From: Emmalee Carpenter <emmiecarpenter13@gmail.com>
Date: Thu, 19 Mar 2026 20:04:49 +0000 (-0400)
Subject: Update manuals and demos to consider OSSL_PARAM_clear_free() vs OSSL_PARAM_free()
X-Git-Tag: openssl-4.0.0~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb52283ecb8523db128a4106d76a95fd719426df;p=thirdparty%2Fopenssl.git

Update manuals and demos to consider OSSL_PARAM_clear_free() vs OSSL_PARAM_free()

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Apr  3 15:14:25 2026
(Merged from https://github.com/openssl/openssl/pull/30506)

(cherry picked from commit 3f907b6524b20d701bd1a458c4694f5130e55719)
---

diff --git a/demos/signature/EVP_DSA_Signature_demo.c b/demos/signature/EVP_DSA_Signature_demo.c
index 548860a8127..088c568724b 100644
--- a/demos/signature/EVP_DSA_Signature_demo.c
+++ b/demos/signature/EVP_DSA_Signature_demo.c
@@ -148,7 +148,7 @@ static int extract_keypair(const EVP_PKEY *pkey,
     ret = 1;
 end:
     if (ret != 1) {
-        OSSL_PARAM_free(keypair);
+        OSSL_PARAM_clear_free(keypair);
         keypair = NULL;
     }
     *p_keypair = keypair;
@@ -306,7 +306,7 @@ end:
     EVP_PKEY_free(params);
     EVP_PKEY_free(pkey);
     OSSL_PARAM_free(public_key);
-    OSSL_PARAM_free(keypair);
+    OSSL_PARAM_clear_free(keypair);
     OSSL_LIB_CTX_free(libctx);
 
     return ret;
diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod
index 3e3e7dab8ba..44d8788db01 100644
--- a/doc/man3/EVP_PKEY_fromdata.pod
+++ b/doc/man3/EVP_PKEY_fromdata.pod
@@ -203,7 +203,7 @@ TODO Write a set of cookbook documents and link to them.
 
      EVP_PKEY_free(pkey);
      EVP_PKEY_CTX_free(ctx);
-     OSSL_PARAM_free(params);
+     OSSL_PARAM_clear_free(params);
      OSSL_PARAM_BLD_free(param_bld);
      BN_free(priv);
 
diff --git a/doc/man3/EVP_PKEY_todata.pod b/doc/man3/EVP_PKEY_todata.pod
index 8e54f228ac7..d3455ce1bd1 100644
--- a/doc/man3/EVP_PKEY_todata.pod
+++ b/doc/man3/EVP_PKEY_todata.pod
@@ -20,8 +20,8 @@ array of L<OSSL_PARAM(3)>.
 
 EVP_PKEY_todata() extracts values from a key I<pkey> using the I<selection>.
 I<selection> is described in L<EVP_PKEY_fromdata(3)/Selections>.
-L<OSSL_PARAM_free(3)> should be used to free the returned parameters in
-I<*params>.
+L<OSSL_PARAM_free(3)> or L<OSSL_PARAM_clear_free(3)> should be used to free the
+returned parameters in I<*params>.
 
 EVP_PKEY_export() is similar to EVP_PKEY_todata() but uses a callback
 I<export_cb> that gets passed the value of I<export_cbarg>.
diff --git a/doc/man3/OSSL_PARAM_BLD.pod b/doc/man3/OSSL_PARAM_BLD.pod
index a9dea41211f..b5a28393853 100644
--- a/doc/man3/OSSL_PARAM_BLD.pod
+++ b/doc/man3/OSSL_PARAM_BLD.pod
@@ -58,7 +58,8 @@ If the argument is NULL, nothing is done.
 OSSL_PARAM_BLD_to_param() converts a built up OSSL_PARAM_BLD structure
 I<bld> into an allocated OSSL_PARAM array.
 The OSSL_PARAM array and all associated storage must be freed by calling
-OSSL_PARAM_free() with the functions return value.
+OSSL_PARAM_free(); if the contents of OSSL_PARAM array are confidential call
+OSSL_PARAM_clear_free().
 OSSL_PARAM_BLD_free() can safely be called any time after this function is.
 
 =begin comment
@@ -177,7 +178,7 @@ private key.
     OSSL_PARAM_BLD_free(bld);
     /* Use params */
     ...
-    OSSL_PARAM_free(params);
+    OSSL_PARAM_clear_free(params);
 
 =head2 Example 2
 
@@ -199,7 +200,7 @@ public key.
 
 =head1 SEE ALSO
 
-L<OSSL_PARAM_int(3)>, L<OSSL_PARAM(3)>, L<OSSL_PARAM_free(3)>
+L<OSSL_PARAM_int(3)>, L<OSSL_PARAM(3)>, L<OSSL_PARAM_free(3)>, L<OSSL_PARAM_clear_free(3)>
 
 =head1 HISTORY