4 files changed, 21 insertions, 3 deletions

diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index 3b513d5c28..c66024e21d 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -154,6 +154,7 @@ SSL_SESSION_has_ticket
 SSL_SESSION_new
 SSL_SESSION_print
 SSL_SESSION_print_fp
+SSL_SESSION_set1_id
 SSL_SESSION_set1_id_context
 SSL_SESSION_set_ex_data
 SSL_SESSION_set_time
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 97d1c40a66..78a6787d43 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.153 2018/03/17 16:20:01 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.154 2018/03/20 15:28:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1317,6 +1317,8 @@ long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
 void    SSL_copy_session_id(SSL *to, const SSL *from);
 X509    *SSL_SESSION_get0_peer(SSL_SESSION *s);
+int     SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+            unsigned int sid_len);
 int     SSL_SESSION_set1_id_context(SSL_SESSION *s,
             const unsigned char *sid_ctx, unsigned int sid_ctx_len);
 
@@ -2039,6 +2041,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
 #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
+#define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
 #define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index db3c1a0d2d..250a9eef6b 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.35 2017/08/28 17:36:58 jsing Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.36 2018/03/20 15:28:12 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -390,6 +390,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
         {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"},
         {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"},
         {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"},
+        {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), "ssl session id is too long"},
         {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"},
         {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
         {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"},
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 51aa2eac04..b3ee7ef430 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.78 2018/03/17 16:20:01 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.79 2018/03/20 15:28:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -851,6 +851,19 @@ SSL_SESSION_get0_peer(SSL_SESSION *s)
 }
 
 int
+SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+    unsigned int sid_len)
+{
+        if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+                SSLerrorx(SSL_R_SSL_SESSION_ID_TOO_LONG);
+                return 0;
+        }
+        s->session_id_length = sid_len;
+        memmove(s->session_id, sid, sid_len);
+        return 1;
+}
+
+int
 SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
     unsigned int sid_ctx_len)
 {