Commit 97848869 authored by Colin Granville's avatar Colin Granville Committed by ROOL
Browse files

Enable reuse of another session's authentication

Detail:
  Subreason CreateSession_ReuseAuth added to AcornSSL_CreateSession, so a previously negotiated session on an existing socket can be continued.
Admin:
  Tested with pure-ftpd, vsftpd and Microsoft ftp server.

Version 1.06. Tagged as 'AcornSSL-1_06'
parent 8ff4c45a
/* (1.05)
/* (1.06)
*
* This file is automatically maintained by srccommit, do not edit manually.
*
*/
#define Module_MajorVersion_CMHG 1.05
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 09 Sep 2019
#define Module_MajorVersion_CMHG 1.06
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 03 Jun 2020
#define Module_MajorVersion "1.05"
#define Module_Version 105
#define Module_MajorVersion "1.06"
#define Module_Version 106
#define Module_MinorVersion ""
#define Module_Date "09 Sep 2019"
#define Module_Date "03 Jun 2020"
#define Module_ApplicationDate "09-Sep-19"
#define Module_ApplicationDate "03-Jun-20"
#define Module_ComponentName "AcornSSL"
#define Module_FullVersion "1.05"
#define Module_HelpVersion "1.05 (09 Sep 2019)"
#define Module_LibraryVersionInfo "1:5"
#define Module_FullVersion "1.06"
#define Module_HelpVersion "1.06 (03 Jun 2020)"
#define Module_LibraryVersionInfo "1:6"
......@@ -44,6 +44,7 @@
#include "mbedtls/net_sockets.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ssl.h"
#include "sslmod.h"
#include "api.h"
......@@ -739,13 +740,14 @@ _kernel_oserror *api_creat(int domain, int type, int protocol,
* \param result Pointer to return result (an opaque SSL handle)
* \return Pointer to error block
*/
_kernel_oserror *api_createsession(int s, uint32_t flags,
_kernel_oserror *api_createsession(int s, uint32_t flags, int arg,
int *result)
{
sslhandle_t *h;
_kernel_oserror *err;
int cmd = (flags >> CreateSession_CmdShift) & CreateSession_CmdMask;
if ((((flags >> CreateSession_CmdShift) & CreateSession_CmdMask) != CreateSession_New) ||
if (((cmd != CreateSession_New) && (cmd != CreateSession_ReuseAuth)) ||
(((flags >> CreateSession_FlagShift) & CreateSession_FlagMask) != 0))
{
dprintf(("api", "bad flags %08x to CreateSession\n", flags));
......@@ -758,6 +760,36 @@ _kernel_oserror *api_createsession(int s, uint32_t flags,
err = new_sslhandle(&h);
if (err != NULL) return err;
err = common_conf_sslhandle(h, true);
if ((err == NULL) && (cmd == CreateSession_ReuseAuth))
{
int mbederr;
sslhandle_t *src_h;
err = find_sslhandle(arg, &src_h);
if (err == NULL)
{
mbedtls_ssl_session sess;
/* Implicitly already accepted */
h->confirm = CONFIRM_ACCEPT;
/* Copy session from source secure socket */
mbedtls_ssl_session_init(&sess);
mbederr = mbedtls_ssl_get_session(&src_h->ssl, &sess);
if (mbederr == 0)
{
mbederr = mbedtls_ssl_set_session(&h->ssl, &sess);
mbedtls_ssl_session_free(&sess);
}
if (mbederr != 0)
{
dprintf(("api", "ssl_setup returned %d\n", mbederr));
err = intl_error(ERR02_SSL_NO_INIT, intl_integer(-mbederr));
}
}
}
if (err == NULL)
{
dprintf(("api", "existing socket %d associated with SSL handle %p\n", s, (void *)h));
......
......@@ -535,7 +535,7 @@ _kernel_oserror *sslmod_swis(int swi_offset, _kernel_swi_regs *r, void *pw)
/* Out */ &r->r[0]);
case AcornSSL_CreateSession - AcornSSL_00:
return api_createsession(/* In */ r->r[0], (uint32_t)r->r[1],
return api_createsession(/* In */ r->r[0], (uint32_t)r->r[1], r->r[2],
/* Out */ &r->r[0]);
case AcornSSL_Getpeername - AcornSSL_00:
......
......@@ -156,8 +156,28 @@ Initialises a secure session with an existing socket.
On entry
R0 = socket handle from Socket_Creat
R1 = bits 0-7 : reason code 0, create
R1 = bits 0-7 : reason code
bits 8-31 : reserved for future use (zero)
Others dependent on reason code.
reason code = CreateSession_New 0
On entry
R0 = socket handle from Socket_Creat
R1 = CreateSession_New
On exit
R0 = ssl handle
Use
This SWI performs a similar function to AcornSSL_Creat, but allows the
caller to handover a previously opened socket.
reason code = CreateSession_ReuseAuth 1
On entry
R0 = socket handle from Socket_Creat
R1 = CreateSession_ReuseAuth
R2 = ssl handle of another secure session already authenticated with
the server.
On exit
R0 = ssl handle
......@@ -165,6 +185,7 @@ On exit
Use
This SWI performs a similar function to AcornSSL_Creat, but allows the
caller to handover a previously opened socket.
Uses the authentication of another authenticated secure session to connect.
AcornSSL_Getpeername SWI &50F89
......
......@@ -35,7 +35,7 @@ _kernel_oserror *api_close(int, int *);
_kernel_oserror *api_getsockopt(int, int, int, void *, int *, int *);
_kernel_oserror *api_send(int, const char *, size_t, int, int *);
_kernel_oserror *api_recv(int, char *, size_t, int, int *);
_kernel_oserror *api_createsession(int, uint32_t, int *);
_kernel_oserror *api_createsession(int, uint32_t, int, int *);
_kernel_oserror *api_getpeername(int, struct sockaddr *, int *, int *);
_kernel_oserror *api_getsockname(int, struct sockaddr *, int *, int *);
_kernel_oserror *api_setsockopt(int, int, int, const void *, int, int *);
......
......@@ -55,6 +55,7 @@ SWIClass SETS AcornSSLSWI_Name
; Create session flags
^ 0
CreateSession_New # 1
CreateSession_ReuseAuth # 1
CreateSession_CmdMask * &FF
CreateSession_CmdShift * 0
CreateSession_FlagMask * &FFFFFF
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment