Commit 3f907b6524 for openssl.org
commit 3f907b6524b20d701bd1a458c4694f5130e55719
Author: Emmalee Carpenter <emmiecarpenter13@gmail.com>
Date: Thu Mar 19 16:04:49 2026 -0400
Update manuals and demos to consider OSSL_PARAM_clear_free() vs OSSL_PARAM_free()
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Apr 3 15:14:25 2026
(Merged from https://github.com/openssl/openssl/pull/30506)
diff --git a/demos/signature/EVP_DSA_Signature_demo.c b/demos/signature/EVP_DSA_Signature_demo.c
index 548860a812..088c568724 100644
--- a/demos/signature/EVP_DSA_Signature_demo.c
+++ b/demos/signature/EVP_DSA_Signature_demo.c
@@ -148,7 +148,7 @@ static int extract_keypair(const EVP_PKEY *pkey,
ret = 1;
end:
if (ret != 1) {
- OSSL_PARAM_free(keypair);
+ OSSL_PARAM_clear_free(keypair);
keypair = NULL;
}
*p_keypair = keypair;
@@ -306,7 +306,7 @@ end:
EVP_PKEY_free(params);
EVP_PKEY_free(pkey);
OSSL_PARAM_free(public_key);
- OSSL_PARAM_free(keypair);
+ OSSL_PARAM_clear_free(keypair);
OSSL_LIB_CTX_free(libctx);
return ret;
diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod
index 3e3e7dab8b..44d8788db0 100644
--- a/doc/man3/EVP_PKEY_fromdata.pod
+++ b/doc/man3/EVP_PKEY_fromdata.pod
@@ -203,7 +203,7 @@ TODO Write a set of cookbook documents and link to them.
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
- OSSL_PARAM_free(params);
+ OSSL_PARAM_clear_free(params);
OSSL_PARAM_BLD_free(param_bld);
BN_free(priv);
diff --git a/doc/man3/EVP_PKEY_todata.pod b/doc/man3/EVP_PKEY_todata.pod
index 8e54f228ac..d3455ce1bd 100644
--- a/doc/man3/EVP_PKEY_todata.pod
+++ b/doc/man3/EVP_PKEY_todata.pod
@@ -20,8 +20,8 @@ array of L<OSSL_PARAM(3)>.
EVP_PKEY_todata() extracts values from a key I<pkey> using the I<selection>.
I<selection> is described in L<EVP_PKEY_fromdata(3)/Selections>.
-L<OSSL_PARAM_free(3)> should be used to free the returned parameters in
-I<*params>.
+L<OSSL_PARAM_free(3)> or L<OSSL_PARAM_clear_free(3)> should be used to free the
+returned parameters in I<*params>.
EVP_PKEY_export() is similar to EVP_PKEY_todata() but uses a callback
I<export_cb> that gets passed the value of I<export_cbarg>.
diff --git a/doc/man3/OSSL_PARAM_BLD.pod b/doc/man3/OSSL_PARAM_BLD.pod
index a9dea41211..b5a2839385 100644
--- a/doc/man3/OSSL_PARAM_BLD.pod
+++ b/doc/man3/OSSL_PARAM_BLD.pod
@@ -58,7 +58,8 @@ If the argument is NULL, nothing is done.
OSSL_PARAM_BLD_to_param() converts a built up OSSL_PARAM_BLD structure
I<bld> into an allocated OSSL_PARAM array.
The OSSL_PARAM array and all associated storage must be freed by calling
-OSSL_PARAM_free() with the functions return value.
+OSSL_PARAM_free(); if the contents of OSSL_PARAM array are confidential call
+OSSL_PARAM_clear_free().
OSSL_PARAM_BLD_free() can safely be called any time after this function is.
=begin comment
@@ -177,7 +178,7 @@ private key.
OSSL_PARAM_BLD_free(bld);
/* Use params */
...
- OSSL_PARAM_free(params);
+ OSSL_PARAM_clear_free(params);
=head2 Example 2
@@ -199,7 +200,7 @@ public key.
=head1 SEE ALSO
-L<OSSL_PARAM_int(3)>, L<OSSL_PARAM(3)>, L<OSSL_PARAM_free(3)>
+L<OSSL_PARAM_int(3)>, L<OSSL_PARAM(3)>, L<OSSL_PARAM_free(3)>, L<OSSL_PARAM_clear_free(3)>
=head1 HISTORY