md5_hash vs. md5_hmac

The implementation of md5_hash(...) and md5_hmac(...) in bro.bif is
identical:

    %{
    unsigned char digest[16];
    hmac_md5_val(@ARG@, digest);
    return new StringVal(md5_digest_print(digest));
    %}

It seems that md5_hmac should support providing the secret key. Does
anyone know more details about this?

    Matthias

The implementation of md5_hash(...) and md5_hmac(...) in bro.bif is
identical:

    %{
    unsigned char digest[16];
    hmac_md5_val(@ARG@, digest);
    return new StringVal(md5_digest_print(digest));
    %}

They're not identical. (At least, not in 1.5, which is what I can easily
check.) md5_hash() calls hash_md5_val() rather than hmac_md5_val().
Per the CHANGES:

- The new built-in md5_hmac() returns an HMAC-MD5 hash of the given string
  (Ruoming Pang). The HMAC secret key is generated from available entropy
  when Bro starts up, or it can be specified for repeatability using
  the new -K flag.

    Vern

That should still be correct since I wasn't looking for an HMAC value with the md5_hash function and we haven't touched that code since it was added.

  .Seth

That should still be correct since I wasn't looking for an HMAC value
with the md5_hash function and we haven't touched that code since it
was added.

I had to squint my eyes intensively to see the difference in the
function bodies:

    hash_md5_val(@ARG@, digest);

vs.

    hmac_md5_val(@ARG@, digest);

That makes more sense now to me, sorry for the noise.

    Matthias