keys: Update comment for restrict_link_by_key_or_keyring_chain

author Andrew Zaborowski <andrew.zaborowski@intel.com>

Mon, 4 Jan 2021 16:40:48 +0000 (17:40 +0100)

committer Jarkko Sakkinen <jarkko@kernel.org>

Tue, 16 Feb 2021 08:40:27 +0000 (10:40 +0200)
author Andrew Zaborowski <andrew.zaborowski@intel.com>
Mon, 4 Jan 2021 16:40:48 +0000 (17:40 +0100)
committer Jarkko Sakkinen <jarkko@kernel.org>
Tue, 16 Feb 2021 08:40:27 +0000 (10:40 +0200)
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c

index 77ebeba..84cefe3 100644 (file)
--- a/crypto/asymmetric_keys/restrict.c
+++ b/crypto/asymmetric_keys/restrict.c
@@ -244,9 +244,10 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring,
   * @payload: The payload of the new key.
   * @trusted: A key or ring of keys that can be used to vouch for the new cert.
   *
- * Check the new certificate only against the key or keys passed in the data
- * parameter. If one of those is the signing key and validates the new
- * certificate, then mark the new certificate as being ok to link.
+ * Check the new certificate against the key or keys passed in the data
+ * parameter and against the keys already linked to the destination keyring. If
+ * one of those is the signing key and validates the new certificate, then mark
+ * the new certificate as being ok to link.
   *
   * Returns 0 if the new certificate was accepted, -ENOKEY if we
   * couldn't find a matching parent certificate in the trusted list,
author	Andrew Zaborowski <andrew.zaborowski@intel.com>
	Mon, 4 Jan 2021 16:40:48 +0000 (17:40 +0100)
committer	Jarkko Sakkinen <jarkko@kernel.org>
	Tue, 16 Feb 2021 08:40:27 +0000 (10:40 +0200)