Request to Add OpenSSL Support in "cupsHashData" (cups/hash.c) Function for AirPrint Web UI Interface

[sahayap]

Dear Team.

I am Sahaya Darcius from Bixolon Co., Ltd, and I hope you all doing well. As a part of our ongoing efforts to develop AirPrint support for our printers, we have been using the PAPPL framework, CUPS 2.4.5, and OpenSSL-1.1.1g. While our printing functionality has been successfully implemented, we have encountered an issue with the Web UI interface.

Upon conducting a thorough analysis, we have identified the root cause of the problem, which lies in the "cupsHashData" function within the "papplClientGetCSRFToken" function in the "client-accessors.c" file. It has come to light that this function returns incorrect Hash binary data.

Upon further investigation, we discovered that the "cupsHashData" function in the "cups/hash.c" file only supports GnuTLS and does not extend its compatibility to OpenSSL. The discrepancy in the algorithm values passed from the "papplClientGetCSRFToken" function is another contributing factor, as it uses "sha2-256," whereas OpenSSL expects "sha256."

In light of these findings, we have taken the initiative to resolve the issue by implementing our own hash data function for sha256 using OpenSSL. I am delighted to inform you that this solution has proven to be successful, and the Web UI is now functioning optimally.

However, we believe that adding OpenSSL support to the "cupsHashData" function in the "cups/hash.c" file would greatly enhance its usability and flexibility for other users facing similar challenges. Therefore, I kindly request your esteemed team to consider integrating OpenSSL support into the "cupsHashData" function.

Your support in implementing this enhancement will undoubtedly benefit many users in the community who rely on CUPS and OpenSSL for their printing solutions.

Thank you for your time and consideration.

Best Regards, Sahaya Darcius P

[zdohnal]

Hi @sahayap ,

if your new hash function is part of open source code and applicable after changes into CUPS code, it would be great if you opened a pull request.

I've created a PR implementing the function in OpenSSL - it was interesting to try OpenSSL for once.

[michaelrsweet]

@zdohnal I already have the code in the libcups repository, was planning on copying it over along with the other changes for CUPS 2.5... We can also apply the hash changes for CUPS 2.4.x...

[zdohnal]

@michaelrsweet I've taken the commit from master for this and applied in 2.4.x directly (review of the merge sounded as waste of your time since it is a plain copy of your commit from master - without translation typo fix - do let me know if you would like to do reviews of such commits too next time). I didn't see any API breakage and build+test passed on my machine.

Fixed in master and 2.4.x

[jacmet]

This commit breaks builds of cups without gnutls/openssl as it drops the #ifdef HAVE_GNUTLS logic and makes gnutls required if openssl is not available, which is unfortunate given the security fixes in 2.4.7.

Could the #ifndef HAVE_GNUTLS logic be reinstantiated please?

[zdohnal]

Ouch, I'm sorry for that - the removal should happen in 2.5, so the fix has to be a little bit different in 2.4.x - I've created PR here https://github.com/OpenPrinting/cups/pull/794 .

But be aware TLS library like OpenSSL/LibreSSL or GnuTLS are required since 2.5.