From ce19471f180d764bbcf5990dea5f60d4cd217dc7 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Sat, 30 Apr 2022 13:52:23 -0400
Subject: Add comments around non-security-related uses of MD5

---
 include/qpdf/QPDFEFStreamObjectHelper.hh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'include')

diff --git a/include/qpdf/QPDFEFStreamObjectHelper.hh b/include/qpdf/QPDFEFStreamObjectHelper.hh
index b39b6a7a..7c943453 100644
--- a/include/qpdf/QPDFEFStreamObjectHelper.hh
+++ b/include/qpdf/QPDFEFStreamObjectHelper.hh
@@ -57,9 +57,11 @@ class QPDFEFStreamObjectHelper: public QPDFObjectHelper
     // Subtype is a mime type such as "text/plain"
     QPDF_DLL
     std::string getSubtype();
-    // Return the MD5 checksum as stored in the object as a binary
-    // string. This does not check consistency with the data. If not
-    // present, return an empty string.
+    // Return the checksum as stored in the object as a binary string.
+    // This does not check consistency with the data. If not present,
+    // return an empty string. The PDF spec specifies this as an MD5
+    // checksum and notes that it is not to be used for security
+    // purposes since MD5 is known not to be secure.
     QPDF_DLL
     std::string getChecksum();
 
-- 
cgit v1.2.3-54-g00ecf