Update manuals and demos to consider OSSL_PARAM_clear_free() vs OSSL_PARAM_free()

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Apr  3 15:14:25 2026
(Merged from https://github.com/openssl/openssl/pull/30506)

(cherry picked from commit 3f907b6524b20d701bd1a458c4694f5130e55719)

diff --git a/demos/signature/EVP_DSA_Signature_demo.c b/demos/signature/EVP_DSA_Signature_demo.c
index 548860a8127e217564ec6b9761e4c3aadb6ccd8b..088c568724b65dd04906a03ecc5e821d8a0f46a4 100644 (file)
--- a/demos/signature/EVP_DSA_Signature_demo.c
+++ b/demos/signature/EVP_DSA_Signature_demo.c
@@ -148,7 +148,7 @@ static int extract_keypair(const EVP_PKEY *pkey,
     ret = 1;
 end:
     if (ret != 1) {
-        OSSL_PARAM_free(keypair);
+        OSSL_PARAM_clear_free(keypair);
         keypair = NULL;
     }
     *p_keypair = keypair;
@@ -306,7 +306,7 @@ end:
     EVP_PKEY_free(params);
     EVP_PKEY_free(pkey);
     OSSL_PARAM_free(public_key);
-    OSSL_PARAM_free(keypair);
+    OSSL_PARAM_clear_free(keypair);
     OSSL_LIB_CTX_free(libctx);
 
     return ret;

diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod
index 3e3e7dab8ba62b5d049d90e57efdabe4cad2703e..44d8788db010d6feda6efcb7a381ddeb6fbba7ef 100644 (file)
--- a/doc/man3/EVP_PKEY_fromdata.pod
+++ b/doc/man3/EVP_PKEY_fromdata.pod
@@ -203,7 +203,7 @@ TODO Write a set of cookbook documents and link to them.
 
      EVP_PKEY_free(pkey);
      EVP_PKEY_CTX_free(ctx);
-     OSSL_PARAM_free(params);
+     OSSL_PARAM_clear_free(params);
      OSSL_PARAM_BLD_free(param_bld);
      BN_free(priv);
 

diff --git a/doc/man3/EVP_PKEY_todata.pod b/doc/man3/EVP_PKEY_todata.pod
index 8e54f228ac737b72393f5a08f8fd92f5d6f574a5..d3455ce1bd1dc346695a64fe7365cc02ef26718c 100644 (file)
--- a/doc/man3/EVP_PKEY_todata.pod
+++ b/doc/man3/EVP_PKEY_todata.pod
@@ -20,8 +20,8 @@ array of L<OSSL_PARAM(3)>.
 
 EVP_PKEY_todata() extracts values from a key I<pkey> using the I<selection>.
 I<selection> is described in L<EVP_PKEY_fromdata(3)/Selections>.
-L<OSSL_PARAM_free(3)> should be used to free the returned parameters in
-I<*params>.
+L<OSSL_PARAM_free(3)> or L<OSSL_PARAM_clear_free(3)> should be used to free the
+returned parameters in I<*params>.
 
 EVP_PKEY_export() is similar to EVP_PKEY_todata() but uses a callback
 I<export_cb> that gets passed the value of I<export_cbarg>.

diff --git a/doc/man3/OSSL_PARAM_BLD.pod b/doc/man3/OSSL_PARAM_BLD.pod
index a9dea41211f07836b71bd637aedf685eba1d2b61..b5a28393853869fdc99f6488c86c4fca302b9368 100644 (file)
--- a/doc/man3/OSSL_PARAM_BLD.pod
+++ b/doc/man3/OSSL_PARAM_BLD.pod
@@ -58,7 +58,8 @@ If the argument is NULL, nothing is done.
 OSSL_PARAM_BLD_to_param() converts a built up OSSL_PARAM_BLD structure
 I<bld> into an allocated OSSL_PARAM array.
 The OSSL_PARAM array and all associated storage must be freed by calling
-OSSL_PARAM_free() with the functions return value.
+OSSL_PARAM_free(); if the contents of OSSL_PARAM array are confidential call
+OSSL_PARAM_clear_free().
 OSSL_PARAM_BLD_free() can safely be called any time after this function is.
 
 =begin comment
@@ -177,7 +178,7 @@ private key.
     OSSL_PARAM_BLD_free(bld);
     /* Use params */
     ...
-    OSSL_PARAM_free(params);
+    OSSL_PARAM_clear_free(params);
 
 =head2 Example 2
 
@@ -199,7 +200,7 @@ public key.
 
 =head1 SEE ALSO
 
-L<OSSL_PARAM_int(3)>, L<OSSL_PARAM(3)>, L<OSSL_PARAM_free(3)>
+L<OSSL_PARAM_int(3)>, L<OSSL_PARAM(3)>, L<OSSL_PARAM_free(3)>, L<OSSL_PARAM_clear_free(3)>
 
 =head1 HISTORY