garbage collect PSK remnants

5 files changed, 3 insertions, 279 deletions

diff --git a/lib/libssl/man/Makefile b/lib/libssl/man/Makefile
index cf4675b8404..3078a76008b 100644
--- a/lib/libssl/man/Makefile
+++ b/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.40 2016/11/30 16:46:56 schwarze Exp $
+# $OpenBSD: Makefile,v 1.41 2016/12/01 16:02:14 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -33,7 +33,6 @@ MAN =	BIO_f_ssl.3 \
 	SSL_CTX_set_mode.3 \
 	SSL_CTX_set_msg_callback.3 \
 	SSL_CTX_set_options.3 \
-	SSL_CTX_set_psk_client_callback.3 \
 	SSL_CTX_set_quiet_shutdown.3 \
 	SSL_CTX_set_session_cache_mode.3 \
 	SSL_CTX_set_session_id_context.3 \
@@ -43,7 +42,6 @@ MAN =	BIO_f_ssl.3 \
 	SSL_CTX_set_tmp_rsa_callback.3 \
 	SSL_CTX_set_verify.3 \
 	SSL_CTX_use_certificate.3 \
-	SSL_CTX_use_psk_identity_hint.3 \
 	SSL_SESSION_free.3 \
 	SSL_SESSION_get_ex_new_index.3 \
 	SSL_SESSION_get_time.3 \
@@ -64,7 +62,6 @@ MAN =	BIO_f_ssl.3 \
 	SSL_get_fd.3 \
 	SSL_get_peer_cert_chain.3 \
 	SSL_get_peer_certificate.3 \
-	SSL_get_psk_identity.3 \
 	SSL_get_rbio.3 \
 	SSL_get_session.3 \
 	SSL_get_verify_result.3 \
diff --git a/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
deleted file mode 100644
index 0325a9405a1..00000000000
--- a/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
+++ /dev/null
@@ -1,68 +0,0 @@
-.\"
-.\"	$OpenBSD: SSL_CTX_set_psk_client_callback.3,v 1.1 2016/11/05 15:32:19 schwarze Exp $
-.\"
-.Dd $Mdocdate: November 5 2016 $
-.Dt SSL_CTX_SET_PSK_CLIENT_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_psk_client_callback ,
-.Nm SSL_set_psk_client_callback
-.Nd set PSK client callback
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_psk_client_callback
-.Fa "SSL_CTX *ctx"
-.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
-unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
-.Fc
-.Ft void
-.Fo SSL_set_psk_client_callback
-.Fa "SSL *ssl"
-.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
-unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
-.Fc
-.Sh DESCRIPTION
-A client application must provide a callback function which is called
-when the client is sending the ClientKeyExchange message to the server.
-.Pp
-The purpose of the callback function is to select the PSK identity and
-the pre-shared key to use during the connection setup phase.
-.Pp
-The callback is set using functions
-.Fn SSL_CTX_set_psk_client_callback
-or
-.Fn SSL_set_psk_client_callback .
-The callback function is given the connection in parameter
-.Fa ssl ,
-a
-.Dv NULL Ns
--terminated PSK identity hint sent by the server in parameter
-.Fa hint ,
-a buffer
-.Fa identity
-of length
-.Fa max_identity_len
-bytes where the resulting
-.Dv NULL Ns
--terminated identity is to be stored, and a buffer
-.Fa psk
-of
-length
-.Fa max_psk_len
-bytes where the resulting pre-shared key is to be stored.
-.Sh NOTES
-Note that parameter
-.Fa hint
-given to the callback may be
-.Dv NULL .
-.Sh RETURN VALUES
-Return values from the client callback are interpreted as follows:
-.Pp
-On success (callback found a PSK identity and a pre-shared key to use)
-the length (> 0) of
-.Fa psk
-in bytes is returned.
-.Pp
-Otherwise or on errors callback should return 0.
-In this case the connection setup fails.
diff --git a/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
deleted file mode 100644
index 7d5d6b1dfd1..00000000000
--- a/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
+++ /dev/null
@@ -1,110 +0,0 @@
-.\"
-.\"	$OpenBSD: SSL_CTX_use_psk_identity_hint.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
-.\"
-.Dd $Mdocdate: November 5 2016 $
-.Dt SSL_CTX_USE_PSK_IDENTITY_HINT 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_use_psk_identity_hint ,
-.Nm SSL_use_psk_identity_hint ,
-.Nm  SSL_CTX_set_psk_server_callback ,
-.Nm SSL_set_psk_server_callback
-.Nd set PSK identity hint to use
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
-.Ft int
-.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
-.Ft void
-.Fo SSL_CTX_set_psk_server_callback
-.Fa "SSL_CTX *ctx"
-.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)"
-.Fc
-.Ft void
-.Fo SSL_set_psk_server_callback
-.Fa "SSL *ssl"
-.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_use_psk_identity_hint
-sets the given
-.Dv NULL Ns
--terminated PSK identity hint
-.Fa hint
-to SSL context object
-.Fa ctx .
-.Fn SSL_use_psk_identity_hint
-sets the given
-.Dv NULL Ns
--terminated
-PSK identity hint
-.Fa hint
-to SSL connection object
-.Fa ssl .
-If
-.Fa hint
-is
-.Dv NULL
-the current hint from
-.Fa ctx
-or
-.Fa ssl
-is deleted.
-.Pp
-In the case where PSK identity hint is
-.Dv NULL ,
-the server does not send the
-.Em ServerKeyExchange
-message to the client.
-.Pp
-A server application must provide a callback function which is called when the
-server receives the
-.Em ClientKeyExchange
-message from the client.
-The purpose of the callback function is to validate the received PSK identity
-and to fetch the pre-shared key used during the connection setup phase.
-The callback is set using functions
-.Fn SSL_CTX_set_psk_server_callback
-or
-.Fn SSL_set_psk_server_callback .
-The callback function is given the connection in parameter
-.Fa ssl ,
-.Dv NULL Ns
--terminated PSK identity sent by the client in parameter
-.Fa identity ,
-and a buffer
-.Fa psk
-of length
-.Fa max_psk_len
-bytes where the pre-shared key is to be stored.
-.Sh RETURN VALUES
-.Fn SSL_CTX_use_psk_identity_hint
-and
-.Fn SSL_use_psk_identity_hint
-return 1 on success, 0 otherwise.
-.Pp
-Return values from the server callback are interpreted as follows:
-.Bl -tag -width Ds
-.It >0
-PSK identity was found and the server callback has provided the PSK
-successfully in parameter
-.Fa psk .
-Return value is the length of
-.Fa psk
-in bytes.
-It is an error to return a value greater than
-.Fa max_psk_len .
-.Pp
-If the PSK identity was not found but the callback instructs the protocol to
-continue anyway, the callback must provide some random data to
-.Fa psk
-and return the length of the random data, so the connection will fail with
-.Dq decryption_error
-before it will be finished completely.
-.It 0
-PSK identity was not found.
-An
-.Dq unknown_psk_identity
-alert message will be sent and the connection setup fails.
-.El
diff --git a/lib/libssl/man/SSL_get_psk_identity.3 b/lib/libssl/man/SSL_get_psk_identity.3
deleted file mode 100644
index a2f91ee1c79..00000000000
--- a/lib/libssl/man/SSL_get_psk_identity.3
+++ /dev/null
@@ -1,44 +0,0 @@
-.\"
-.\"	$OpenBSD: SSL_get_psk_identity.3,v 1.1 2016/11/05 15:32:20 schwarze Exp $
-.\"
-.Dd $Mdocdate: November 5 2016 $
-.Dt SSL_GET_PSK_IDENTITY 3
-.Os
-.Sh NAME
-.Nm SSL_get_psk_identity ,
-.Nm SSL_get_psk_identity_hint
-.Nd get PSK client identity and hint
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const char *
-.Fn SSL_get_psk_identity_hint "const SSL *ssl"
-.Ft const char *
-.Fn SSL_get_psk_identity "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_psk_identity_hint
-is used to retrieve the PSK identity hint used during the connection setup
-related to
-.Vt SSL
-object
-.Fa ssl .
-Similarly,
-.Fn SSL_get_psk_identity
-is used to retrieve the PSK identity used during the connection setup.
-.Sh RETURN VALUES
-If
-.Pf non- Dv NULL ,
-.Fn SSL_get_psk_identity_hint
-returns the PSK identity hint and
-.Fn SSL_get_psk_identity
-returns the PSK identity.
-Both are
-.Dv NULL Ns -terminated.
-.Fn SSL_get_psk_identity_hint
-may return
-.Dv NULL
-if no PSK identity hint was used during the connection setup.
-.Pp
-Note that the return value is valid only during the lifetime of the
-.Vt SSL
-object
-.Fa ssl .
diff --git a/lib/libssl/man/ssl.3 b/lib/libssl/man/ssl.3
index 77a24144fee..283340e228c 100644
--- a/lib/libssl/man/ssl.3
+++ b/lib/libssl/man/ssl.3
@@ -1,7 +1,7 @@
 .\"
-.\"	$OpenBSD: ssl.3,v 1.2 2016/11/30 16:21:53 schwarze Exp $
+.\"	$OpenBSD: ssl.3,v 1.3 2016/12/01 16:02:14 schwarze Exp $
 .\"
-.Dd $Mdocdate: November 30 2016 $
+.Dd $Mdocdate: December 1 2016 $
 .Dt SSL 3
 .Os
 .Sh NAME
@@ -594,26 +594,6 @@ session instead of a context.
 .Ft int
 .Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "char *file" "int type"
 .Xc
-.It Xo
-.Ft void
-.Fo SSL_CTX_set_psk_client_callback
-.Fa "SSL_CTX *ctx"
-.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
-unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_CTX_set_psk_server_callback
-.Fa "SSL_CTX *ctx"
-.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
-unsigned char *psk, int max_psk_len)"
-.Fc
-.Xc
 .El
 .Ss DEALING WITH SESSIONS
 Here we document the various API functions which deal with the SSL/TLS sessions
@@ -1159,34 +1139,6 @@ size_t len, SSL *ssl, void *arg)"
 .Ft int
 .Fn SSL_write "SSL *ssl" "const void *buf" "int num"
 .Xc
-.It Xo
-.Ft void
-.Fo SSL_set_psk_client_callback
-.Fa "SSL *ssl"
-.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
-unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
-.Fc
-.Xc
-.It Xo
-.Ft int
-.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
-.Xc
-.It Xo
-.Ft void
-.Fo SSL_set_psk_server_callback
-.Fa "SSL *ssl"
-.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
-unsigned char *psk, int max_psk_len)"
-.Fc
-.Xc
-.It Xo
-.Ft const char *
-.Fn SSL_get_psk_identity_hint "SSL *ssl"
-.Xc
-.It Xo
-.Ft const char *
-.Fn SSL_get_psk_identity "SSL *ssl"
-.Xc
 .El
 .Sh SEE ALSO
 .Xr openssl 1 ,
@@ -1222,7 +1174,6 @@ unsigned char *psk, int max_psk_len)"
 .Xr SSL_CTX_set_mode 3 ,
 .Xr SSL_CTX_set_msg_callback 3 ,
 .Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_psk_client_callback 3 ,
 .Xr SSL_CTX_set_quiet_shutdown 3 ,
 .Xr SSL_CTX_set_session_cache_mode 3 ,
 .Xr SSL_CTX_set_session_id_context 3 ,
@@ -1232,7 +1183,6 @@ unsigned char *psk, int max_psk_len)"
 .Xr SSL_CTX_set_tmp_rsa_callback 3 ,
 .Xr SSL_CTX_set_verify 3 ,
 .Xr SSL_CTX_use_certificate 3 ,
-.Xr SSL_CTX_use_psk_identity_hint 3 ,
 .Xr SSL_do_handshake 3 ,
 .Xr SSL_get_ciphers 3 ,
 .Xr SSL_get_client_CA_list 3 ,
@@ -1242,7 +1192,6 @@ unsigned char *psk, int max_psk_len)"
 .Xr SSL_get_ex_new_index 3 ,
 .Xr SSL_get_fd 3 ,
 .Xr SSL_get_peer_cert_chain 3 ,
-.Xr SSL_get_psk_identity 3 ,
 .Xr SSL_get_rbio 3 ,
 .Xr SSL_get_session 3 ,
 .Xr SSL_get_SSL_CTX 3 ,