Hal Murray <hmur...@megapathdsl.net>: > > e...@thyrsus.com said: > > Maybe not. I went looking for other places the refid computation is done > > and that seems to be it. What other other places did you have in mind? > > I was thinking of other places that called EVP_DigestInit > > If we need that flag for addr2refid, do we need it for other uses of MD5?
Having looked, I don't think so. But there is one case I'm unsure about that. There are three uses in libntp/macencrypt.c. Two of them are MAC computations that do require crypto security. You found the third, which doesn't. The flag seems to be intended to tag hashes that don't require crypto security, so we seem to be OK so far. There are three other calls. One is a sanity check of digest size. Maybe that one should have the flag set; I'm not sure, because while I think I know what the flag means, I don't know what the intended effects of setting it are. Another is the nonce generator for MRU list segments. The third is the SHA-1 validation for incoming leapsecond files. Those *should* have crypto security and it is proper that this flag is not set. -- <a href="http://www.catb.org/~esr/">Eric S. Raymond</a> _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel