Fix compilation with no-nextprotoneg.

PR#3106

Fix compilation with no-nextprotoneg.
PR#3106
2911575c · Piotr Sikora · Dr. Stephen Henson · afa23c46 · 2911575c · 2911575c
10 changed file
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2909,7 +2909,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)

 #endif

-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#ifndef OPENSSL_NO_TLSEXT
 /* next_protos_parse parses a comma separated list of strings into a string
 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
 *   outlen: (output) set to the length of the resulting buffer on success.
@@ -2951,7 +2951,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
 	*outlen = len + 1;
 	return out;
 	}
-#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+#endif  /* ndef OPENSSL_NO_TLSEXT */

 void print_cert_checks(BIO *bio, X509 *x,
 				const unsigned char *checkhost,

--- a/apps/apps.h
+++ b/apps/apps.h
@@ -337,9 +337,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #endif

-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#ifndef OPENSSL_NO_TLSEXT
 unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+#endif  /* ndef OPENSSL_NO_TLSEXT */

 void print_cert_checks(BIO *bio, X509 *x,
 				const unsigned char *checkhost,

--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -398,8 +398,8 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
 # ifndef OPENSSL_NO_NEXTPROTONEG
 	BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
-	BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
 # endif
+	BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
 #endif
 	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
@@ -670,8 +670,8 @@ int MAIN(int argc, char **argv)
        {NULL,0};
 # ifndef OPENSSL_NO_NEXTPROTONEG
 	const char *next_proto_neg_in = NULL;
-	const char *alpn_in = NULL;
 # endif
+	const char *alpn_in = NULL;
 # define MAX_SI_TYPES 100
 	unsigned short serverinfo_types[MAX_SI_TYPES];
 	int serverinfo_types_count = 0;
@@ -1035,12 +1035,12 @@ static char *jpake_secret = NULL;
 			if (--argc < 1) goto bad;
 			next_proto_neg_in = *(++argv);
 			}
+# endif
 		else if (strcmp(*argv,"-alpn") == 0)
 			{
 			if (--argc < 1) goto bad;
 			alpn_in = *(++argv);
 			}
-# endif
 		else if (strcmp(*argv,"-serverinfo") == 0)
 			{
 			char *c;
@@ -2351,6 +2351,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 		BIO_write(bio, proto, proto_len);
 		BIO_write(bio, "\n", 1);
 	}
+# endif
 	{
 		const unsigned char *proto;
 		unsigned int proto_len;
@@ -2364,7 +2365,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 		else
 			BIO_printf(bio, "No ALPN negotiated\n");
 	}
-# endif
 #endif

 	{

--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1066,9 +1066,9 @@ int MAIN(int argc, char *argv[])
 # ifndef OPENSSL_NO_NEXTPROTONEG
 	const char *next_proto_neg_in = NULL;
 	tlsextnextprotoctx next_proto = { NULL, 0};
+# endif
 	const char *alpn_in = NULL;
 	tlsextalpnctx alpn_ctx = { NULL, 0};
-# endif
 #endif
 #ifndef OPENSSL_NO_PSK
 	/* by default do not send a PSK identity hint */
@@ -1525,12 +1525,12 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			next_proto_neg_in = *(++argv);
 			}
+# endif
 		else if	(strcmp(*argv,"-alpn") == 0)
 			{
 			if (--argc < 1) goto bad;
 			alpn_in = *(++argv);
 			}
-# endif
 #endif
 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
 		else if (strcmp(*argv,"-jpake") == 0)
@@ -2159,8 +2159,10 @@ end:
 		EVP_PKEY_free(s_key2);
 	if (serverinfo_in != NULL)
 		BIO_free(serverinfo_in);
+# ifndef OPENSSL_NO_NEXTPROTONEG
 	if (next_proto.data)
 		OPENSSL_free(next_proto.data);
+# endif
 	if (alpn_ctx.data)
 		OPENSSL_free(alpn_ctx.data);
 #endif

--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1274,19 +1274,18 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
 						 const unsigned char *in,
 						 unsigned int inlen, void *arg),
 				      void *arg);
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+				    unsigned *len);
+#endif

 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
 			  const unsigned char *in, unsigned int inlen,
 			  const unsigned char *client, unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-				    unsigned *len);

 #define OPENSSL_NPN_UNSUPPORTED	0
 #define OPENSSL_NPN_NEGOTIATED	1
 #define OPENSSL_NPN_NO_OVERLAP	2

-#endif
-
 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
 			    unsigned protos_len);
 int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,

--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -639,11 +639,11 @@ typedef struct ssl3_state_st
 #ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_CW_NEXT_PROTO_A		(0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B		(0x201|SSL_ST_CONNECT)
+#endif
 #ifndef OPENSSL_NO_TLSEXT
 #define SSL3_ST_CW_SUPPLEMENTAL_DATA_A		(0x222|SSL_ST_CONNECT)
 #define SSL3_ST_CW_SUPPLEMENTAL_DATA_B		(0x223|SSL_ST_CONNECT)
 #endif
-#endif
 #define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
 /* read from server */

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1596,7 +1596,6 @@ int SSL_get_servername_type(const SSL *s)
 	return -1;
 	}

-# ifndef OPENSSL_NO_NEXTPROTONEG
 /* SSL_select_next_proto implements the standard protocol selection. It is
 * expected that this function is called from the callback set by
 * SSL_CTX_set_next_proto_select_cb.
@@ -1663,6 +1662,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi
 	return status;
 	}

+# ifndef OPENSSL_NO_NEXTPROTONEG
 /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
 * requested protocol for this connection and returns 0. If the client didn't
 * request any protocol, then *data is set to NULL.

--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -295,7 +295,7 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 static BIO *bio_err=NULL;
 static BIO *bio_stdout=NULL;

-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
 /* Note that this code assumes that this is only a one element list: */
 static const char NEXT_PROTO_STRING[] = "\x09testproto";
 int npn_client = 0;
@@ -914,7 +914,7 @@ static void sv_usage(void)
 	               "                 (default is sect163r2).\n");
 #endif
 	fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
 	fprintf(stderr," -npn_client - have client side offer NPN\n");
 	fprintf(stderr," -npn_server - have server side offer NPN\n");
 	fprintf(stderr," -npn_server_reject - have server reject NPN\n");
@@ -1325,7 +1325,7 @@ int main(int argc, char *argv[])
 			{
 			test_cipherlist = 1;
 			}
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
 		else if (strcmp(*argv,"-npn_client") == 0)
 			{
 			npn_client = 1;
@@ -1680,7 +1680,7 @@ bad:
 		}
 #endif

-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
 	if (npn_client)
 		{
 		SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
@@ -2245,7 +2245,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,

 	if (verbose)
 		print_details(c_ssl, "DONE via BIO pair: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
 	if (verify_npn(c_ssl, s_ssl) < 0)
 		{
 		ret = 1;
@@ -2564,7 +2564,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)

 	if (verbose)
 		print_details(c_ssl, "DONE: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
 	if (verify_npn(c_ssl, s_ssl) < 0)
 		{
 		ret = 1;

--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2436,8 +2436,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 			{
 			if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
 				return 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
 			/* ALPN takes precedence over NPN. */
 			s->s3->next_proto_neg_seen = 0;
+#endif
 			}

 		/* session ticket processed earlier */

--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -315,7 +315,7 @@ SSL_CTX_set_next_protos_adv_cb          355	EXIST:VMS:FUNCTION:NEXTPROTONEG
 SSL_get0_next_proto_negotiated          356	EXIST::FUNCTION:NEXTPROTONEG
 SSL_get_selected_srtp_profile           357	EXIST::FUNCTION:
 SSL_CTX_set_tlsext_use_srtp             358	EXIST::FUNCTION:
-SSL_select_next_proto                   359	EXIST::FUNCTION:NEXTPROTONEG
+SSL_select_next_proto                   359	EXIST::FUNCTION:TLSEXT
 SSL_get_srtp_profiles                   360	EXIST::FUNCTION:
 SSL_CTX_set_next_proto_select_cb        361	EXIST:!VMS:FUNCTION:NEXTPROTONEG
 SSL_CTX_set_next_proto_sel_cb           361	EXIST:VMS:FUNCTION:NEXTPROTONEG