Commit d2a126c20e for openssl.org

commit d2a126c20ebd7b1d97d90e7929143310cb7de912
Author: Daniel Kubec <kubec@openssl.org>
Date:   Wed Jan 21 23:48:58 2026 +0100

    DOC: Clarify EVP_PKEY_CTX_{get,set}_app_data documentation

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
    MergeDate: Fri Jan 23 10:14:10 2026
    (Merged from https://github.com/openssl/openssl/pull/29710)

diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod
index 82bfa5cad6..9cdca1c370 100644
--- a/doc/man3/EVP_PKEY_keygen.pod
+++ b/doc/man3/EVP_PKEY_keygen.pod
@@ -86,10 +86,12 @@ If the callback returns 0 then the key generation operation is aborted and an
 error occurs. This might occur during a time consuming operation where
 a user clicks on a "cancel" button.

-The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
-and retrieve an opaque pointer. This can be used to set some application
-defined value which can be retrieved in the callback: for example a handle
-which is used to update a "progress dialog".
+The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data()
+associate an opaque, application-defined pointer with an EVP_PKEY_CTX object.
+
+This pointer is not interpreted by the library and is reserved entirely for use
+by the application. It may be used to store arbitrary context or state that
+needs to be accessible wherever the corresponding EVP_PKEY_CTX is available.

 EVP_PKEY_Q_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX> while
 providing a 'quick' but limited way of generating a new asymmetric key pair.