diff options
author | Richard Levitte <levitte@openssl.org> | 2021-09-29 13:45:55 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-12-13 07:58:34 +0100 |
commit | fc87d5dad26b4ad3351ed006024f9c48deebccb5 (patch) | |
tree | a6fc5c9630846b685754114a24e499689c5cb00d /doc | |
parent | 213a33e79fc1d0554d7cdad8496a805d6eacc77f (diff) |
Enhance the explanation of selector bits in provider-keymgmt(7)
This uncovers what has been a mere comment in an attempt to clarify
that the use of selector bits is very much at the discretion of the
provider implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
(cherry picked from commit e67254e4c3d82b1b8f5102bc4a0e7914f0b87ef0)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man7/provider-keymgmt.pod | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index b0397b4103..fc8d995f44 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -200,12 +200,11 @@ Indicating that everything in a key object should be considered. The exact interpretation of those bits or how they combine is left to each function where you can specify a selector. -=for comment One might think that a combination of bits means that all -the selected data subsets must be considered, but then you have to -consider that when comparing key objects (future function), an -implementation might opt to not compare the private key if it has -compared the public key, since a match of one half implies a match of -the other half. +It's left to the provider implementation to decide what is reasonable +to do with regards to received selector bits and how to do it. +Among others, an implementation of OSSL_FUNC_keymgmt_match() might opt +to not compare the private half if it has compared the public half, +since a match of one half implies a match of the other half. =head2 Constructing and Destructing Functions |