mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 10:58:58 +00:00
Add comments around non-security-related uses of MD5
This commit is contained in:
parent
c365a26e9d
commit
ce19471f18
@ -57,9 +57,11 @@ class QPDFEFStreamObjectHelper: public QPDFObjectHelper
|
||||
// Subtype is a mime type such as "text/plain"
|
||||
QPDF_DLL
|
||||
std::string getSubtype();
|
||||
// Return the MD5 checksum as stored in the object as a binary
|
||||
// string. This does not check consistency with the data. If not
|
||||
// present, return an empty string.
|
||||
// Return the checksum as stored in the object as a binary string.
|
||||
// This does not check consistency with the data. If not present,
|
||||
// return an empty string. The PDF spec specifies this as an MD5
|
||||
// checksum and notes that it is not to be used for security
|
||||
// purposes since MD5 is known not to be secure.
|
||||
QPDF_DLL
|
||||
std::string getChecksum();
|
||||
|
||||
|
@ -139,6 +139,8 @@ QPDFEFStreamObjectHelper::newFromStream(QPDFObjectHandle stream)
|
||||
stream.getDict().replaceKey(
|
||||
"/Type", QPDFObjectHandle::newName("/EmbeddedFile"));
|
||||
Pl_Discard discard;
|
||||
// The PDF spec specifies use of MD5 here and notes that it is not
|
||||
// to be used for security. MD5 is known to be insecure.
|
||||
Pl_MD5 md5("EF md5", &discard);
|
||||
Pl_Count count("EF size", &md5);
|
||||
if (!stream.pipeStreamData(&count, nullptr, 0, qpdf_dl_all)) {
|
||||
|
Loading…
Reference in New Issue
Block a user