On 10/24/2016 04:36 PM, Mat Martineau wrote:
Revoking keys (or keyrings) unlinks them from every keyring.
it is useful to let the kernel keep a key even if ELL isn't directly
tracking that key anymore - for example, a keyring of trusted keys can
be used for validation without keeping l_key objects around for every
single key in that keyring. The kernel will clean up the kernel key
objects when there are no more references to them whether or not we
explicitly revoke from userspace.
l_key_free_norevoke and l_keyring_free_norevoke are added to support the
non-revoking behavior, while the default is still to revoke the key.
ell/key.c | 20 ++++++++++++++++++++
ell/key.h | 2 ++
2 files changed, 22 insertions(+)