Eric Biggers <[email protected]> wrote: > As I mentioned on v11, it's misleading to start using the term digest > for something that isn't a digest.
I can call it 'm' if you like. I don't want to call it 'message' as that is overused here. > Naturally, this confusing introduction of non-digest digests seems to > have already caused a bug: IMA calls pkcs7_get_digest() to calculate the > digest of the module. But now that's no longer necessarily a digest. > It could be the entire signed attributes. The next patch deals with that, but I can move the error check forward... > I'll also note that this commit doesn't fully implement "Allow the > signing algo to calculate the digest itself" as claimed, since only the > signed attributes case is handled. It looks like the next patch is > intended to handle the other case. But it's not made clear at all that > it's a two-part thing; this patch implies that it's complete. ... or just squash the two patches together. David
