diff options
-rw-r--r-- | lib/libssl/Symbols.list | 1 | ||||
-rw-r--r-- | lib/libssl/ssl.h | 5 | ||||
-rw-r--r-- | lib/libssl/ssl_err.c | 3 | ||||
-rw-r--r-- | lib/libssl/ssl_sess.c | 15 |
4 files changed, 21 insertions, 3 deletions
diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list index 3b513d5c288..c66024e21d3 100644 --- a/lib/libssl/Symbols.list +++ b/lib/libssl/Symbols.list @@ -154,6 +154,7 @@ SSL_SESSION_has_ticket SSL_SESSION_new SSL_SESSION_print SSL_SESSION_print_fp +SSL_SESSION_set1_id SSL_SESSION_set1_id_context SSL_SESSION_set_ex_data SSL_SESSION_set_time diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 97d1c40a669..78a6787d437 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.153 2018/03/17 16:20:01 beck Exp $ */ +/* $OpenBSD: ssl.h,v 1.154 2018/03/20 15:28:12 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1317,6 +1317,8 @@ long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); void SSL_copy_session_id(SSL *to, const SSL *from); X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -2039,6 +2041,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 +#define SSL_R_SSL_SESSION_ID_TOO_LONG 408 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c index db3c1a0d2db..250a9eef6bc 100644 --- a/lib/libssl/ssl_err.c +++ b/lib/libssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.35 2017/08/28 17:36:58 jsing Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.36 2018/03/20 15:28:12 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -390,6 +390,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, + {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), "ssl session id is too long"}, {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 51aa2eac044..b3ee7ef4302 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.78 2018/03/17 16:20:01 beck Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.79 2018/03/20 15:28:12 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -851,6 +851,19 @@ SSL_SESSION_get0_peer(SSL_SESSION *s) } int +SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len) +{ + if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { + SSLerrorx(SSL_R_SSL_SESSION_ID_TOO_LONG); + return 0; + } + s->session_id_length = sid_len; + memmove(s->session_id, sid, sid_len); + return 1; +} + +int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { |