DOC: Clarify EVP_PKEY_CTX_{get,set}_app_data documentation

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Fri Jan 23 10:14:10 2026
(Merged from https://github.com/openssl/openssl/pull/29710)

diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod
index 82bfa5cad62d3760a226ac1d31c1f84f62990ce7..9cdca1c37073e0832e113f4da44680bf6d96b2a1 100644 (file)
--- a/doc/man3/EVP_PKEY_keygen.pod
+++ b/doc/man3/EVP_PKEY_keygen.pod
@@ -86,10 +86,12 @@ If the callback returns 0 then the key generation operation is aborted and an
 error occurs. This might occur during a time consuming operation where
 a user clicks on a "cancel" button.
 
-The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
-and retrieve an opaque pointer. This can be used to set some application
-defined value which can be retrieved in the callback: for example a handle
-which is used to update a "progress dialog".
+The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data()
+associate an opaque, application-defined pointer with an EVP_PKEY_CTX object.
+
+This pointer is not interpreted by the library and is reserved entirely for use
+by the application. It may be used to store arbitrary context or state that
+needs to be accessible wherever the corresponding EVP_PKEY_CTX is available.
 
 EVP_PKEY_Q_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX> while
 providing a 'quick' but limited way of generating a new asymmetric key pair.