1 files changed, 0 insertions, 88 deletions
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
deleted file mode 100644
index 32d6cceb7a..0000000000
--- a/src/lib/libssl/ssl_packet.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* $OpenBSD: ssl_packet.c,v 1.16 2024/06/28 13:37:49 jsing Exp $ */
-/*
- * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include "bytestring.h"
-#include "ssl_local.h"
-static int
-ssl_is_sslv3_handshake(CBS *header)
-{
-        uint16_t record_version;
-        uint8_t record_type;
-        CBS cbs;
-        CBS_dup(header, &cbs);
-        if (!CBS_get_u8(&cbs, &record_type) ||
-            !CBS_get_u16(&cbs, &record_version))
-                return 0;
-        if (record_type != SSL3_RT_HANDSHAKE)
-                return 0;
-        if ((record_version >> 8) != SSL3_VERSION_MAJOR)
-                return 0;
-        return 1;
-}
-/*
- * Potentially do legacy processing on the first packet received by a TLS
- * server. We return 1 if we want SSLv3/TLS record processing to continue
- * normally, otherwise we must set an SSLerr and return -1.
- */
-int
-ssl_server_legacy_first_packet(SSL *s)
-{
-        const char *data;
-        CBS header;
-        if (SSL_is_dtls(s))
-                return 1;
-        CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
-        if (ssl_is_sslv3_handshake(&header) == 1)
-                return 1;
-        /* Only continue if this is not a version locked method. */
-        if (s->method->min_tls_version == s->method->max_tls_version)
-                return 1;
-        /* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */
-        if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-        data = (const char *)CBS_data(&header);
-        /* Is this a cleartext protocol? */
-        if (strncmp("GET ", data, 4) == 0 ||
-            strncmp("POST ", data, 5) == 0 ||
-            strncmp("HEAD ", data, 5) == 0 ||
-            strncmp("PUT ", data, 4) == 0) {
-                SSLerror(s, SSL_R_HTTP_REQUEST);
-                return -1;
-        }
-        if (strncmp("CONNE", data, 5) == 0) {
-                SSLerror(s, SSL_R_HTTPS_PROXY_REQUEST);
-                return -1;
-        }
-        SSLerror(s, SSL_R_UNKNOWN_PROTOCOL);
-        return -1;
-}

diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c deleted file mode 100644 index 32d6cceb7a..0000000000 --- a/src/lib/libssl/ssl_packet.c +++ /dev/null
@@ -1,88 +0,0 @@
1	/* $OpenBSD: ssl_packet.c,v 1.16 2024/06/28 13:37:49 jsing Exp $ */
2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include "bytestring.h"
19	#include "ssl_local.h"
20
21	static int
22	ssl_is_sslv3_handshake(CBS *header)
23	{
24	uint16_t record_version;
25	uint8_t record_type;
26	CBS cbs;
27
28	CBS_dup(header, &cbs);
29
30	if (!CBS_get_u8(&cbs, &record_type) \|\|
31	!CBS_get_u16(&cbs, &record_version))
32	return 0;
33
34	if (record_type != SSL3_RT_HANDSHAKE)
35	return 0;
36	if ((record_version >> 8) != SSL3_VERSION_MAJOR)
37	return 0;
38
39	return 1;
40	}
41
42	/*
43	* Potentially do legacy processing on the first packet received by a TLS
44	* server. We return 1 if we want SSLv3/TLS record processing to continue
45	* normally, otherwise we must set an SSLerr and return -1.
46	*/
47	int
48	ssl_server_legacy_first_packet(SSL *s)
49	{
50	const char *data;
51	CBS header;
52
53	if (SSL_is_dtls(s))
54	return 1;
55
56	CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
57
58	if (ssl_is_sslv3_handshake(&header) == 1)
59	return 1;
60
61	/* Only continue if this is not a version locked method. */
62	if (s->method->min_tls_version == s->method->max_tls_version)
63	return 1;
64
65	/* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */
66	if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {
67	SSLerror(s, ERR_R_INTERNAL_ERROR);
68	return -1;
69	}
70	data = (const char *)CBS_data(&header);
71
72	/* Is this a cleartext protocol? */
73	if (strncmp("GET ", data, 4) == 0 \|\|
74	strncmp("POST ", data, 5) == 0 \|\|
75	strncmp("HEAD ", data, 5) == 0 \|\|
76	strncmp("PUT ", data, 4) == 0) {
77	SSLerror(s, SSL_R_HTTP_REQUEST);
78	return -1;
79	}
80	if (strncmp("CONNE", data, 5) == 0) {
81	SSLerror(s, SSL_R_HTTPS_PROXY_REQUEST);
82	return -1;
83	}
84
85	SSLerror(s, SSL_R_UNKNOWN_PROTOCOL);
86
87	return -1;
88	}