Add implementation note explaining why we implement deprecated hash f…

…unctions and why we have our own HMAC implementation.
OpenPrinting · Apr 9, 2023 · baa1421 · baa1421
1 parent 00f35eb
commit baa1421
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/cups/hash.c b/cups/hash.c
@@ -1,5 +1,5 @@
 //
-// Hashing function for CUPS.
+// Hashing functions for CUPS.
 //
 // Copyright © 2022-2023 by OpenPrinting.
 // Copyright © 2015-2019 by Apple Inc.
@@ -22,6 +22,16 @@
 #endif // HAVE_OPENSSL
 
 
+//
+// Note: While both GNU TLS and OpenSSL offer HMAC functions, they also exclude
+// certain hashes depending on the version of library and whatever patches are
+// applied by the OS vendor/Linux distribution.  Since printers sometimes rely
+// on otherwise deprecated/obsolete hash functions for things like PIN printing
+// ("job-password"), and since such uses already have poor security regardless
+// of the hash function used, it is more important to provide guaranteed
+// implementations over some imaginary notion of "guaranteed security"...
+//
+
 //
 // Local functions...
 //