3 files changed, 8 insertions, 28 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 9836d20bd0..6ebe2605da 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.250 2024/03/02 11:44:47 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.251 2024/03/02 11:46:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2594,6 +2594,10 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
        return (ret);
 }
+#define SSL3_CT_RSA_SIGN        1
+#define SSL3_CT_RSA_FIXED_DH    3
+#define SSL3_CT_ECDSA_SIGN      64
 int
 ssl3_get_req_cert_types(SSL *s, CBB *cbb)
 {
@@ -2613,7 +2617,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
         * ECDSA certs can be used with RSA cipher suites as well
         * so we don't need to check for SSL_kECDH or SSL_kECDHE.
         */
-        if (!CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN))
+        if (!CBB_add_u8(cbb, SSL3_CT_ECDSA_SIGN))
                return 0;
        return 1;
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 603d9ccb4f..55fbf72242 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.58 2024/02/03 15:58:33 beck Exp $ */
+/* $OpenBSD: ssl3.h,v 1.59 2024/03/02 11:46:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -314,19 +314,6 @@ extern "C" {
 #define TLS1_HB_REQUEST         1
 #define TLS1_HB_RESPONSE        2
-#define SSL3_CT_RSA_SIGN                        1
-#define SSL3_CT_DSS_SIGN                        2
-#define SSL3_CT_RSA_FIXED_DH                    3
-#define SSL3_CT_DSS_FIXED_DH                    4
-#define SSL3_CT_RSA_EPHEMERAL_DH                5
-#define SSL3_CT_DSS_EPHEMERAL_DH                6
-#define SSL3_CT_FORTEZZA_DMS                    20
-/* SSL3_CT_NUMBER is used to size arrays and it must be large
- * enough to contain all of the cert types defined either for
- * SSLv3 and TLSv1.
- */
-#define SSL3_CT_NUMBER                  7
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
 #define TLS1_FLAGS_FREEZE_TRANSCRIPT            0x0020
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 05514b8f4d..21666291ff 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.58 2024/03/02 11:44:47 tb Exp $ */
+/* $OpenBSD: tls1.h,v 1.59 2024/03/02 11:46:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -740,17 +740,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_3_RFC_AES_128_CCM_8_SHA256                 "TLS_AES_128_CCM_8_SHA256"
 #endif
-#define TLS_CT_RSA_SIGN                 1
-#define TLS_CT_DSS_SIGN                 2
-#define TLS_CT_RSA_FIXED_DH             3
-#define TLS_CT_DSS_FIXED_DH             4
-#define TLS_CT_ECDSA_SIGN               64
-#define TLS_CT_RSA_FIXED_ECDH           65
-#define TLS_CT_ECDSA_FIXED_ECDH         66
-/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
- * comment there) */
-#define TLS_CT_NUMBER                   7
 #define TLS1_FINISH_MAC_LENGTH          12
 #define TLS_MD_MAX_CONST_SIZE                   20