| Message ID | 20201013133939.1182462-2-andrew.zaborowski@intel.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [RESEND] keys: Update comment for restrict_link_by_key_or_keyring_chain | expand |
On Tue, Oct 13, 2020 at 03:39:39PM +0200, Andrew Zaborowski wrote: > Add the bit of information that makes > restrict_link_by_key_or_keyring_chain different from > restrict_link_by_key_or_keyring to the inline docs comment. > > Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> > --- > crypto/asymmetric_keys/restrict.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c > index 77ebebada29..84cefe3b358 100644 > --- a/crypto/asymmetric_keys/restrict.c > +++ b/crypto/asymmetric_keys/restrict.c > @@ -244,9 +244,10 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring, > * @payload: The payload of the new key. > * @trusted: A key or ring of keys that can be used to vouch for the new cert. > * > - * Check the new certificate only against the key or keys passed in the data > - * parameter. If one of those is the signing key and validates the new > - * certificate, then mark the new certificate as being ok to link. > + * Check the new certificate against the key or keys passed in the data > + * parameter and against the keys already linked to the destination keyring. If > + * one of those is the signing key and validates the new certificate, then mark > + * the new certificate as being ok to link. > * > * Returns 0 if the new certificate was accepted, -ENOKEY if we > * couldn't find a matching parent certificate in the trusted list, > -- > 2.20.1 > > /Jarkko
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index 77ebebada29..84cefe3b358 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -244,9 +244,10 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring, * @payload: The payload of the new key. * @trusted: A key or ring of keys that can be used to vouch for the new cert. * - * Check the new certificate only against the key or keys passed in the data - * parameter. If one of those is the signing key and validates the new - * certificate, then mark the new certificate as being ok to link. + * Check the new certificate against the key or keys passed in the data + * parameter and against the keys already linked to the destination keyring. If + * one of those is the signing key and validates the new certificate, then mark + * the new certificate as being ok to link. * * Returns 0 if the new certificate was accepted, -ENOKEY if we * couldn't find a matching parent certificate in the trusted list,
Add the bit of information that makes restrict_link_by_key_or_keyring_chain different from restrict_link_by_key_or_keyring to the inline docs comment. Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com> --- crypto/asymmetric_keys/restrict.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)