Skip to content

Support latest 3GPP TS 33102 #4414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 7, 2025
Merged

Support latest 3GPP TS 33102 #4414

merged 4 commits into from
May 7, 2025

Conversation

wosrediinanatour
Copy link
Contributor

The length of the authentication key (K) has changed since the implementation of Digest Authentication.

Issue: #4413

@wosrediinanatour
Support latest 3GPP TS 33102
e24dec3 
The length of the authentication key (K) has changed since the
implementation of Digest Authentication.

Issue: pjsip#4413
@sauwming sauwming requested review from sauwming and nanangizz May 1, 2025 23:50
@sauwming sauwming added this to the release-2.16 milestone May 1, 2025
@sauwming sauwming linked an issue May 1, 2025 that may be closed by this pull request
3GPP TS 33102 V16.0.0(2020-07) allows greater length of authentication parameters #4413
Closed
nanangizz
nanangizz reviewed May 5, 2025
View reviewed changes
pjsip/src/pjsua-lib/pjsua_acc.c Outdated
Comment on lines 2771 to 2775
if (status != PJ_SUCCESS) {
pjsua_perror(THIS_FILE,
"Cannot set credentials for registration",
status);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the report & the fix.

Rather OOT, while here, perhaps failure in setting credentials (partial/complete) should cause pjsua_regc_init() to fail (or returning error) as well so the app will be aware of any potential problems earlier?

Also, there are some other function calls around here without error checks, I guess better fix them as well :)
If you want, we can do it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have also thought about this (.e.g. by introducing a "goto on_error_return").

One other topic: pjsip_regc_set_credentials() fails, if one "AuthCredInfo" "out of N" fails. This is because an array instead of the memory pool is used. It would be better to just don't use the erroneous "AuthCredInfo". But I am not sure whether it is worth to do.

I you do the changes, it will be cool.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have also thought about this (.e.g. by introducing a "goto on_error_return").

Done. This introduces behavioral changes, but I guess it is necessary because skipping failures may introduce issues, e.g: unexpected behaviors, debugging difficulties.

One other topic: pjsip_regc_set_credentials() fails, if one "AuthCredInfo" "out of N" fails. This is because an array instead of the memory pool is used. It would be better to just don't use the erroneous "AuthCredInfo". But I am not sure whether it is worth to do.

Ignoring erroneous credential information may lead to unexpected behavior. For example, if the app prefers to use AKA credentials over MD5, but as AKA is silently skipped due to an error, the app may not achieve its preferred security level. Therefore, I think allowing pjsip_regc_set_credentials() to fail seems to be the correct approach.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Looks good to me.

wosrediinanatour
wosrediinanatour commented May 6, 2025
View reviewed changes
pjsip/src/pjsua-lib/pjsua_acc.c
@@ -2728,10 +2728,7 @@ static pj_status_t pjsua_regc_init(int acc_id)
pjsua_perror(THIS_FILE, "Unable to generate suitable Contact header"
" for registration",
status);
destroy_regc(acc, PJ_TRUE);
pj_pool_release(pool);
acc->regc = NULL;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not moved to the on_return. Will it have side-effects?

Copy link
Member

@nanangizz nanangizz May 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

destroy_regc() also resets the acc->regc.

@nanangizz nanangizz merged commit caf29e7 into pjsip:master May 7, 2025
40 of 41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nanangizz nanangizz nanangizz left review comments

@sauwming sauwming sauwming approved these changes

Assignees
No one assigned
Labels
component: pjsip type: enhancement
Projects
None yet
Milestone
release-2.16
Development

Successfully merging this pull request may close these issues.

3GPP TS 33102 V16.0.0(2020-07) allows greater length of authentication parameters
3 participants
@wosrediinanatour @sauwming @nanangizz