Rough edge to clean up

Eric S. Raymond esr at thyrsus.com
Mon Jan 30 13:54:54 UTC 2017


Hal Murray <hmurray at megapathdsl.net>:
> 
> esr at thyrsus.com said:
> > Maybe not.  I went looking for other places the refid computation is done
> > and that seems to be it.  What other other places did you have in mind? 
> 
> I was thinking of other places that called EVP_DigestInit
> 
> If we need that flag for addr2refid, do we need it for other uses of MD5?

Having looked, I don't think so. But there is one case I'm unsure about that.

There are three uses in libntp/macencrypt.c.  Two of them are MAC computations
that do require crypto security.  You found the third, which doesn't. The
flag seems to be intended to tag hashes that don't require crypto security,
so we seem to be OK so far.

There are three other calls. One is a sanity check of digest size.
Maybe that one should have the flag set; I'm not sure, because while
I think I know what the flag means, I don't know what the intended
effects of setting it are.

Another is the nonce generator for MRU list segments.  The third is the
SHA-1 validation for incoming leapsecond files.  Those *should* have
crypto security and it is proper that this flag is not set.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


More information about the devel mailing list