From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Date: Sun, 18 Oct 2020 20:25:26 +0000 Subject: Re: [RESEND][PATCH] keys: Update comment for restrict_link_by_key_or_keyring_chain Message-Id: <20201018202526.GB574776@kapsi.fi> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit List-Id: References: <20200504090800.129593-1-andrew.zaborowski@intel.com> In-Reply-To: <20200504090800.129593-1-andrew.zaborowski@intel.com> To: keyrings@vger.kernel.org On Tue, Oct 13, 2020 at 03:39:39PM +0200, Andrew Zaborowski wrote: > Add the bit of information that makes > restrict_link_by_key_or_keyring_chain different from > restrict_link_by_key_or_keyring to the inline docs comment. > > Signed-off-by: Andrew Zaborowski Acked-by: Jarkko Sakkinen > --- > crypto/asymmetric_keys/restrict.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c > index 77ebebada29..84cefe3b358 100644 > --- a/crypto/asymmetric_keys/restrict.c > +++ b/crypto/asymmetric_keys/restrict.c > @@ -244,9 +244,10 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring, > * @payload: The payload of the new key. > * @trusted: A key or ring of keys that can be used to vouch for the new cert. > * > - * Check the new certificate only against the key or keys passed in the data > - * parameter. If one of those is the signing key and validates the new > - * certificate, then mark the new certificate as being ok to link. > + * Check the new certificate against the key or keys passed in the data > + * parameter and against the keys already linked to the destination keyring. If > + * one of those is the signing key and validates the new certificate, then mark > + * the new certificate as being ok to link. > * > * Returns 0 if the new certificate was accepted, -ENOKEY if we > * couldn't find a matching parent certificate in the trusted list, > -- > 2.20.1 > > /Jarkko From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BAB43C433E7 for ; Sun, 18 Oct 2020 20:25:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 828BA22276 for ; Sun, 18 Oct 2020 20:25:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1603052729; bh=Dze6LNzD3UHLop9G1pwa2x8sh0NZKVh5h/EpVwZ8fnU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=N0WI7kES/qcVSo+0QNE+X1hSj5ZcKS7a+4sxx+rlN3licCNPx9URQGuaVpmIMdv74 f/xVHUpowR+1SAcLP/fvYvFBCL2Som44pSehc9CSs6mi3Jgquxtiefa8iArJDFR0zm FHhFH7kWboFFmZNGE8GaV2wqzn80TIWfrI/c5cyA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727464AbgJRUZ3 (ORCPT ); Sun, 18 Oct 2020 16:25:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:56110 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726422AbgJRUZ3 (ORCPT ); Sun, 18 Oct 2020 16:25:29 -0400 Received: from localhost (83-245-197-237.elisa-laajakaista.fi [83.245.197.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D9C0C22269; Sun, 18 Oct 2020 20:25:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1603052728; bh=Dze6LNzD3UHLop9G1pwa2x8sh0NZKVh5h/EpVwZ8fnU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=JZBrnBAvhaf57oiquWvKS0JaiWhSWXWGC/ndR0fwCPzI4IVYDq32LHGSbj+cgbCsX yg1sGicoWhDL3c2ZtvkmXMkkq5emGJ8tEsvnX1JzK/3y6VPu8V89u2Q4+sIye/DQU8 35PZrPU4MvfewtxhcKA+f04j3SpA4+sM0p8f12DA= Date: Sun, 18 Oct 2020 23:25:26 +0300 From: Jarkko Sakkinen To: Andrew Zaborowski Cc: keyrings@vger.kernel.org, dhowells@redhat.com Subject: Re: [RESEND][PATCH] keys: Update comment for restrict_link_by_key_or_keyring_chain Message-ID: <20201018202526.GB574776@kapsi.fi> References: <20201013133939.1182462-1-andrew.zaborowski@intel.com> <20201013133939.1182462-2-andrew.zaborowski@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201013133939.1182462-2-andrew.zaborowski@intel.com> Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org Message-ID: <20201018202526.GFKasrgXJ8wXMvJZKzuQpBWpCeoFTpooEeofcV5CPjk@z> On Tue, Oct 13, 2020 at 03:39:39PM +0200, Andrew Zaborowski wrote: > Add the bit of information that makes > restrict_link_by_key_or_keyring_chain different from > restrict_link_by_key_or_keyring to the inline docs comment. > > Signed-off-by: Andrew Zaborowski Acked-by: Jarkko Sakkinen > --- > crypto/asymmetric_keys/restrict.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c > index 77ebebada29..84cefe3b358 100644 > --- a/crypto/asymmetric_keys/restrict.c > +++ b/crypto/asymmetric_keys/restrict.c > @@ -244,9 +244,10 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring, > * @payload: The payload of the new key. > * @trusted: A key or ring of keys that can be used to vouch for the new cert. > * > - * Check the new certificate only against the key or keys passed in the data > - * parameter. If one of those is the signing key and validates the new > - * certificate, then mark the new certificate as being ok to link. > + * Check the new certificate against the key or keys passed in the data > + * parameter and against the keys already linked to the destination keyring. If > + * one of those is the signing key and validates the new certificate, then mark > + * the new certificate as being ok to link. > * > * Returns 0 if the new certificate was accepted, -ENOKEY if we > * couldn't find a matching parent certificate in the trusted list, > -- > 2.20.1 > > /Jarkko