diff options
author | Richard Levitte <levitte@openssl.org> | 2021-09-29 13:45:55 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-12-13 07:52:53 +0100 |
commit | e67254e4c3d82b1b8f5102bc4a0e7914f0b87ef0 (patch) | |
tree | ca78c23990c2c2873f69916644dfc709edbf9dea /doc/man7 | |
parent | ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a (diff) |
Enhance the explanation of selector bits in provider-keymgmt(7)
This uncovers what has been a mere comment in an attempt to clarify
that the use of selector bits is very much at the discretion of the
provider implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/provider-keymgmt.pod | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index b0397b4103..fc8d995f44 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -200,12 +200,11 @@ Indicating that everything in a key object should be considered. The exact interpretation of those bits or how they combine is left to each function where you can specify a selector. -=for comment One might think that a combination of bits means that all -the selected data subsets must be considered, but then you have to -consider that when comparing key objects (future function), an -implementation might opt to not compare the private key if it has -compared the public key, since a match of one half implies a match of -the other half. +It's left to the provider implementation to decide what is reasonable +to do with regards to received selector bits and how to do it. +Among others, an implementation of OSSL_FUNC_keymgmt_match() might opt +to not compare the private half if it has compared the public half, +since a match of one half implies a match of the other half. =head2 Constructing and Destructing Functions |