Add comments around non-security-related uses of MD5

author: Jay Berkenbilt <ejb@ql.org> 2022-04-30 19:52:23 +0200
committer: Jay Berkenbilt <ejb@ql.org> 2022-04-30 20:15:07 +0200
commit: ce19471f180d764bbcf5990dea5f60d4cd217dc7 (patch)
tree: 13bb4945e85d83c38b993ee3312fc1c5708ae4f9 /libqpdf/QPDFEFStreamObjectHelper.cc
parent: c365a26e9df84b196eb015a0c82557fd12484da1 (diff)
download: qpdf-ce19471f180d764bbcf5990dea5f60d4cd217dc7.tar.zst
1 files changed, 2 insertions, 0 deletions
diff --git a/libqpdf/QPDFEFStreamObjectHelper.cc b/libqpdf/QPDFEFStreamObjectHelper.cc
index 5810cf37..cbfe47a3 100644
--- a/libqpdf/QPDFEFStreamObjectHelper.cc
+++ b/libqpdf/QPDFEFStreamObjectHelper.cc
@@ -139,6 +139,8 @@ QPDFEFStreamObjectHelper::newFromStream(QPDFObjectHandle stream)
     stream.getDict().replaceKey(
         "/Type", QPDFObjectHandle::newName("/EmbeddedFile"));
     Pl_Discard discard;
+    // The PDF spec specifies use of MD5 here and notes that it is not
+    // to be used for security. MD5 is known to be insecure.
     Pl_MD5 md5("EF md5", &discard);
     Pl_Count count("EF size", &md5);
     if (!stream.pipeStreamData(&count, nullptr, 0, qpdf_dl_all)) {
author	Jay Berkenbilt <ejb@ql.org>	2022-04-30 19:52:23 +0200
committer	Jay Berkenbilt <ejb@ql.org>	2022-04-30 20:15:07 +0200
commit	ce19471f180d764bbcf5990dea5f60d4cd217dc7 (patch)
tree	13bb4945e85d83c38b993ee3312fc1c5708ae4f9 /libqpdf/QPDFEFStreamObjectHelper.cc
parent	c365a26e9df84b196eb015a0c82557fd12484da1 (diff)
download	qpdf-ce19471f180d764bbcf5990dea5f60d4cd217dc7.tar.zst