6 files changed, 35 insertions, 23 deletions

diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index ab5eddd16a..14cf5ba918 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -103,7 +103,7 @@ static int gen_ecdhe_psk_client_kx(gnutls_session_t session,
 	if (cred == NULL)
 		return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
 
-	ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+	ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
@@ -146,7 +146,7 @@ static int gen_dhe_psk_client_kx(gnutls_session_t session,
 	if (cred == NULL)
 		return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
 
-	ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+	ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
@@ -308,7 +308,7 @@ static int proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t *data,
 	data += username.size + 2;
 
 	ret = _gnutls_psk_pwd_find_entry(session, info->username,
-					 info->username_len, &psk_key);
+					 info->username_len, &psk_key, NULL);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
@@ -374,7 +374,7 @@ static int proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t *data,
 	/* should never fail. It will always return a key even if it is
 	 * a random one */
 	ret = _gnutls_psk_pwd_find_entry(session, info->username,
-					 info->username_len, &psk_key);
+					 info->username_len, &psk_key, NULL);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
diff --git a/lib/auth/psk.c b/lib/auth/psk.c
index 17206f69c5..8ddb239823 100644
--- a/lib/auth/psk.c
+++ b/lib/auth/psk.c
@@ -136,7 +136,7 @@ int _gnutls_gen_psk_client_kx(gnutls_session_t session, gnutls_buffer_st *data)
 		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
-	ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+	ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
@@ -224,7 +224,7 @@ static int _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t *data,
 		return gnutls_assert_val(ret);
 
 	ret = _gnutls_psk_pwd_find_entry(session, info->username,
-					 info->username_len, &psk_key);
+					 info->username_len, &psk_key, NULL);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
diff --git a/lib/auth/psk.h b/lib/auth/psk.h
index 06d7913c85..9e1f94b1fe 100644
--- a/lib/auth/psk.h
+++ b/lib/auth/psk.h
@@ -36,19 +36,20 @@
 typedef struct gnutls_psk_client_credentials_st {
 	gnutls_datum_t username;
 	gnutls_datum_t key;
-	gnutls_psk_client_credentials_function2 *get_function;
-	gnutls_psk_client_credentials_function *get_function_legacy;
+	gnutls_psk_client_credentials_function3 *get_function;
+	gnutls_psk_client_credentials_function2 *get_function2;
+	gnutls_psk_client_credentials_function *get_function1;
 	/* TLS 1.3 - The HMAC algorithm to use to compute the binder values */
 	const mac_entry_st *binder_algo;
 } psk_client_credentials_st;
 
 typedef struct gnutls_psk_server_credentials_st {
 	char *password_file;
-	/* callback function, instead of reading the
-	 * password files.
+	/* callback functions, instead of reading the password files.
 	 */
-	gnutls_psk_server_credentials_function2 *pwd_callback;
-	gnutls_psk_server_credentials_function *pwd_callback_legacy;
+	gnutls_psk_server_credentials_function3 *pwd_callback;
+	gnutls_psk_server_credentials_function2 *pwd_callback2;
+	gnutls_psk_server_credentials_function *pwd_callback1;
 
 	/* For DHE_PSK */
 	gnutls_dh_params_t dh_params;
diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c
index 70f59c7738..eff339dd17 100644
--- a/lib/auth/psk_passwd.c
+++ b/lib/auth/psk_passwd.c
@@ -149,7 +149,8 @@ static int _randomize_psk(gnutls_datum_t *psk)
  * If the user doesn't exist a random password is returned instead.
  */
 int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username,
-			       uint16_t username_len, gnutls_datum_t *psk)
+			       uint16_t username_len, gnutls_datum_t *psk,
+			       gnutls_psk_key_flags *flags)
 {
 	gnutls_psk_server_credentials_t cred;
 	FILE *fp;
@@ -170,8 +171,7 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username,
 	 * set, use it.
 	 */
 	if (cred->pwd_callback != NULL) {
-		ret = cred->pwd_callback(session, &username_datum, psk);
-
+		ret = cred->pwd_callback(session, &username_datum, psk, flags);
 		if (ret == 1) { /* the user does not exist */
 			ret = _randomize_psk(psk);
 			if (ret < 0) {
@@ -212,6 +212,9 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username,
 				ret = GNUTLS_E_SRP_PWD_ERROR;
 				goto cleanup;
 			}
+			if (flags) {
+				*flags = 0;
+			}
 			ret = 0;
 			goto cleanup;
 		}
@@ -224,6 +227,9 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username,
 		goto cleanup;
 	}
 
+	if (flags) {
+		*flags = 0;
+	}
 	ret = 0;
 cleanup:
 	if (fp != NULL)
@@ -241,7 +247,7 @@ cleanup:
 int _gnutls_find_psk_key(gnutls_session_t session,
 			 gnutls_psk_client_credentials_t cred,
 			 gnutls_datum_t *username, gnutls_datum_t *key,
-			 int *free)
+			 gnutls_psk_key_flags *flags, int *free)
 {
 	int ret;
 
@@ -252,11 +258,14 @@ int _gnutls_find_psk_key(gnutls_session_t session,
 		username->size = cred->username.size;
 		key->data = cred->key.data;
 		key->size = cred->key.size;
+		if (flags) {
+			*flags = 0;
+		}
 	} else if (cred->get_function != NULL) {
-		ret = cred->get_function(session, username, key);
-
-		if (ret)
+		ret = cred->get_function(session, username, key, flags);
+		if (ret) {
 			return gnutls_assert_val(ret);
+		}
 
 		*free = 1;
 	} else
diff --git a/lib/auth/psk_passwd.h b/lib/auth/psk_passwd.h
index 18ac72b34b..2f270cc377 100644
--- a/lib/auth/psk_passwd.h
+++ b/lib/auth/psk_passwd.h
@@ -25,11 +25,12 @@
 
 /* this is locally allocated. It should be freed using the provided function */
 int _gnutls_psk_pwd_find_entry(gnutls_session_t, const char *username,
-			       uint16_t username_len, gnutls_datum_t *key);
+			       uint16_t username_len, gnutls_datum_t *key,
+			       gnutls_psk_key_flags *flags);
 
 int _gnutls_find_psk_key(gnutls_session_t session,
 			 gnutls_psk_client_credentials_t cred,
 			 gnutls_datum_t *username, gnutls_datum_t *key,
-			 int *free);
+			 gnutls_psk_key_flags *flags, int *free);
 
 #endif /* GNUTLS_LIB_AUTH_PSK_PASSWD_H */
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index e9e99761cf..6e3fbbda82 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -193,7 +193,7 @@ static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
 		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 	}
 
-	ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+	ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
@@ -382,7 +382,8 @@ static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session,
 	/* find the key of this username
 	 */
 	ret = _gnutls_psk_pwd_find_entry(session, info->username,
-					 strlen(info->username), &pwd_psk);
+					 strlen(info->username), &pwd_psk,
+					 NULL);
 	if (ret < 0) {
 		gnutls_assert();
 		goto cleanup;