Hal Murray :
>
> e...@thyrsus.com said:
> > There are three uses in libntp/macencrypt.c. Two of them are MAC
> > computations that do require crypto security. You found the third, which
> > doesn't. The flag seems to be intended to tag hashes that don't require
> > crypto security, so we seem to
e...@thyrsus.com said:
> There are three uses in libntp/macencrypt.c. Two of them are MAC
> computations that do require crypto security. You found the third, which
> doesn't. The flag seems to be intended to tag hashes that don't require
> crypto security, so we seem to be OK so far.
If we ne
Hal Murray :
>
> e...@thyrsus.com said:
> > Maybe not. I went looking for other places the refid computation is done
> > and that seems to be it. What other other places did you have in mind?
>
> I was thinking of other places that called EVP_DigestInit
>
> If we need that flag for addr2refid
e...@thyrsus.com said:
> Maybe not. I went looking for other places the refid computation is done
> and that seems to be it. What other other places did you have in mind?
I was thinking of other places that called EVP_DigestInit
If we need that flag for addr2refid, do we need it for other use
Hal Murray :
>
> EVP_MD_CTX_FLAG_NON_FIPS_ALLOW is only used in libntp/macencrypt.c
>
> EVP_MD_CTX_init(&ctx);
> #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
> /* MD5 is not used as a crypto hash here. */
> EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
> #endif
>
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW is only used in libntp/macencrypt.c
EVP_MD_CTX_init(&ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
if (!EVP_DigestInit_ex(&c