diff options
Diffstat (limited to 'lib/auth')
-rw-r--r-- | lib/auth/dhe_psk.c | 8 | ||||
-rw-r--r-- | lib/auth/psk.c | 4 | ||||
-rw-r--r-- | lib/auth/psk.h | 13 | ||||
-rw-r--r-- | lib/auth/psk_passwd.c | 23 | ||||
-rw-r--r-- | lib/auth/psk_passwd.h | 5 | ||||
-rw-r--r-- | lib/auth/rsa_psk.c | 5 |
6 files changed, 35 insertions, 23 deletions
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index ab5eddd16a..14cf5ba918 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -103,7 +103,7 @@ static int gen_ecdhe_psk_client_kx(gnutls_session_t session, if (cred == NULL) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); - ret = _gnutls_find_psk_key(session, cred, &username, &key, &free); + ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free); if (ret < 0) return gnutls_assert_val(ret); @@ -146,7 +146,7 @@ static int gen_dhe_psk_client_kx(gnutls_session_t session, if (cred == NULL) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); - ret = _gnutls_find_psk_key(session, cred, &username, &key, &free); + ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free); if (ret < 0) return gnutls_assert_val(ret); @@ -308,7 +308,7 @@ static int proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t *data, data += username.size + 2; ret = _gnutls_psk_pwd_find_entry(session, info->username, - info->username_len, &psk_key); + info->username_len, &psk_key, NULL); if (ret < 0) return gnutls_assert_val(ret); @@ -374,7 +374,7 @@ static int proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t *data, /* should never fail. It will always return a key even if it is * a random one */ ret = _gnutls_psk_pwd_find_entry(session, info->username, - info->username_len, &psk_key); + info->username_len, &psk_key, NULL); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/auth/psk.c b/lib/auth/psk.c index 17206f69c5..8ddb239823 100644 --- a/lib/auth/psk.c +++ b/lib/auth/psk.c @@ -136,7 +136,7 @@ int _gnutls_gen_psk_client_kx(gnutls_session_t session, gnutls_buffer_st *data) return GNUTLS_E_INTERNAL_ERROR; } - ret = _gnutls_find_psk_key(session, cred, &username, &key, &free); + ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free); if (ret < 0) return gnutls_assert_val(ret); @@ -224,7 +224,7 @@ static int _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t *data, return gnutls_assert_val(ret); ret = _gnutls_psk_pwd_find_entry(session, info->username, - info->username_len, &psk_key); + info->username_len, &psk_key, NULL); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/auth/psk.h b/lib/auth/psk.h index 06d7913c85..9e1f94b1fe 100644 --- a/lib/auth/psk.h +++ b/lib/auth/psk.h @@ -36,19 +36,20 @@ typedef struct gnutls_psk_client_credentials_st { gnutls_datum_t username; gnutls_datum_t key; - gnutls_psk_client_credentials_function2 *get_function; - gnutls_psk_client_credentials_function *get_function_legacy; + gnutls_psk_client_credentials_function3 *get_function; + gnutls_psk_client_credentials_function2 *get_function2; + gnutls_psk_client_credentials_function *get_function1; /* TLS 1.3 - The HMAC algorithm to use to compute the binder values */ const mac_entry_st *binder_algo; } psk_client_credentials_st; typedef struct gnutls_psk_server_credentials_st { char *password_file; - /* callback function, instead of reading the - * password files. + /* callback functions, instead of reading the password files. */ - gnutls_psk_server_credentials_function2 *pwd_callback; - gnutls_psk_server_credentials_function *pwd_callback_legacy; + gnutls_psk_server_credentials_function3 *pwd_callback; + gnutls_psk_server_credentials_function2 *pwd_callback2; + gnutls_psk_server_credentials_function *pwd_callback1; /* For DHE_PSK */ gnutls_dh_params_t dh_params; diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 70f59c7738..eff339dd17 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -149,7 +149,8 @@ static int _randomize_psk(gnutls_datum_t *psk) * If the user doesn't exist a random password is returned instead. */ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, - uint16_t username_len, gnutls_datum_t *psk) + uint16_t username_len, gnutls_datum_t *psk, + gnutls_psk_key_flags *flags) { gnutls_psk_server_credentials_t cred; FILE *fp; @@ -170,8 +171,7 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, * set, use it. */ if (cred->pwd_callback != NULL) { - ret = cred->pwd_callback(session, &username_datum, psk); - + ret = cred->pwd_callback(session, &username_datum, psk, flags); if (ret == 1) { /* the user does not exist */ ret = _randomize_psk(psk); if (ret < 0) { @@ -212,6 +212,9 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, ret = GNUTLS_E_SRP_PWD_ERROR; goto cleanup; } + if (flags) { + *flags = 0; + } ret = 0; goto cleanup; } @@ -224,6 +227,9 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, goto cleanup; } + if (flags) { + *flags = 0; + } ret = 0; cleanup: if (fp != NULL) @@ -241,7 +247,7 @@ cleanup: int _gnutls_find_psk_key(gnutls_session_t session, gnutls_psk_client_credentials_t cred, gnutls_datum_t *username, gnutls_datum_t *key, - int *free) + gnutls_psk_key_flags *flags, int *free) { int ret; @@ -252,11 +258,14 @@ int _gnutls_find_psk_key(gnutls_session_t session, username->size = cred->username.size; key->data = cred->key.data; key->size = cred->key.size; + if (flags) { + *flags = 0; + } } else if (cred->get_function != NULL) { - ret = cred->get_function(session, username, key); - - if (ret) + ret = cred->get_function(session, username, key, flags); + if (ret) { return gnutls_assert_val(ret); + } *free = 1; } else diff --git a/lib/auth/psk_passwd.h b/lib/auth/psk_passwd.h index 18ac72b34b..2f270cc377 100644 --- a/lib/auth/psk_passwd.h +++ b/lib/auth/psk_passwd.h @@ -25,11 +25,12 @@ /* this is locally allocated. It should be freed using the provided function */ int _gnutls_psk_pwd_find_entry(gnutls_session_t, const char *username, - uint16_t username_len, gnutls_datum_t *key); + uint16_t username_len, gnutls_datum_t *key, + gnutls_psk_key_flags *flags); int _gnutls_find_psk_key(gnutls_session_t session, gnutls_psk_client_credentials_t cred, gnutls_datum_t *username, gnutls_datum_t *key, - int *free); + gnutls_psk_key_flags *flags, int *free); #endif /* GNUTLS_LIB_AUTH_PSK_PASSWD_H */ diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index e9e99761cf..6e3fbbda82 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -193,7 +193,7 @@ static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - ret = _gnutls_find_psk_key(session, cred, &username, &key, &free); + ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free); if (ret < 0) return gnutls_assert_val(ret); @@ -382,7 +382,8 @@ static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, /* find the key of this username */ ret = _gnutls_psk_pwd_find_entry(session, info->username, - strlen(info->username), &pwd_psk); + strlen(info->username), &pwd_psk, + NULL); if (ret < 0) { gnutls_assert(); goto cleanup; |