KEYS: Split role of the keyring pointer for keyring restrict functions
authorMat Martineau <mathew.j.martineau@linux.intel.com>
Tue, 30 Aug 2016 18:33:13 +0000 (11:33 -0700)
committerMat Martineau <mathew.j.martineau@linux.intel.com>
Mon, 3 Apr 2017 17:24:56 +0000 (10:24 -0700)
commitaaf66c883813f0078e3dafe7d20d1461321ac14f
tree5198162cc55309f8653a0a333c2cbdffc64debad
parent469ff8f7d46d75b36de68a0411a2ce80109ad00b
KEYS: Split role of the keyring pointer for keyring restrict functions

The first argument to the restrict_link_func_t functions was a keyring
pointer. These functions are called by the key subsystem with this
argument set to the destination keyring, but restrict_link_by_signature
expects a pointer to the relevant trusted keyring.

Restrict functions may need something other than a single struct key
pointer to allow or reject key linkage, so the data used to make that
decision (such as the trust keyring) is moved to a new, fourth
argument. The first argument is now always the destination keyring.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Documentation/security/keys.txt
certs/system_keyring.c
crypto/asymmetric_keys/restrict.c
include/crypto/public_key.h
include/keys/system_keyring.h
include/linux/key.h
security/keys/key.c
security/keys/keyring.c