Bring back the NPN related symbols.

Several pieces of software make use of these based on a conditional around
OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the
non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of
the TLS extension type.

Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for
ALPN was effectively botched and reuses two parts from the NPN
implementation, rather than providing ALPN specific or generic versions.

3 files changed, 36 insertions, 3 deletions

diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index 7b54776d55..e147ff873d 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -100,6 +100,8 @@ SSL_CTX_set_info_callback
 SSL_CTX_set_min_proto_version
 SSL_CTX_set_max_proto_version
 SSL_CTX_set_msg_callback
+SSL_CTX_set_next_proto_select_cb
+SSL_CTX_set_next_protos_advertised_cb
 SSL_CTX_set_purpose
 SSL_CTX_set_quiet_shutdown
 SSL_CTX_set_session_id_context
@@ -159,6 +161,7 @@ SSL_dup_CA_list
 SSL_export_keying_material
 SSL_free
 SSL_get0_alpn_selected
+SSL_get0_next_proto_negotiated
 SSL_get1_session
 SSL_get_SSL_CTX
 SSL_get_certificate
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 2f0b9df402..d431b175ad 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.133 2017/08/28 17:36:58 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.134 2017/08/30 16:24:21 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -752,11 +752,17 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
     int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
     unsigned int cookie_len));
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
+    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
+    unsigned char **out, unsigned char *outlen, const unsigned char *in,
+    unsigned int inlen, void *arg), void *arg);
 
-/* NPN support function used by ALPN */
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
     const unsigned char *in, unsigned int inlen, const unsigned char *client,
     unsigned int client_len);
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+    unsigned *len);
 
 #define OPENSSL_NPN_UNSUPPORTED 0
 #define OPENSSL_NPN_NEGOTIATED  1
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b365ebd496..471fd7009e 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.169 2017/08/28 17:36:58 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.170 2017/08/30 16:24:21 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1590,6 +1590,30 @@ found:
         return (status);
 }
 
+/* SSL_get0_next_proto_negotiated is deprecated. */
+void
+SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+    unsigned *len)
+{
+        *data = NULL;
+        *len = 0;
+}
+
+/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
+void
+SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
+    const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
+{
+}
+
+/* SSL_CTX_set_next_proto_select_cb is deprecated. */
+void
+SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
+    unsigned char **out, unsigned char *outlen, const unsigned char *in,
+    unsigned int inlen, void *arg), void *arg)
+{
+}
+
 /*
  * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
  * protocols, which must be in wire-format (i.e. a series of non-empty,