGES.md.orig
+++ CHANGES.md
@@ -30,12 +30,22 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 3.0.8 and 3.0.9 [xx XXX xxxx]
+ * Fixed an issue where invalid certificate policies in leaf certificates are
+ silently ignored by OpenSSL and other certificate policy checks are skipped
+ for that certificate. A malicious CA could use this to deliberately assert
+ invalid certificate policies in order to circumvent policy checking on the
+ certificate altogether.
+ ([CVE-2023-0465])
+
+ *Matt Caswell*
+
* Limited the number of nodes created in a policy tree to mitigate
against CVE-2023-0464. The default limit is set to 1000 nodes, which
should be sufficient for most installations. If required, the limit
can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
time define to a desired maximum number of nodes or zero to allow
unlimited growth.
+ ([CVE-2023-0464])
*Paul Dale*
@@ -19589,6 +19599,8 @@ ndif
<!-- Links -->
+[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
+[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
diff --git a/NEWS.md b/NEWS.md
index c6e4926bd527..7fe2ff15d97e 100644
--- NEWS.md.orig
+++ NEWS.md
@@ -20,7 +20,9 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [under development]
- * none
+ * Fixed handling of invalid certificate policies in leaf certificates
+ ([CVE-2023-0465])
+ * Limited the number of nodes created in a policy tree ([CVE-2023-0464])
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
@@ -1434,6 +1436,8 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
+[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
+[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 7 Mar 2023 16:52:55 +0000
Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
certs
Even though we check the leaf cert to confirm it is valid, we
later ignored the invalid flag and did not notice that the leaf
cert was bad.
Fixes: CVE-2023-0465
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20587)
---
crypto/x509/x509_vfy.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 9384f1da9bad..a0282c3ef121 100644
--- crypto/x509/x509_vfy.c.orig
+++ crypto/x509/x509_vfy.c
@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
goto memerr;
/* Invalid or inconsistent extensions */
if (ret == X509_PCY_TREE_INVALID) {
- int i;
+ int i, cbcalled = 0;
/* Locate certificates with bad extensions and notify callback. */
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
X509 *x = sk_X509_value(ctx->chain, i);
+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
+ cbcalled = 1;
CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
}
+ if (!cbcalled) {
+ /* Should not be able to get here */
+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /* The callback ignored the error so we return success */
return 1;
}
if (ret == X509_PCY_TREE_FAILURE) {

91
security/openssl-quictls/files/patch-CVE-2023-0466
View file

@ -1,91 +0,0 @@
From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 21 Mar 2023 16:15:47 +0100
Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
The function was incorrectly documented as enabling policy checking.
Fixes: CVE-2023-0466
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20563)
---
CHANGES.md | 8 ++++++++
NEWS.md | 2 ++
doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 31cc6095cc3b..eb948e6b746b 100644
--- CHANGES.md.orig
+++ CHANGES.md
@@ -30,6 +30,13 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 3.0.8 and 3.0.9 [xx XXX xxxx]
+ * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
+ that it does not enable policy checking. Thanks to David Benjamin for
+ discovering this issue.
+ ([CVE-2023-0466])
+
+ *Tomáš Mráz*
+
* Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are skipped
for that certificate. A malicious CA could use this to deliberately assert
@@ -19599,6 +19606,7 @@ ndif
<!-- Links -->
+[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
diff --git a/NEWS.md b/NEWS.md
index 7fe2ff15d97e..61f82603acbe 100644
--- NEWS.md.orig
+++ NEWS.md
@@ -20,6 +20,7 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [under development]
+ * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
* Fixed handling of invalid certificate policies in leaf certificates
([CVE-2023-0465])
* Limited the number of nodes created in a policy tree ([CVE-2023-0464])
@@ -1436,6 +1437,7 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
+[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index 75a167702296..43c1900bca78 100644
--- doc/man3/X509_VERIFY_PARAM_set_flags.pod.orig
+++ doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -98,8 +98,9 @@ B<trust>.
X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
B<t>. Normally the current time is used.
-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
-by default) and adds B<policy> to the acceptable policy set.
+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
+Contrary to preexisting documentation of this function it does not enable
+policy checking.
X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
by default) and sets the acceptable policy set to B<policies>. Any existing
@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
+enabling policy checking however the implementation has never done this.
+The documentation was changed to align with the implementation.
+
=head1 COPYRIGHT
Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.