From e67254e4c3d82b1b8f5102bc4a0e7914f0b87ef0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 29 Sep 2021 13:45:55 +0200 Subject: [PATCH] Enhance the explanation of selector bits in provider-keymgmt(7) This uncovers what has been a mere comment in an attempt to clarify that the use of selector bits is very much at the discretion of the provider implementation. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16765) --- doc/man7/provider-keymgmt.pod | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index b0397b4103..fc8d995f44 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -200,12 +200,11 @@ Indicating that everything in a key object should be considered. The exact interpretation of those bits or how they combine is left to each function where you can specify a selector. -=for comment One might think that a combination of bits means that all -the selected data subsets must be considered, but then you have to -consider that when comparing key objects (future function), an -implementation might opt to not compare the private key if it has -compared the public key, since a match of one half implies a match of -the other half. +It's left to the provider implementation to decide what is reasonable +to do with regards to received selector bits and how to do it. +Among others, an implementation of OSSL_FUNC_keymgmt_match() might opt +to not compare the private half if it has compared the public half, +since a match of one half implies a match of the other half. =head2 Constructing and Destructing Functions -- 2.34.1