[OpenSER-Devel] [ openser-Patches-1690705 ] SIP Identity module
SourceForge.net
noreply at sourceforge.net
Wed Oct 17 09:08:24 CEST 2007
Patches item #1690705, was opened at 2007-03-29 16:55
Message generated for change (Comment added) made by klaus_darilion
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1690705&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver devel
Status: Open
Resolution: Accepted
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Bogdan (bogdan_iancu)
Summary: SIP Identity module
Initial Comment:
This module adds support for SIP Identity (RFC 4474).
I have written it as part of my diploma thesis about SIP security.
Regards
Alexander Christ
----
Alexander Christ - student at Cologne University of Applied Sciences
Alexander.Christ386_at_web.de
----
----------------------------------------------------------------------
>Comment By: Klaus Darilion (klaus_darilion)
Date: 2007-10-17 09:08
Message:
Logged In: YES
user_id=1318360
Originator: NO
just a quick note: there might be problems when using the identity module
and TLS as both use openssl which is not safe due to global variables
(maybe it is safe if identity module only uses crypto functions without
initialization of openssl and use of CTX contexts?). I saw that the ser
guys use static linking against openssl in there auth_identity module to
bypass these problem.
----------------------------------------------------------------------
Comment By: Bogdan (bogdan_iancu)
Date: 2007-10-04 14:11
Message:
Logged In: YES
user_id=1275325
Originator: NO
I suggest to keep the module on the tracker for after the 1.3 release and
then we can re-evaluate what the options are. Now, in couple of days, there
is no suitable solution to make it work correctly.
regards,
Bogdan
----------------------------------------------------------------------
Comment By: Klaus Darilion (klaus_darilion)
Date: 2007-09-27 10:51
Message:
Logged In: YES
user_id=1318360
Originator: NO
To really make use of it we need to change the signing to use the modified
message, not the original received message. For example, just be fore the
message is sent on the wire, reparse the message and sign it.
----------------------------------------------------------------------
Comment By: Henning Westerholt (henningw)
Date: 2007-09-27 09:43
Message:
Logged In: YES
user_id=337916
Originator: NO
Any new thoughs on this module? Should we merge this for 1.3?
Cheers,
Henning
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2007-06-05 13:46
Message:
Logged In: NO
Hi!
I've made a quick review of the auth_identity module in ser CVs. It does
sign the outgoing message, thus it applies lumps before signing using
functions added to msg_translator:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/msg_translator.c.diff?r1=1.142&r2=1.143
----------------------------------------------------------------------
Comment By: Henning Westerholt (henningw)
Date: 2007-05-25 14:55
Message:
Logged In: YES
user_id=337916
Originator: NO
This was discussed at devel in
http://www.openser.org/pipermail/devel/2007-May/007564.html, unfortunally
without a result. The original author don't want to maintain this code, and
nobody other stepped up so far. There are also some issues with the
functionality of the module, resulting of the internal structure of
openser.
----------------------------------------------------------------------
Comment By: Henning Westerholt (henningw)
Date: 2007-04-10 11:04
Message:
Logged In: YES
user_id=337916
Originator: NO
Attached patches from Alexander Christ for the minor issues reported on
2007-03-30 10:49.
* add GPL header and include guards to .h file
* fix signess warnings, adapt to openssl 0.9.8
Henning
--- identity.old/identity.h 2007-03-29 14:43:24.000000000 +0200
+++ identity.new/identity.h 2007-04-06 10:11:00.822818288 +0200
@@ -1,3 +1,33 @@
+/* Copyright (C) 2007 Alexander Christ,
+ * Cologne University of Applied Sciences
+ *
+ * This file is part of openser, a free SIP server.
+ *
+ * openser is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * openser is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA
+ *
+ *
+ * History:
+ * -------
+ * 2007-03-29 initial version
+ * 2007-04-06 added GPL copyright, #ifndef ... ; changed MIN macro
+ *
+ */
+
+#ifndef _IDENTITY_H_
+#define _IDENTITY_H_
+
#define MAX_TIME 64 //max. length of timestamp
#define DATE_FORMAT "%a, %d %b %Y %H:%M:%S GMT"
#define MAXDATEDELTA_AUTH 600 //max. allowed | dateHF - now | for
authentication service in seconds
@@ -12,7 +42,7 @@
#define HOSTNAME_ILLCHAR "?[" //forbidden characters in certHostname
#define L_IDENT 4 //log-level of verifications
-#define MIN(a, b) ((a < b) ? a : b)
+#define MIN(a, b) ((a) < (b) ? (a) : (b))
static int mod_init(void);
static int child_init(int rank);
@@ -55,3 +85,5 @@
static int add_hf_helper(struct sip_msg* msg, str *str1, str *str2,
xl_elem_t *model, int mode, str *hfs);
static int append_hf_1(struct sip_msg *msg, char *str1, char *str2 );
static int hname_fixup(void** param, int param_no);
+
+#endif
--- identity.old/identity.c 2007-03-29 15:00:39.000000000 +0200
+++ identity.new/identity.c 2007-04-06 10:11:00.822818288 +0200
@@ -21,6 +21,7 @@
* History:
* -------
* 2007-03-29 initial version
+ * 2007-04-06 changes regarding pointer types and signess
*
*/
@@ -727,9 +728,9 @@
static int addIdentity(char * dateHF, struct sip_msg * msg)
{
EVP_MD_CTX ctx;
- int siglen = 0;
+ unsigned int siglen = 0;
int b64len = 0;
- char * sig = NULL;
+ unsigned char * sig = NULL;
char * b64str = NULL;
char digestString[MAX_DIGEST] = "\0";
char buf[MAX_IDENTITY] = "Identity: \""; //String, der msg hinzugefuegt
wird
@@ -774,7 +775,7 @@
LOG(L_ERR, "identity: addIdentity: ERROR: error allocating memory\n");
return 0;
}
- EVP_EncodeBlock(b64str, sig, siglen); //Base64 encodierung von sig nach
b64str
+ EVP_EncodeBlock((unsigned char *) b64str, sig, siglen); //Base64
encodierung von sig nach b64str
b64str[b64len - 1] = '\0';
pkg_free(sig);
@@ -1054,7 +1055,11 @@
char * extstr;
X509V3_EXT_METHOD * meth;
void * ext_str = NULL;
+ #if (OPENSSL_VERSION_NUMBER > 0x00908000L)
+ const unsigned char * data;
+ #else
unsigned char * data;
+ #endif
STACK_OF(CONF_VALUE) * val;
CONF_VALUE * nval;
@@ -1173,7 +1178,7 @@
EVP_PKEY * pubkey = NULL;
char digestString[MAX_DIGEST] = "\0";
int siglen = -1;
- char * sigbuf = NULL;
+ unsigned char * sigbuf = NULL;
int b64len = 0;
EVP_MD_CTX ctx;
int result = 0;
@@ -1207,7 +1212,7 @@
return 0;
}
- siglen = EVP_DecodeBlock(sigbuf, identityHF, b64len); //siglen = -1 im
Fehlerfall
+ siglen = EVP_DecodeBlock(sigbuf, (unsigned char *) identityHF, b64len);
//siglen = -1 im Fehlerfall
if(siglen <= 1)
{
pkg_free(sigbuf);
@@ -1315,7 +1320,7 @@
*/
static time_t parseX509Date(ASN1_STRING * dateString)
{
- char * tmp = NULL;
+ unsigned char * tmp = NULL;
struct tm tmDate;
if(!dateString)
----------------------------------------------------------------------
Comment By: Bogdan (bogdan_iancu)
Date: 2007-04-08 10:23
Message:
Logged In: YES
user_id=1275325
Originator: NO
Hi Alexander,
thanks for your contribution. shortly, it will be reviewed and uploaded on
the SVN trunk.
regards,
bogdan
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1690705&group_id=139143
More information about the Devel
mailing list