X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=secnet.h;fp=secnet.h;h=30a171d4da262160443b9029c1c137fe8f69e027;hp=bd63a7c63f90681fd64fc34bdac97a56bbf723cb;hb=87af7c8c0f58eea212ec1207d0d343a509c5e7df;hpb=8e4308946bcdb5e62380cff7373d558518745eec

diff --git a/secnet.h b/secnet.h
index bd63a7c..30a171d 100644
--- a/secnet.h
+++ b/secnet.h
@@ -413,13 +413,13 @@ typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo,
 				  struct buffer_if *privkeydata,
 				  struct sigprivkey_if **sigpriv_r,
 				  struct log_if *log, struct cloc loc);
-  /* privkeydata may contain data for any algorithm, not necessarily
-   * this one!  If it is not for this algorithm, return False and do
-   * not log anything (other than at M_DEBUG).  If it *is* for this
-   * algorithm but is wrong, log at M_ERROR.
-   * On entry privkeydata->base==start.  loadpriv may modify base and
-   * size, but not anything else.  So it may use unprepend and
-   * unappend. */
+  /* Ideally, check whether privkeydata contains data for any algorithm.
+   * That avoids security problems if a key file is misidentified (which
+   * might happen if the file is simply renamed).
+   * If there is an error (including that the key data is not for this
+   * algorithm, return False and log an error at M_ERROR.
+   * On entry privkeydata->base==start.  loadpriv may modify
+   * privkeydata, including the contents. */
 
 struct sigscheme_info {
     const char *name;