Upgrade chrome's OpenSSL to same version Android ships with.

openssl/ssl/ssl3.h

 /* ssl/ssl3.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
  * 
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
@@ skipping 105 matching lines @@
 
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
 
 #ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
 #endif
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
-#include <openssl/pq_compat.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
 /* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
 #define SSL3_CK_SCSV                            0x030000FF
 
 #define SSL3_CK_RSA_NULL_MD5                    0x03000001
 #define SSL3_CK_RSA_NULL_SHA                    0x03000002
@@ skipping 19 matching lines @@
 #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
 #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
 #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
 
 #define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
 #define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
 #define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
 #define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
 #define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
 
-#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
-#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-         of the ietf-tls list */
-#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#if 0
+        #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+        #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+        #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+                 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+                 of the ietf-tls list */
+        #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+        #endif
 #endif
 
 /*    VRS Additional Kerberos5 entries
  */
 #define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
 #define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
 #define SSL3_CK_KRB5_RC4_128_SHA                0x03000020
 #define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
 #define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
 #define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
@@ skipping 31 matching lines @@
 #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
 #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
 
 #define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
 #define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
 #define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
 #define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
 #define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
 
-#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
-#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
-#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#if 0
+        #define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+        #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+        #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#endif
 
 #define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
 #define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
 #define SSL3_TXT_KRB5_RC4_128_SHA               "KRB5-RC4-SHA"
 #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
 #define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
 #define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
 #define SSL3_TXT_KRB5_RC4_128_MD5               "KRB5-RC4-MD5"
 #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
 
 #define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
 #define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
 #define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
 #define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
 #define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
 #define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
 
 #define SSL3_SSL_SESSION_ID_LENGTH              32
 #define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
 
 #define SSL3_MASTER_SECRET_SIZE                 48
 #define SSL3_RANDOM_SIZE                        32
 #define SSL3_SESSION_ID_SIZE                    32
 #define SSL3_RT_HEADER_LENGTH                   5
 
-/* Due to MS stuffing up, this can change.... */
-#if defined(OPENSSL_SYS_WIN16) || \
-        (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
-#define SSL3_RT_MAX_EXTRA                       (14000)
+#ifndef SSL3_ALIGN_PAYLOAD
+ /* Some will argue that this increases memory footprint, but it's
+  * not actually true. Point is that malloc has to return at least
+  * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
+  * 3 bytes in either case. Suggested pre-gaping simply moves these
+  * wasted bytes from the end of allocated region to its front,
+  * but makes data payload aligned, which improves performance:-) */
+# define SSL3_ALIGN_PAYLOAD                     8
 #else
-#define SSL3_RT_MAX_EXTRA                       (16384)
+# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
+#  error "insane SSL3_ALIGN_PAYLOAD"
+#  undef SSL3_ALIGN_PAYLOAD
+# endif
 #endif
 
+/* This is the maximum MAC (digest) size used by the SSL library.
+ * Currently maximum of 20 is used by SHA1, but we reserve for
+ * future extension for 512-bit hashes.
+ */
+
+#define SSL3_RT_MAX_MD_SIZE                     64
+
+/* Maximum block size used in all ciphersuites. Currently 16 for AES.
+ */
+
+#define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
+
+#define SSL3_RT_MAX_EXTRA                       (16384)
+
+/* Default buffer length used for writen records.  Thus a generated record
+ * will contain plaintext no larger than this value. */
+#define SSL3_RT_DEFAULT_PLAIN_LENGTH    2048
+/* Maximum plaintext length: defined by SSL/TLS standards */
 #define SSL3_RT_MAX_PLAIN_LENGTH                16384
+/* Maximum compression overhead: defined by SSL/TLS standards */
+#define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
+
+/* The standards give a maximum encryption overhead of 1024 bytes.
+ * In practice the value is lower than this. The overhead is the maximum
+ * number of padding bytes (256) plus the mac size.
+ */
+#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD  (256 + SSL3_RT_MAX_MD_SIZE)
+
+/* OpenSSL currently only uses a padding length of at most one block so
+ * the send overhead is smaller.
+ */
+
+#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
+
+/* If compression isn't used don't include the compression overhead */
+
 #ifdef OPENSSL_NO_COMP
-#define SSL3_RT_MAX_COMPRESSED_LENGTH   SSL3_RT_MAX_PLAIN_LENGTH
+#define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
 #else
-#define SSL3_RT_MAX_COMPRESSED_LENGTH   (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#define SSL3_RT_MAX_COMPRESSED_LENGTH   \
+                (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
 #endif
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH    (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-#define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
+#define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
+                (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
+#define SSL3_RT_MAX_PACKET_SIZE         \
+                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+
+/* Extra space for empty fragment, headers, MAC, and padding. */
+#define SSL3_RT_DEFAULT_WRITE_OVERHEAD  256
+#define SSL3_RT_DEFAULT_PACKET_SIZE     4096 - SSL3_RT_DEFAULT_WRITE_OVERHEAD
+#if SSL3_RT_DEFAULT_PLAIN_LENGTH + SSL3_RT_DEFAULT_WRITE_OVERHEAD > SSL3_RT_DEFAULT_PACKET_SIZE
+#error "Insufficient space allocated for write buffers."
+#endif
 
 #define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
 #define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
 
 #define SSL3_VERSION                    0x0300
 #define SSL3_VERSION_MAJOR              0x03
 #define SSL3_VERSION_MINOR              0x00
 
 #define SSL3_RT_CHANGE_CIPHER_SPEC      20
 #define SSL3_RT_ALERT                   21
@@ skipping 18 matching lines @@
 
 typedef struct ssl3_record_st
         {
 /*r */  int type;               /* type of record */
 /*rw*/  unsigned int length;    /* How many bytes available */
 /*r */  unsigned int off;       /* read/write offset into 'buf' */
 /*rw*/  unsigned char *data;    /* pointer to the record data */
 /*rw*/  unsigned char *input;   /* where the decode bytes are */
 /*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
-/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
+/*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
         } SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
         {
         unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
                                  * see ssl3_setup_buffers() */
         size_t len;             /* buffer size */
         int offset;             /* where to 'copy from' */
         int left;               /* how many bytes left */
         } SSL3_BUFFER;
 
 #define SSL3_CT_RSA_SIGN                        1
 #define SSL3_CT_DSS_SIGN                        2
 #define SSL3_CT_RSA_FIXED_DH                    3
 #define SSL3_CT_DSS_FIXED_DH                    4
 #define SSL3_CT_RSA_EPHEMERAL_DH                5
 #define SSL3_CT_DSS_EPHEMERAL_DH                6
 #define SSL3_CT_FORTEZZA_DMS                    20
 /* SSL3_CT_NUMBER is used to size arrays and it must be large
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                  7
+#define SSL3_CT_NUMBER                  9
 
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
 #define SSL3_FLAGS_POP_BUFFER                   0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
+#define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
+ 
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE             0x0040
 
 typedef struct ssl3_state_st
         {
         long flags;
         int delay_buf_pop_ret;
 
         unsigned char read_sequence[8];
+        int read_mac_secret_size;
         unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
         unsigned char write_sequence[8];
+        int write_mac_secret_size;
         unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
 
         unsigned char server_random[SSL3_RANDOM_SIZE];
         unsigned char client_random[SSL3_RANDOM_SIZE];
 
         /* flags for countermeasure against known-IV weakness */
         int need_empty_fragments;
         int empty_fragment_done;
 
+        /* The value of 'extra' when the buffers were initialized */
+        int init_extra;
+
         SSL3_BUFFER rbuf;       /* read IO goes into here */
         SSL3_BUFFER wbuf;       /* write IO goes into here */
 
         SSL3_RECORD rrec;       /* each decoded record goes in here */
         SSL3_RECORD wrec;       /* goes out from here */
 
         /* storage for Alert/Handshake protocol data received but not
          * yet processed by ssl3_read_bytes: */
         unsigned char alert_fragment[2];
         unsigned int alert_fragment_len;
         unsigned char handshake_fragment[4];
         unsigned int handshake_fragment_len;
 
         /* partial write - check the numbers match */
         unsigned int wnum;      /* number of bytes sent so far */
         int wpend_tot;          /* number bytes written */
         int wpend_type;
         int wpend_ret;          /* number of bytes submitted */
         const unsigned char *wpend_buf;
 
         /* used during startup, digest all incoming/outgoing packets */
-        EVP_MD_CTX finish_dgst1;
-        EVP_MD_CTX finish_dgst2;
-
+        BIO *handshake_buffer;
+        /* When set of handshake digests is determined, buffer is hashed
+         * and freed and MD_CTX-es for all required digests are stored in
+         * this array */
+        EVP_MD_CTX **handshake_dgst;
         /* this is set whenerver we see a change_cipher_spec message
          * come in when we are not looking for one */
         int change_cipher_spec;
 
         int warn_alert;
         int fatal_alert;
         /* we allow one fatal and one warning alert to be outstanding,
          * send close alert via the warning alert */
         int alert_dispatch;
         unsigned char send_alert[2];
 
         /* This flag is set when we should renegotiate ASAP, basically when
          * there is no more data in the read or write buffers */
         int renegotiate;
         int total_renegotiations;
         int num_renegotiations;
 
         int in_read_app_data;
 
-        /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+        /* Opaque PRF input as used for the current handshake.
+         * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
+         * (otherwise, they are merely present to improve binary compatibility) */
+        void *client_opaque_prf_input;
+        size_t client_opaque_prf_input_len;
+        void *server_opaque_prf_input;
+        size_t server_opaque_prf_input_len;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        /* Set if we saw the Next Protocol Negotiation extension from
+           our peer. */
         int next_proto_neg_seen;
+#endif
 
         struct  {
                 /* actually only needs to be 16+20 */
                 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
 
                 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
                 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
                 int finish_md_len;
                 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
                 int peer_finish_md_len;
                 
                 unsigned long message_size;
                 int message_type;
 
                 /* used to hold the new cipher we are going to use */
-                SSL_CIPHER *new_cipher;
+                const SSL_CIPHER *new_cipher;
 #ifndef OPENSSL_NO_DH
                 DH *dh;
 #endif
 
 #ifndef OPENSSL_NO_ECDH
                 EC_KEY *ecdh; /* holds short lived ECDH key */
 #endif
 
                 /* used when SSL_ST_FLUSH_DATA is entered */
                 int next_state;                 
 
                 int reuse_message;
 
                 /* used for certificate requests */
                 int cert_req;
                 int ctype_num;
                 char ctype[SSL3_CT_NUMBER];
                 STACK_OF(X509_NAME) *ca_names;
 
                 int use_rsa_tmp;
 
                 int key_block_length;
                 unsigned char *key_block;
 
                 const EVP_CIPHER *new_sym_enc;
                 const EVP_MD *new_hash;
+                int new_mac_pkey_type;
+                int new_mac_secret_size;
 #ifndef OPENSSL_NO_COMP
                 const SSL_COMP *new_compression;
 #else
                 char *new_compression;
 #endif
                 int cert_request;
                 } tmp;
 
         /* Connection binding to prevent renegotiation attacks */
         unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
         unsigned char previous_client_finished_len;
         unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
         unsigned char previous_server_finished_len;
         int send_connection_binding; /* TODOEKR */
-
-        /* Snap Start support (server-side only):
-         *
-         * Snap Start allows the client to 'suggest' the value of our random
-         * nonce. Assuming that we accept this suggestion, then the client can
-         * predict our exact reply and calculate a complete handshake based on
-         * that. These opportunistic handshake messages are embedded in the
-         * Snap Start extension, possibly including application data.
-         *
-         * (Note that if the handshake doesn't resume a session, the client
-         * couldn't hope to predict the exact server reply unless it uses the
-         * session ticket extension to suppress session ID generation.)
-         *
-         * All this allows for a TLS handshake that doesn't incur additional
-         * latency if the client side sends application data first. */
-
-        /* Set if the client presented a Snap Start extension (empty or
-         * otherwise and the SSL_CTX has a cell configured. Server side only. */
-        int snap_start_ext_seen;
-        /* Set if the client-suggested a server random value (which is stored
-         * in |server_random|) */
-        char snap_start_requested;
-        /* Set if the appplication has indicated that the client's
-         * server_random suggestion is acceptable (see
-         * SSL_set_suggested_server_random_validity). If so, a Snap Start
-         * handshake will be attempted. */
-        char server_random_suggestion_valid;
-        /* Client's predicted response_hash from client snap start extension.
-         * Valid if |snap_start_requested| is set. */
-        unsigned char predicted_response_hash[8];
-        /* Actual server handshake message hash.  A Snap Start handshake is
-         * possible only if predicated_response_hash matches this. */
-        unsigned char response_hash[8];
-        /* If we need to enter snap start recovery then we need to reset the
-         * Finished hash with a different value for the ClientHello. Thus, we
-         * need a copy of the whole ClientHello: */
-        SSL3_BUFFER snap_start_client_hello;
-        /* A snap start ClientHello can contain records embedded in an
-         * extension. If we wish to read them then this points to the records
-         * within |snap_start_client_hello|. */
-        SSL3_BUFFER snap_start_records;
-
         } SSL3_STATE;
 
 
 /* SSLv3 */
 /*client */
 /* extra state */
 #define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
-#define SSL3_ST_CUTTHROUGH_COMPLETE (0x101|SSL_ST_CONNECT)
+#define SSL3_ST_CUTTHROUGH_COMPLETE     (0x101|SSL_ST_CONNECT)
 /* write to server */
 #define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
 /* read from server */
 #define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
 #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
 #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
 #define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
 #define SSL3_ST_CR_KEY_EXCH_B           (0x141|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_REQ_A           (0x150|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_REQ_B           (0x151|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_DONE_A          (0x160|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_DONE_B          (0x161|SSL_ST_CONNECT)
 /* write to server */
 #define SSL3_ST_CW_CERT_A               (0x170|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CERT_B               (0x171|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CERT_C               (0x172|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CERT_D               (0x173|SSL_ST_CONNECT)
 #define SSL3_ST_CW_KEY_EXCH_A           (0x180|SSL_ST_CONNECT)
 #define SSL3_ST_CW_KEY_EXCH_B           (0x181|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CERT_VRFY_A          (0x190|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_CW_NEXT_PROTO_A         (0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B         (0x201|SSL_ST_CONNECT)
+#endif
 #define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
 /* read from server */
 #define SSL3_ST_CR_CHANGE_A             (0x1C0|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
 #define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
 #define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SESSION_TICKET_A     (0x1E0|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SESSION_TICKET_B     (0x1E1|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_STATUS_A        (0x1F0|SSL_ST_CONNECT)
@@ skipping 25 matching lines @@
 #define SSL3_ST_SW_SRVR_DONE_B          (0x171|SSL_ST_ACCEPT)
 /* read from client */
 #define SSL3_ST_SR_CERT_A               (0x180|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CERT_B               (0x181|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_KEY_EXCH_A           (0x190|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_KEY_EXCH_B           (0x191|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CERT_VRFY_A          (0x1A0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_SR_NEXT_PROTO_A         (0x210|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_B         (0x211|SSL_ST_ACCEPT)
+#endif
 #define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
 /* write to client */
 #define SSL3_ST_SW_CHANGE_A             (0x1D0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_SESSION_TICKET_A     (0x1F0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_SESSION_TICKET_B     (0x1F1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_CERT_STATUS_A        (0x200|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_CERT_STATUS_B        (0x201|SSL_ST_ACCEPT)
 
 #define SSL3_MT_HELLO_REQUEST                   0
 #define SSL3_MT_CLIENT_HELLO                    1
 #define SSL3_MT_SERVER_HELLO                    2
 #define SSL3_MT_NEWSESSION_TICKET               4
 #define SSL3_MT_CERTIFICATE                     11
 #define SSL3_MT_SERVER_KEY_EXCHANGE             12
 #define SSL3_MT_CERTIFICATE_REQUEST             13
 #define SSL3_MT_SERVER_DONE                     14
 #define SSL3_MT_CERTIFICATE_VERIFY              15
 #define SSL3_MT_CLIENT_KEY_EXCHANGE             16
 #define SSL3_MT_FINISHED                        20
 #define SSL3_MT_CERTIFICATE_STATUS              22
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_MT_NEXT_PROTO                      67
+#endif
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
 
 
 #define SSL3_MT_CCS                             1
 
 /* These are used when changing over to a new cipher */
 #define SSL3_CC_READ            0x01
 #define SSL3_CC_WRITE           0x02
 #define SSL3_CC_CLIENT          0x10
 #define SSL3_CC_SERVER          0x20
 #define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)  
 #define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
 #define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
 #define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
 
 #ifdef  __cplusplus
 }
 #endif
 #endif
-