From 73569bb1f79fb2d8349f957c582c84dcd5dd4f5d Mon Sep 17 00:00:00 2001 From: Dragos Oancea Date: Tue, 13 Apr 2021 10:30:15 +0000 Subject: [PATCH] [mod_sofia] rfc8760: reorder hash algorithms by priority (strength), no matter the order provided in the cfg --- src/mod/endpoints/mod_sofia/sofia.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index 82fb6471c9..dbd9f94343 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -6040,15 +6040,30 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name) } else if (!strcasecmp(var, "proxy-info-content-types")) { profile->proxy_info_content_types = switch_core_strdup(profile->pool, val); } else if (!strcasecmp(var, "rfc8760-auth-algorithms")) { - /* the order in which algorithms are allowed matters */ char *algs_arr[100] = { 0 }; uint8_t algs = switch_separate_string(val, ',', algs_arr, (sizeof(algs_arr) / sizeof(algs_arr[0]))); if (algs && algs < SOFIA_MAX_REG_ALGS) { - int i; + sofia_auth_algs_t temp; + int i, j = 0; for (i = 0; i < algs && algs_arr[i]; i++) { - profile->auth_algs[i] = sofia_alg_str2id(algs_arr[i], SWITCH_TRUE); + temp = sofia_alg_str2id(algs_arr[i], SWITCH_TRUE); + if (temp != ALG_NONE) { + profile->auth_algs[j] = temp; + j++; + } + } + profile->rfc8760_algs_count = j; + for (i = 0; i < profile->rfc8760_algs_count; i++) { + for (j = i + 1; j < profile->rfc8760_algs_count; j++) { + /* when adding algs: algs must be kept in priority order in the enum */ + if (profile->auth_algs[i] < profile->auth_algs[j]) + { + temp = profile->auth_algs[i]; + profile->auth_algs[i] = profile->auth_algs[j]; + profile->auth_algs[j] = temp; + } + } } - profile->rfc8760_algs_count = algs; } } }