diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod
index ac93920addec3..fa1a3466e3d8b 100644
--- a/doc/man3/PEM_read_bio_PrivateKey.pod
+++ b/doc/man3/PEM_read_bio_PrivateKey.pod
@@ -320,7 +320,9 @@ NULL but I<*x> is NULL then the structure returned will be written
 to I<*x>. If neither I<x> nor I<*x> is NULL then an attempt is made
 to reuse the structure at I<*x> (but see BUGS and EXAMPLES sections).
 Irrespective of the value of I<x> a pointer to the structure is always
-returned (or NULL if an error occurred).
+returned (or NULL if an error occurred). The caller retains ownership of the
+returned object and needs to free it when it is no longer needed, e.g.
+using X509_free() for X509 objects or EVP_PKEY_free() for EVP_PKEY objects.
 
 The PEM functions which write private keys take an I<enc> parameter
 which specifies the encryption algorithm to use, encryption is done
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index 00efb60358166..1086f7aa76e7c 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -387,7 +387,9 @@ B<d2i_I<TYPE>>() attempts to decode I<len> bytes at I<*ppin>. If successful a
 pointer to the B<I<TYPE>> structure is returned and I<*ppin> is incremented to
 the byte following the parsed data.  If I<a> is not NULL then a pointer
 to the returned structure is also written to I<*a>.  If an error occurred
-then NULL is returned.
+then NULL is returned. The caller retains ownership of the
+returned object and needs to free it when it is no longer needed, e.g.
+using X509_free() for X509 objects or DSA_SIG_free() for DSA_SIG objects.
 
 On a successful return, if I<*a> is not NULL then it is assumed that I<*a>
 contains a valid B<I<TYPE>> structure and an attempt is made to reuse it.