From 253b63fb51401d34d0ccce903a2a1c39698e8461 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 2 Mar 2024 11:44:47 +0000
Subject: Export SSL_get_{peer_,}signature_type_nid()

Also move the prototypes to the correct header.

Oversight reported by Frank Lichtenheld, thanks!
Fixes https://github.com/libressl/openbsd/issues/147

ok jsing
---
 src/lib/libssl/Symbols.list          | 2 ++
 src/lib/libssl/hidden/openssl/tls1.h | 4 +++-
 src/lib/libssl/s3_lib.c              | 4 +++-
 src/lib/libssl/ssl.h                 | 6 +-----
 src/lib/libssl/tls1.h                | 5 ++++-
 5 files changed, 13 insertions(+), 8 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index 9f261bb97a..37715a83eb 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -222,6 +222,7 @@ SSL_get_peer_cert_chain
 SSL_get_peer_certificate
 SSL_get_peer_finished
 SSL_get_peer_quic_transport_params
+SSL_get_peer_signature_type_nid
 SSL_get_privatekey
 SSL_get_quiet_shutdown
 SSL_get_rbio
@@ -235,6 +236,7 @@ SSL_get_servername_type
 SSL_get_session
 SSL_get_shared_ciphers
 SSL_get_shutdown
+SSL_get_signature_type_nid
 SSL_get_srtp_profiles
 SSL_get_ssl_method
 SSL_get_verify_callback
diff --git a/src/lib/libssl/hidden/openssl/tls1.h b/src/lib/libssl/hidden/openssl/tls1.h
index de93f9aa2e..e7c5721951 100644
--- a/src/lib/libssl/hidden/openssl/tls1.h
+++ b/src/lib/libssl/hidden/openssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.1 2023/07/08 16:40:14 beck Exp $ */
+/* $OpenBSD: tls1.h,v 1.2 2024/03/02 11:44:47 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -28,5 +28,7 @@
 LSSL_USED(SSL_get_servername);
 LSSL_USED(SSL_get_servername_type);
 LSSL_USED(SSL_export_keying_material);
+LSSL_USED(SSL_get_peer_signature_type_nid);
+LSSL_USED(SSL_get_signature_type_nid);
 
 #endif /* _LIBSSL_TLS1_H */
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index bb8e9465ba..9836d20bd0 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.249 2024/02/03 15:58:33 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.250 2024/03/02 11:44:47 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1970,6 +1970,7 @@ SSL_get_signature_type_nid(const SSL *s, int *nid)
 
 	return 1;
 }
+LSSL_ALIAS(SSL_get_signature_type_nid);
 
 int
 SSL_get_peer_signature_type_nid(const SSL *s, int *nid)
@@ -1986,6 +1987,7 @@ SSL_get_peer_signature_type_nid(const SSL *s, int *nid)
 
 	return 1;
 }
+LSSL_ALIAS(SSL_get_peer_signature_type_nid);
 
 long
 ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 03a5a80d0a..e69979cbf6 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.233 2024/02/03 15:58:33 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.234 2024/03/02 11:44:47 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1058,10 +1058,6 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
 	SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn)
 #define SSL_get_peer_tmp_key(s, pk) \
 	SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
-
-int SSL_get_signature_type_nid(const SSL *ssl, int *nid);
-int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid);
-
 #endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */
 
 #ifndef LIBRESSL_INTERNAL
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index daf6cba6fa..05514b8f4d 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.57 2024/02/03 15:58:34 beck Exp $ */
+/* $OpenBSD: tls1.h,v 1.58 2024/03/02 11:44:47 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -316,6 +316,9 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
     const char *label, size_t llen, const unsigned char *p, size_t plen,
     int use_context);
 
+int SSL_get_signature_type_nid(const SSL *ssl, int *nid);
+int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid);
+
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
 
-- 
cgit v1.2.3-55-g6feb