Prepare to provide SSL_SESSION_{set,get}_max_early_data()

Since we do not support 0-RTT, these are noops. Some software expects
this API to be available if TLS1_3_VERSION is defined.

ok beck jsing

2 files changed, 18 insertions, 2 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index a783739c57..401c9cf843 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.173 2020/09/17 15:42:14 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.174 2020/09/19 09:56:34 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1386,6 +1386,10 @@ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *ss,
             unsigned int *len);
 const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *ss,
             unsigned int *len);
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *sess);
+int SSL_SESSION_set_max_early_data(SSL_SESSION *sess, uint32_t max_early_data);
+#endif
 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
 int     SSL_SESSION_has_ticket(const SSL_SESSION *s);
 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *ss);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 191e43b74b..d805419de4 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.99 2020/09/17 15:23:29 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.100 2020/09/19 09:56:35 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -194,6 +194,18 @@ SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
         return (CRYPTO_get_ex_data(&s->internal->ex_data, idx));
 }
 
+uint32_t
+SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
+{
+        return 0;
+}
+
+int
+SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
+{
+        return 1;
+}
+
 SSL_SESSION *
 SSL_SESSION_new(void)
 {