@@ -31,10 +31,16 @@ extern __initconst const unsigned long s
extern __initconst const unsigned long module_cert_size;
/**
- * restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
+ * restrict_link_by_builtin_trusted - Restrict keyring addition by builtin CA
+ * @dest_keyring: Keyring being linked to.
+ * @type: The type of key being added.
+ * @payload: The payload of the new key.
+ * @restriction_key: Key providing additional data for evaluating restriction.
*
* Restrict the addition of keys into a keyring based on the key-to-be-added
- * being vouched for by a key in the built in system keyring.
+ * being vouched for by a key in the builtin system keyring.
+ *
+ * Return: %0 on success or a negative value on error
*/
int restrict_link_by_builtin_trusted(struct key *dest_keyring,
const struct key_type *type,
@@ -49,10 +55,16 @@ int restrict_link_by_builtin_trusted(str
/**
* restrict_link_by_builtin_and_secondary_trusted - Restrict keyring
* addition by both builtin and secondary keyrings
+ * @dest_keyring: Keyring being linked to.
+ * @type: The type of key being added.
+ * @payload: The payload of the new key.
+ * @restrict_key: Key providing additional data for evaluating restriction.
*
* Restrict the addition of keys into a keyring based on the key-to-be-added
- * being vouched for by a key in either the built-in or the secondary system
+ * being vouched for by a key in either the builtin or the secondary system
* keyrings.
+ *
+ * Return: %0 on success or a negative value on error
*/
int restrict_link_by_builtin_and_secondary_trusted(
struct key *dest_keyring,
@@ -73,7 +85,7 @@ int restrict_link_by_builtin_and_seconda
secondary_trusted_keys);
}
-/**
+/*
* Allocate a struct key_restriction for the "builtin and secondary trust"
* keyring. Only for use in system_trusted_keyring_init().
*/
@@ -170,14 +182,17 @@ late_initcall(load_system_certificate_li
/**
* verify_pkcs7_message_sig - Verify a PKCS#7-based signature on system data.
- * @data: The data to be verified (NULL if expecting internal data).
+ * @data: The data to be verified (%NULL if expecting internal data).
* @len: Size of @data.
* @pkcs7: The PKCS#7 message that is the signature.
- * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
- * (void *)1UL for all trusted keys).
+ * @trusted_keys: Trusted keys to use (%NULL for builtin trusted keys only,
+ * %VERIFY_USE_SECONDARY_KEYRING for secondary trusted keys,
+ * %VERIFY_USE_PLATFORM_KEYRING for platform trusted keys).
* @usage: The use to which the key is being put.
* @view_content: Callback to gain access to content.
* @ctx: Context for callback.
+ *
+ * Return: %0 on success or a negative value on error
*/
int verify_pkcs7_message_sig(const void *data, size_t len,
struct pkcs7_message *pkcs7,
@@ -254,15 +269,18 @@ error:
/**
* verify_pkcs7_signature - Verify a PKCS#7-based signature on system data.
- * @data: The data to be verified (NULL if expecting internal data).
+ * @data: The data to be verified (%NULL if expecting internal data).
* @len: Size of @data.
* @raw_pkcs7: The PKCS#7 message that is the signature.
* @pkcs7_len: The size of @raw_pkcs7.
- * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
- * (void *)1UL for all trusted keys).
+ * @trusted_keys: Trusted keys to use (%NULL for builtin trusted keys only,
+ * %VERIFY_USE_SECONDARY_KEYRING for secondary trusted keys,
+ * %VERIFY_USE_PLATFORM_KEYRING for platform trusted keys).
* @usage: The use to which the key is being put.
* @view_content: Callback to gain access to content.
* @ctx: Context for callback.
+ *
+ * Return: %0 on success or a negative value on error
*/
int verify_pkcs7_signature(const void *data, size_t len,
const void *raw_pkcs7, size_t pkcs7_len,
- Fix all kernel-doc warnings in system_keyring.c: system_keyring.c:43: warning: expecting prototype for restrict_link_to_builtin_trusted(). Prototype was for restrict_link_by_builtin_trusted() instead system_keyring.c:77: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Allocate a struct key_restriction for the "builtin and secondary trust" system_keyring.c:77: warning: missing initial short description on line: * Allocate a struct key_restriction for the "builtin and secondary trust" system_keyring.c:43: warning: No description found for return value of 'restrict_link_by_builtin_trusted' system_keyring.c:62: warning: No description found for return value of 'restrict_link_by_builtin_and_secondary_trusted' system_keyring.c:190: warning: No description found for return value of 'verify_pkcs7_message_sig' system_keyring.c:275: warning: No description found for return value of 'verify_pkcs7_signature' system_keyring.c:39: warning: contents before sections system_keyring.c:45: warning: Function parameter or member 'dest_keyring' not described in 'restrict_link_by_builtin_trusted' system_keyring.c:45: warning: Function parameter or member 'type' not described in 'restrict_link_by_builtin_trusted' system_keyring.c:45: warning: Function parameter or member 'payload' not described in 'restrict_link_by_builtin_trusted' system_keyring.c:45: warning: Function parameter or member 'restriction_key' not described in 'restrict_link_by_builtin_trusted' system_keyring.c:59: warning: contents before sections system_keyring.c:66: warning: Function parameter or member 'dest_keyring' not described in 'restrict_link_by_builtin_and_secondary_trusted' system_keyring.c:66: warning: Function parameter or member 'type' not described in 'restrict_link_by_builtin_and_secondary_trusted' system_keyring.c:66: warning: Function parameter or member 'payload' not described in 'restrict_link_by_builtin_and_secondary_trusted' system_keyring.c:66: warning: Function parameter or member 'restrict_key' not described in 'restrict_link_by_builtin_and_secondary_trusted' - Use '%' preceding constants in kernel-doc notation. - Use "builtin" consistently instead of "built in" or "built-in". - Don't use "/**" to begin a comment that is not in kernel-doc format. - Document the use of VERIFY_USE_SECONDARY_KEYRING and VERIFY_USE_PLATFORM_KEYRING. Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: keyrings@vger.kernel.org --- v2: add missing function parameter descriptions certs/system_keyring.c | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-)