From cc1cb996f163e542499941974543a224b5f0a516 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 28 May 2009 18:10:47 +0000
Subject: [PATCH] Submitted by: Artem Chuprina <ran@cryptocom.ru> Reviewed by:
 steve@openssl.org

Fix to match latest GOST in TLS draft.
---
 ssl/s3_lib.c | 12 ++++++++++++
 ssl/ssl3.h   |  2 +-
 ssl/tls1.h   |  6 +++++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 51ec94b5b1..7aa1c037b2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3087,6 +3087,18 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
+#ifndef OPENSSL_NO_GOST
+	if (s->version >= TLS1_VERSION)
+		{
+		if (alg_k & SSL_kGOST)
+			{
+			p[ret++]=TLS_CT_GOST94_SIGN;
+			p[ret++]=TLS_CT_GOST01_SIGN;
+			return(ret);
+			}
+		}
+#endif
+
 #ifndef OPENSSL_NO_DH
 	if (alg_k & (SSL_kDHr|SSL_kEDH))
 		{
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 56f17f66d3..c2db3bd636 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -368,7 +368,7 @@ typedef struct ssl3_buffer_st
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER			7
+#define SSL3_CT_NUMBER			9
 
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 0ecbc6d105..b399db19bb 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -471,7 +471,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_ECDSA_SIGN		64
 #define TLS_CT_RSA_FIXED_ECDH		65
 #define TLS_CT_ECDSA_FIXED_ECDH 	66
-#define TLS_CT_NUMBER			7
+#define TLS_CT_GOST94_SIGN		21
+#define TLS_CT_GOST01_SIGN		22
+/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there) */
+#define TLS_CT_NUMBER			9
 
 #define TLS1_FINISH_MAC_LENGTH		12
 
-- 
2.25.1