3 files changed, 15 insertions, 9 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f98ec3e098..e2fef72588 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.194 2020/06/05 17:58:32 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.195 2020/06/05 18:14:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2553,6 +2553,10 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
                         return 0;
                 if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
                         return 0;
+                if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
+                        return 0;
+                if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
+                        return 0;
         }
 #endif
 
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 30dc4c5d7d..a102d11434 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.50 2020/03/12 17:01:53 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.51 2020/06/05 18:14:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -348,7 +348,7 @@ typedef struct ssl3_buffer_st {
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                  11
+#define SSL3_CT_NUMBER                  13
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 2230f0bab8..8cd5226582 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.40 2020/01/02 06:23:16 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.41 2020/06/05 18:14:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -735,16 +735,18 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_DSS_SIGN                 2
 #define TLS_CT_RSA_FIXED_DH             3
 #define TLS_CT_DSS_FIXED_DH             4
+#define TLS_CT_GOST94_SIGN              21
+#define TLS_CT_GOST01_SIGN              22
 #define TLS_CT_ECDSA_SIGN               64
 #define TLS_CT_RSA_FIXED_ECDH           65
 #define TLS_CT_ECDSA_FIXED_ECDH         66
-#define TLS_CT_GOST94_SIGN              21
-#define TLS_CT_GOST01_SIGN              22
-#define TLS_CT_GOST12_256_SIGN          238 /* FIXME: IANA */
-#define TLS_CT_GOST12_512_SIGN          239 /* FIXME: IANA */
+#define TLS_CT_GOST12_256_SIGN          67
+#define TLS_CT_GOST12_512_SIGN          68
+#define TLS_CT_GOST12_256_SIGN_COMPAT   238 /* pre-IANA, for compat */
+#define TLS_CT_GOST12_512_SIGN_COMPAT   239 /* pre-IANA, for compat */
 /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
  * comment there) */
-#define TLS_CT_NUMBER                   11
+#define TLS_CT_NUMBER                   13
 
 #define TLS1_FINISH_MAC_LENGTH          12