Remove GOST and STREEBOG support from libssl.

This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere.  Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.

At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.

This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump

ok tb@

21 files changed, 148 insertions, 871 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1ae2d047bc..bb8e9465ba 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.248 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.249 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -577,41 +577,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
                 .alg_bits = 256,
         },
 
-        /* GOST Ciphersuites */
-
-        /* Cipher 81 */
-        {
-                .valid = 1,
-                .name = "GOST2001-GOST89-GOST89",
-                .id = 0x3000081,
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eGOST2814789CNT,
-                .algorithm_mac = SSL_GOST89MAC,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
-                    TLS1_STREAM_MAC,
-                .strength_bits = 256,
-                .alg_bits = 256
-        },
-
-        /* Cipher 83 */
-        {
-                .valid = 1,
-                .name = "GOST2001-NULL-GOST94",
-                .id = 0x3000083,
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_GOST94,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
-                .strength_bits = 0,
-                .alg_bits = 0
-        },
-
 #ifndef OPENSSL_NO_CAMELLIA
         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
 
@@ -1362,40 +1327,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
                 .alg_bits = 256,
         },
 
-        /* Cipher FF85 FIXME IANA */
-        {
-                .valid = 1,
-                .name = "GOST2012256-GOST89-GOST89",
-                .id = 0x300ff85, /* FIXME IANA */
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eGOST2814789CNT,
-                .algorithm_mac = SSL_GOST89MAC,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
-                    TLS1_STREAM_MAC,
-                .strength_bits = 256,
-                .alg_bits = 256
-        },
-
-        /* Cipher FF87 FIXME IANA */
-        {
-                .valid = 1,
-                .name = "GOST2012256-NULL-STREEBOG256",
-                .id = 0x300ff87, /* FIXME IANA */
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_STREEBOG256,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
-                .strength_bits = 0,
-                .alg_bits = 0
-        },
-
-
         /* end of list */
 };
 
@@ -2668,21 +2599,6 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
 
         alg_k = s->s3->hs.cipher->algorithm_mkey;
 
-#ifndef OPENSSL_NO_GOST
-        if ((alg_k & SSL_kGOST) != 0) {
-                if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
-                        return 0;
-        }
-#endif
-
         if ((alg_k & SSL_kDHE) != 0) {
                 if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
                         return 0;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 8d65a1ec03..03a5a80d0a 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.232 2023/11/22 15:43:42 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.233 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -245,7 +245,6 @@ extern "C" {
 #define SSL_TXT_kECDH           "kECDH"
 #define SSL_TXT_kEECDH          "kEECDH"
 #define SSL_TXT_kPSK            "kPSK"
-#define SSL_TXT_kGOST           "kGOST"
 #define SSL_TXT_kSRP            "kSRP"
 
 #define SSL_TXT_aRSA            "aRSA"
@@ -255,9 +254,6 @@ extern "C" {
 #define SSL_TXT_aKRB5           "aKRB5"
 #define SSL_TXT_aECDSA          "aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94         "aGOST94"
-#define SSL_TXT_aGOST01         "aGOST01"
-#define SSL_TXT_aGOST           "aGOST"
 
 #define SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH              "DH"
@@ -293,12 +289,8 @@ extern "C" {
 #define SSL_TXT_MD5             "MD5"
 #define SSL_TXT_SHA1            "SHA1"
 #define SSL_TXT_SHA             "SHA" /* same as "SHA1" */
-#define SSL_TXT_GOST94          "GOST94"
-#define SSL_TXT_GOST89MAC               "GOST89MAC"
 #define SSL_TXT_SHA256          "SHA256"
 #define SSL_TXT_SHA384          "SHA384"
-#define SSL_TXT_STREEBOG256             "STREEBOG256"
-#define SSL_TXT_STREEBOG512             "STREEBOG512"
 
 #define SSL_TXT_DTLS1           "DTLSv1"
 #define SSL_TXT_DTLS1_2         "DTLSv1.2"
@@ -2176,7 +2168,6 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_CLIENT_CERT_METHOD                      331
 #define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
 #define SSL_R_NO_COMPRESSION_SPECIFIED                   187
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
 #define SSL_R_NO_METHOD_SPECIFIED                        188
 #define SSL_R_NO_PRIVATEKEY                              189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 6c6cc2ad2b..603d9ccb4f 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */
+/* $OpenBSD: ssl3.h,v 1.58 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -325,7 +325,7 @@ extern "C" {
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                  13
+#define SSL3_CT_NUMBER                  7
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 14d9aa85a7..995f1c4601 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.46 2023/07/07 08:53:55 tb Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -384,9 +384,6 @@ ssl_cert_type(EVP_PKEY *pkey)
         switch (EVP_PKEY_id(pkey)) {
         case EVP_PKEY_EC:
                 return SSL_PKEY_ECC;
-        case NID_id_GostR3410_2001:
-        case NID_id_GostR3410_2001_cc:
-                return SSL_PKEY_GOST01;
         case EVP_PKEY_RSA:
         case EVP_PKEY_RSA_PSS:
                 return SSL_PKEY_RSA;
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index a288050269..5b2fe1a48d 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.107 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.108 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -233,10 +233,6 @@ ssl_cert_dup(SSL_CERT *cert)
                                 /* We have an ECC key */
                                 break;
 
-                        case SSL_PKEY_GOST01:
-                                /* We have a GOST key */
-                                break;
-
                         default:
                                 /* Can't happen. */
                                 SSLerrorx(SSL_R_LIBRARY_BUG);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index cea4d3e6f4..76a3840520 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.139 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -212,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .name = SSL_TXT_ECDH,
                 .algorithm_mkey = SSL_kECDHE,
         },
-        {
-                .name = SSL_TXT_kGOST,
-                .algorithm_mkey = SSL_kGOST,
-        },
 
         /* server authentication aliases */
         {
@@ -242,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .name = SSL_TXT_ECDSA,
                 .algorithm_auth = SSL_aECDSA,
         },
-        {
-                .name = SSL_TXT_aGOST01,
-                .algorithm_auth = SSL_aGOST01,
-        },
-        {
-                .name = SSL_TXT_aGOST,
-                .algorithm_auth = SSL_aGOST01,
-        },
 
         /* aliases combining key exchange and server authentication */
         {
@@ -356,14 +344,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .algorithm_mac = SSL_SHA1,
         },
         {
-                .name = SSL_TXT_GOST94,
-                .algorithm_mac = SSL_GOST94,
-        },
-        {
-                .name = SSL_TXT_GOST89MAC,
-                .algorithm_mac = SSL_GOST89MAC,
-        },
-        {
                 .name = SSL_TXT_SHA256,
                 .algorithm_mac = SSL_SHA256,
         },
@@ -371,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .name = SSL_TXT_SHA384,
                 .algorithm_mac = SSL_SHA384,
         },
-        {
-                .name = SSL_TXT_STREEBOG256,
-                .algorithm_mac = SSL_STREEBOG256,
-        },
 
         /* protocol version aliases */
         {
@@ -472,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
         case SSL_CAMELLIA256:
                 *enc = EVP_camellia_256_cbc();
                 break;
-#ifndef OPENSSL_NO_GOST
-        case SSL_eGOST2814789CNT:
-                *enc = EVP_gost2814789_cnt();
-                break;
-#endif
         }
 
         switch (ss->cipher->algorithm_mac) {
@@ -492,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
         case SSL_SHA384:
                 *md = EVP_sha384();
                 break;
-#ifndef OPENSSL_NO_GOST
-        case SSL_GOST89MAC:
-                *md = EVP_gost2814789imit();
-                break;
-        case SSL_GOST94:
-                *md = EVP_gostr341194();
-                break;
-        case SSL_STREEBOG256:
-                *md = EVP_streebog256();
-                break;
-#endif
         }
         if (*enc == NULL || *md == NULL)
                 return 0;
 
+        /* XXX remove these from ssl_cipher_get_evp? */
         /*
          * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
          * supported via EVP_CIPHER (they should be using EVP_AEAD instead).
@@ -515,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
                 return 0;
         if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
                 return 0;
-#ifndef OPENSSL_NO_GOST
-        /* XXX JFC. die in fire already */
-        if (ss->cipher->algorithm_mac == SSL_GOST89MAC) {
-                *mac_pkey_type = EVP_PKEY_GOSTIMIT;
-                *mac_secret_size = 32; /* XXX */
-        } else {
-#endif
-                *mac_pkey_type = EVP_PKEY_HMAC;
-                *mac_secret_size = EVP_MD_size(*md);
-#ifndef OPENSSL_NO_GOST
-        }
-#endif
+
+        *mac_pkey_type = EVP_PKEY_HMAC;
+        *mac_secret_size = EVP_MD_size(*md);
         return 1;
 }
 
@@ -581,14 +533,6 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
         case SSL_HANDSHAKE_MAC_DEFAULT:
                 *md = EVP_md5_sha1();
                 return 1;
-#ifndef OPENSSL_NO_GOST
-        case SSL_HANDSHAKE_MAC_GOST94:
-                *md = EVP_gostr341194();
-                return 1;
-        case SSL_HANDSHAKE_MAC_STREEBOG256:
-                *md = EVP_streebog256();
-                return 1;
-#endif
         case SSL_HANDSHAKE_MAC_SHA256:
                 *md = EVP_sha256();
                 return 1;
@@ -641,6 +585,7 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
         *head = curr;
 }
 
+/* XXX beck: remove this in a followon to removing GOST */
 static void
 ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
     unsigned long *enc, unsigned long *mac, unsigned long *ssl)
@@ -651,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
         *mac = 0;
         *ssl = 0;
 
-        /*
-         * Check for the availability of GOST 34.10 public/private key
-         * algorithms. If they are not available disable the associated
-         * authentication and key exchange algorithms.
-         */
-#if defined(OPENSSL_NO_GOST) || !defined(EVP_PKEY_GOSTR01)
-        *auth |= SSL_aGOST01;
-        *mkey |= SSL_kGOST;
-#endif
-
 #ifdef SSL_FORBID_ENULL
         *enc |= SSL_eNULL;
 #endif
@@ -1455,9 +1390,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_kECDHE:
                 kx = "ECDH";
                 break;
-        case SSL_kGOST:
-                kx = "GOST";
-                break;
         case SSL_kTLS1_3:
                 kx = "TLSv1.3";
                 break;
@@ -1478,9 +1410,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_aECDSA:
                 au = "ECDSA";
                 break;
-        case SSL_aGOST01:
-                au = "GOST01";
-                break;
         case SSL_aTLS1_3:
                 au = "TLSv1.3";
                 break;
@@ -1520,9 +1449,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_CHACHA20POLY1305:
                 enc = "ChaCha20-Poly1305";
                 break;
-        case SSL_eGOST2814789CNT:
-                enc = "GOST-28178-89-CNT";
-                break;
         default:
                 enc = "unknown";
                 break;
@@ -1544,15 +1470,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_AEAD:
                 mac = "AEAD";
                 break;
-        case SSL_GOST94:
-                mac = "GOST94";
-                break;
-        case SSL_GOST89MAC:
-                mac = "GOST89IMIT";
-                break;
-        case SSL_STREEBOG256:
-                mac = "STREEBOG256";
-                break;
         default:
                 mac = "unknown";
                 break;
@@ -1666,8 +1583,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
                 return NID_des_cbc;
         case SSL_RC4:
                 return NID_rc4;
-        case SSL_eGOST2814789CNT:
-                return NID_gost89_cnt;
         default:
                 return NID_undef;
         }
@@ -1680,10 +1595,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
         switch (c->algorithm_mac) {
         case SSL_AEAD:
                 return NID_undef;
-        case SSL_GOST89MAC:
-                return NID_id_Gost28147_89_MAC;
-        case SSL_GOST94:
-                return NID_id_GostR3411_94;
         case SSL_MD5:
                 return NID_md5;
         case SSL_SHA1:
@@ -1692,8 +1603,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
                 return NID_sha256;
         case SSL_SHA384:
                 return NID_sha384;
-        case SSL_STREEBOG256:
-                return NID_id_tc26_gost3411_2012_256;
         default:
                 return NID_undef;
         }
@@ -1708,8 +1617,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
                 return NID_kx_dhe;
         case SSL_kECDHE:
                 return NID_kx_ecdhe;
-        case SSL_kGOST:
-                return NID_kx_gost;
         case SSL_kRSA:
                 return NID_kx_rsa;
         default:
@@ -1726,8 +1633,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
                 return NID_auth_null;
         case SSL_aECDSA:
                 return NID_auth_ecdsa;
-        case SSL_aGOST01:
-                return NID_auth_gost01;
         case SSL_aRSA:
                 return NID_auth_rsa;
         default:
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 52f5de35a4..56fb9ba1c7 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.164 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,10 +161,6 @@
 #include <openssl/objects.h>
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -829,7 +825,6 @@ ssl3_get_server_hello(SSL *s)
         uint8_t compression_method;
         const SSL_CIPHER *cipher;
         const SSL_METHOD *method;
-        unsigned long alg_k;
         int al, ret;
 
         s->first_packet = 1;
@@ -1038,8 +1033,7 @@ ssl3_get_server_hello(SSL *s)
          * Don't digest cached records if no sigalgs: we may need them for
          * client authentication.
          */
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
+        if (!SSL_USE_SIGALGS(s))
                 tls1_transcript_free(s);
 
         if (!CBS_get_u8(&cbs, &compression_method))
@@ -1931,119 +1925,6 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
 }
 
 static int
-ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
-{
-        unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
-        EVP_PKEY_CTX *pkey_ctx = NULL;
-        EVP_MD_CTX *ukm_hash = NULL;
-        EVP_PKEY *pkey;
-        size_t msglen;
-        unsigned int md_len;
-        CBB gostblob;
-        int nid;
-        int ret = 0;
-
-        /* Get server certificate PKEY and create ctx from it */
-        pkey = X509_get0_pubkey(s->session->peer_cert);
-        if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) {
-                SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-                goto err;
-        }
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        /*
-         * If we have send a certificate, and certificate key parameters match
-         * those of server certificate, use certificate key for key exchange.
-         * Otherwise, generate ephemeral key pair.
-         */
-        if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
-                goto err;
-
-        /* Generate session key. */
-        arc4random_buf(premaster_secret, sizeof(premaster_secret));
-
-        /*
-         * If we have client certificate, use its secret as peer key.
-         * XXX - this presumably lacks PFS.
-         */
-        if (s->s3->hs.tls12.cert_request != 0 &&
-            s->cert->key->privatekey != NULL) {
-                if (EVP_PKEY_derive_set_peer(pkey_ctx,
-                    s->cert->key->privatekey) <=0) {
-                        /*
-                         * If there was an error - just ignore it.
-                         * Ephemeral key would be used.
-                         */
-                        ERR_clear_error();
-                }
-        }
-
-        /*
-         * Compute shared IV and store it in algorithm-specific context data.
-         */
-        if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        /* XXX check handshake hash instead. */
-        if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
-                nid = NID_id_GostR3411_94;
-        else
-                nid = NID_id_tc26_gost3411_2012_256;
-        if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
-                goto err;
-        if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
-                goto err;
-        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-            EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
-                SSLerror(s, SSL_R_LIBRARY_BUG);
-                goto err;
-        }
-
-        /*
-         * Make GOST keytransport blob message, encapsulate it into sequence.
-         */
-        msglen = 255;
-        if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
-            sizeof(premaster_secret)) < 0) {
-                SSLerror(s, SSL_R_LIBRARY_BUG);
-                goto err;
-        }
-
-        if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE))
-                goto err;
-        if (!CBB_add_bytes(&gostblob, tmp, msglen))
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-
-        /* Check if pubkey from client certificate was used. */
-        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
-            NULL) > 0)
-                s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-
-        if (!tls12_derive_master_secret(s, premaster_secret, 32))
-                goto err;
-
-        ret = 1;
-
- err:
-        explicit_bzero(premaster_secret, sizeof(premaster_secret));
-        EVP_PKEY_CTX_free(pkey_ctx);
-        EVP_MD_CTX_free(ukm_hash);
-
-        return ret;
-}
-
-static int
 ssl3_send_client_key_exchange(SSL *s)
 {
         unsigned long alg_k;
@@ -2067,9 +1948,6 @@ ssl3_send_client_key_exchange(SSL *s)
                 } else if (alg_k & SSL_kECDHE) {
                         if (!ssl3_send_client_kex_ecdhe(s, &kex))
                                 goto err;
-                } else if (alg_k & SSL_kGOST) {
-                        if (!ssl3_send_client_kex_gost(s, &kex))
-                                goto err;
                 } else {
                         ssl3_send_alert(s, SSL3_AL_FATAL,
                             SSL_AD_HANDSHAKE_FAILURE);
@@ -2115,14 +1993,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
                 SSLerror(s, ERR_R_EVP_LIB);
                 goto err;
         }
-#ifndef OPENSSL_NO_GOST
-        if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-            EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#endif
         if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
             (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
             !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
@@ -2230,72 +2100,6 @@ ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
         return ret;
 }
 
-#ifndef OPENSSL_NO_GOST
-static int
-ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
-{
-        CBB cbb_signature;
-        EVP_MD_CTX *mctx;
-        EVP_PKEY_CTX *pctx;
-        const EVP_MD *md;
-        const unsigned char *hdata;
-        unsigned char *signature = NULL;
-        size_t signature_len;
-        size_t hdata_len;
-        int nid;
-        int ret = 0;
-
-        if ((mctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-
-        if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-        if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-            (md = EVP_get_digestbynid(nid)) == NULL) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#ifndef OPENSSL_NO_GOST
-        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-            EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#endif
-        if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if ((signature = calloc(1, signature_len)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-
-        if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
-                goto err;
-        if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
-                goto err;
-        if (!CBB_flush(cert_verify))
-                goto err;
-
-        ret = 1;
- err:
-        EVP_MD_CTX_free(mctx);
-        free(signature);
-        return ret;
-}
-#endif
-
 static int
 ssl3_send_client_verify(SSL *s)
 {
@@ -2331,12 +2135,6 @@ ssl3_send_client_verify(SSL *s)
                 } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
                         if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))
                                 goto err;
-#ifndef OPENSSL_NO_GOST
-                } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-                    EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-                        if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify))
-                                goto err;
-#endif
                 } else {
                         SSLerror(s, ERR_R_INTERNAL_ERROR);
                         goto err;
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 28097ea70a..30ca96b2fa 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.46 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -306,7 +306,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
         {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"},
         {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
         {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
-        {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"},
         {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   , "no method specified"},
         {ERR_REASON(SSL_R_NO_PRIVATEKEY)         , "no privatekey"},
         {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c97441c9c0..0277202de3 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.319 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2297,12 +2297,6 @@ ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
                         mask_a |= SSL_aECDSA;
         }
 
-        cpk = &(c->pkeys[SSL_PKEY_GOST01]);
-        if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-                mask_k |= SSL_kGOST;
-                mask_a |= SSL_aGOST01;
-        }
-
         cpk = &(c->pkeys[SSL_PKEY_RSA]);
         if (cpk->x509 != NULL && cpk->privatekey != NULL) {
                 mask_a |= SSL_aRSA;
@@ -2363,8 +2357,6 @@ ssl_get_server_send_pkey(const SSL *s)
                 i = SSL_PKEY_ECC;
         } else if (alg_a & SSL_aRSA) {
                 i = SSL_PKEY_RSA;
-        } else if (alg_a & SSL_aGOST01) {
-                i = SSL_PKEY_GOST01;
         } else { /* if (alg_a & SSL_aNULL) */
                 SSLerror(s, ERR_R_INTERNAL_ERROR);
                 return (NULL);
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index bd6275fac7..b4d093b226 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -197,7 +197,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_kRSA                0x00000001L /* RSA key exchange */
 #define SSL_kDHE                0x00000008L /* tmp DH key no DH cert */
 #define SSL_kECDHE              0x00000080L /* ephemeral ECDH */
-#define SSL_kGOST               0x00000200L /* GOST key exchange */
 #define SSL_kTLS1_3             0x00000400L /* TLSv1.3 key exchange */
 
 /* Bits for algorithm_auth (server authentication) */
@@ -205,7 +204,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_aDSS                0x00000002L /* DSS auth */
 #define SSL_aNULL               0x00000004L /* no auth (i.e. use ADH or AECDH) */
 #define SSL_aECDSA              0x00000040L /* ECDSA auth*/
-#define SSL_aGOST01             0x00000200L /* GOST R 34.10-2001 signature auth */
 #define SSL_aTLS1_3             0x00000400L /* TLSv1.3 authentication */
 
 /* Bits for algorithm_enc (symmetric encryption) */
@@ -218,7 +216,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_AES256              0x00000040L
 #define SSL_CAMELLIA128         0x00000080L
 #define SSL_CAMELLIA256         0x00000100L
-#define SSL_eGOST2814789CNT     0x00000200L
 #define SSL_AES128GCM           0x00000400L
 #define SSL_AES256GCM           0x00000800L
 #define SSL_CHACHA20POLY1305    0x00001000L
@@ -231,8 +228,6 @@ __BEGIN_HIDDEN_DECLS
 
 #define SSL_MD5                 0x00000001L
 #define SSL_SHA1                0x00000002L
-#define SSL_GOST94      0x00000004L
-#define SSL_GOST89MAC   0x00000008L
 #define SSL_SHA256              0x00000010L
 #define SSL_SHA384              0x00000020L
 /* Not a real MAC, just an indication it is part of cipher */
@@ -251,10 +246,8 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_HANDSHAKE_MAC_MASK          0xff0
 #define SSL_HANDSHAKE_MAC_MD5           0x010
 #define SSL_HANDSHAKE_MAC_SHA           0x020
-#define SSL_HANDSHAKE_MAC_GOST94        0x040
 #define SSL_HANDSHAKE_MAC_SHA256        0x080
 #define SSL_HANDSHAKE_MAC_SHA384        0x100
-#define SSL_HANDSHAKE_MAC_STREEBOG256   0x200
 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 
 #define SSL3_CK_ID              0x03000000
@@ -267,17 +260,9 @@ __BEGIN_HIDDEN_DECLS
 #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
 
 /*
- * Stream MAC for GOST ciphersuites from cryptopro draft
- * (currently this also goes into algorithm2).
- */
-#define TLS1_STREAM_MAC 0x04
-
-/*
  * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
  * indicates that the variable part of the nonce is included as a prefix of
  * the record (AES-GCM, for example, does this with an 8-byte variable nonce.)
@@ -324,8 +309,7 @@ __BEGIN_HIDDEN_DECLS
 
 #define SSL_PKEY_RSA            0
 #define SSL_PKEY_ECC            1
-#define SSL_PKEY_GOST01         2
-#define SSL_PKEY_NUM            3
+#define SSL_PKEY_NUM            2
 
 #define SSL_MAX_EMPTY_RECORDS   32
 
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index f59beb4320..9876e82a6f 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.48 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -41,14 +41,6 @@ const struct ssl_sigalg sigalgs[] = {
                 .security_level = 5,
                 .group_nid = NID_secp521r1,
         },
-#ifndef OPENSSL_NO_GOST
-        {
-                .value = SIGALG_GOSTR12_512_STREEBOG_512,
-                .key_type = EVP_PKEY_GOSTR12_512,
-                .md = EVP_streebog512,
-                .security_level = 0,
-        },
-#endif
         {
                 .value = SIGALG_RSA_PKCS1_SHA384,
                 .key_type = EVP_PKEY_RSA,
@@ -75,20 +67,6 @@ const struct ssl_sigalg sigalgs[] = {
                 .security_level = 3,
                 .group_nid = NID_X9_62_prime256v1,
         },
-#ifndef OPENSSL_NO_GOST
-        {
-                .value = SIGALG_GOSTR12_256_STREEBOG_256,
-                .key_type = EVP_PKEY_GOSTR12_256,
-                .md = EVP_streebog256,
-                .security_level = 0,
-        },
-        {
-                .value = SIGALG_GOSTR01_GOST94,
-                .key_type = EVP_PKEY_GOSTR01,
-                .md = EVP_gostr341194,
-                .security_level = 0, /* XXX */
-        },
-#endif
         {
                 .value = SIGALG_RSA_PSS_RSAE_SHA256,
                 .key_type = EVP_PKEY_RSA,
@@ -283,10 +261,6 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
                 return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
         case EVP_PKEY_EC:
                 return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-#ifndef OPENSSL_NO_GOST
-        case EVP_PKEY_GOSTR01:
-                return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
-#endif
         }
         SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
         return NULL;
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index 21a54d642b..5211ec6b62 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.27 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
  *
@@ -47,14 +47,6 @@ __BEGIN_HIDDEN_DECLS
 #define SIGALG_PRIVATE_START            0xFE00
 #define SIGALG_PRIVATE_END              0xFFFF
 
-/*
- * If Russia can elect the US President, surely
- * IANA could fix this problem.
- */
-#define SIGALG_GOSTR12_512_STREEBOG_512 0xEFEF
-#define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE
-#define SIGALG_GOSTR01_GOST94           0xEDED
-
 /* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */
 #define SIGALG_RSA_PKCS1_MD5_SHA1       0xFF01
 
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index f26fde5061..117afac85e 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.159 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,10 +162,6 @@
 #include <openssl/opensslconf.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -564,15 +560,7 @@ ssl3_accept(SSL *s)
                         }
 
                         alg_k = s->s3->hs.cipher->algorithm_mkey;
-                        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                                /*
-                                 * A GOST client may use the key from its
-                                 * certificate for key exchange, in which case
-                                 * the CertificateVerify message is not sent.
-                                 */
-                                s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
-                                s->init_num = 0;
-                        } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
+                        if (SSL_USE_SIGALGS(s)) {
                                 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                                 s->init_num = 0;
                                 if (!s->session->peer_cert)
@@ -795,7 +783,6 @@ ssl3_get_client_hello(SSL *s)
         unsigned long id;
         SSL_CIPHER *c;
         STACK_OF(SSL_CIPHER) *ciphers = NULL;
-        unsigned long alg_k;
         const SSL_METHOD *method;
         uint16_t shared_version;
 
@@ -1138,10 +1125,8 @@ ssl3_get_client_hello(SSL *s)
         if (!tls1_transcript_hash_init(s))
                 goto err;
 
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
-            !(s->verify_mode & SSL_VERIFY_PEER))
-                tls1_transcript_free(s);
+        if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER))
+                tls1_transcript_free(s); 
 
         /*
          * We now have the following setup.
@@ -1816,75 +1801,6 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
 }
 
 static int
-ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
-{
-        unsigned char premaster_secret[32];
-        EVP_PKEY_CTX *pkey_ctx = NULL;
-        EVP_PKEY *client_pubkey;
-        EVP_PKEY *pkey = NULL;
-        size_t outlen;
-        CBS gostblob;
-
-        /* Get our certificate private key*/
-#ifndef OPENSSL_NO_GOST
-        if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
-                pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-#endif
-
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
-                goto err;
-        if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0)
-                goto err;
-
-        /*
-         * If client certificate is present and is of the same type,
-         * maybe use it for key exchange.
-         * Don't mind errors from EVP_PKEY_derive_set_peer, because
-         * it is completely valid to use a client certificate for
-         * authorization only.
-         */
-        if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) {
-                if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0)
-                        ERR_clear_error();
-        }
-
-        /* Decrypt session key */
-        if (!CBS_get_asn1(cbs, &gostblob, CBS_ASN1_SEQUENCE))
-                goto decode_err;
-        if (CBS_len(cbs) != 0)
-                goto decode_err;
-        outlen = sizeof(premaster_secret);
-        if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
-            CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) {
-                SSLerror(s, SSL_R_DECRYPTION_FAILED);
-                goto err;
-        }
-
-        if (!tls12_derive_master_secret(s, premaster_secret,
-            sizeof(premaster_secret)))
-                goto err;
-
-        /* Check if pubkey from client certificate was used */
-        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY,
-            2, NULL) > 0)
-                s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-
-        explicit_bzero(premaster_secret, sizeof(premaster_secret));
-        EVP_PKEY_CTX_free(pkey_ctx);
-
-        return 1;
-
- decode_err:
-        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- err:
-        explicit_bzero(premaster_secret, sizeof(premaster_secret));
-        EVP_PKEY_CTX_free(pkey_ctx);
-
-        return 0;
-}
-
-static int
 ssl3_get_client_key_exchange(SSL *s)
 {
         unsigned long alg_k;
@@ -1912,9 +1828,6 @@ ssl3_get_client_key_exchange(SSL *s)
         } else if (alg_k & SSL_kECDHE) {
                 if (!ssl3_get_client_kex_ecdhe(s, &cbs))
                         goto err;
-        } else if (alg_k & SSL_kGOST) {
-                if (!ssl3_get_client_kex_gost(s, &cbs))
-                        goto err;
         } else {
                 al = SSL_AD_HANDSHAKE_FAILURE;
                 SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
@@ -2043,15 +1956,6 @@ ssl3_get_cert_verify(SSL *s)
                         al = SSL_AD_INTERNAL_ERROR;
                         goto fatal_err;
                 }
-#ifndef OPENSSL_NO_GOST
-                if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-                    EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-                    EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
-                    NULL) <= 0) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-#endif
                 if (EVP_DigestVerify(mctx, CBS_data(&signature),
                     CBS_len(&signature), hdata, hdatalen) <= 0) {
                         SSLerror(s, ERR_R_EVP_LIB);
@@ -2096,54 +2000,6 @@ ssl3_get_cert_verify(SSL *s)
                         SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
                         goto fatal_err;
                 }
-#ifndef OPENSSL_NO_GOST
-        } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-            EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-                unsigned char sigbuf[128];
-                unsigned int siglen = sizeof(sigbuf);
-                EVP_PKEY_CTX *pctx;
-                const EVP_MD *md;
-                int nid;
-
-                if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-                    !(md = EVP_get_digestbynid(nid))) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if (!EVP_DigestInit_ex(mctx, md, NULL) ||
-                    !EVP_DigestUpdate(mctx, hdata, hdatalen) ||
-                    !EVP_DigestFinal(mctx, sigbuf, &siglen) ||
-                    (EVP_PKEY_verify_init(pctx) <= 0) ||
-                    (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
-                    (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-                    EVP_PKEY_CTRL_GOST_SIG_FORMAT,
-                    GOST_SIG_FORMAT_RS_LE, NULL) <= 0)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        EVP_PKEY_CTX_free(pctx);
-                        goto fatal_err;
-                }
-                if (EVP_PKEY_verify(pctx, CBS_data(&signature),
-                    CBS_len(&signature), sigbuf, siglen) <= 0) {
-                        al = SSL_AD_DECRYPT_ERROR;
-                        SSLerror(s, SSL_R_BAD_SIGNATURE);
-                        EVP_PKEY_CTX_free(pctx);
-                        goto fatal_err;
-                }
-
-                EVP_PKEY_CTX_free(pctx);
-#endif
         } else {
                 SSLerror(s, ERR_R_INTERNAL_ERROR);
                 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 2bdbd3c184..daf6cba6fa 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.57 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -741,18 +741,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_DSS_SIGN                 2
 #define TLS_CT_RSA_FIXED_DH             3
 #define TLS_CT_DSS_FIXED_DH             4
-#define TLS_CT_GOST94_SIGN              21
-#define TLS_CT_GOST01_SIGN              22
 #define TLS_CT_ECDSA_SIGN               64
 #define TLS_CT_RSA_FIXED_ECDH           65
 #define TLS_CT_ECDSA_FIXED_ECDH         66
-#define TLS_CT_GOST12_256_SIGN          67
-#define TLS_CT_GOST12_512_SIGN          68
-#define TLS_CT_GOST12_256_SIGN_COMPAT   238 /* pre-IANA, for compat */
-#define TLS_CT_GOST12_512_SIGN_COMPAT   239 /* pre-IANA, for compat */
 /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
  * comment there) */
-#define TLS_CT_NUMBER                   13
+#define TLS_CT_NUMBER                   7
 
 #define TLS1_FINISH_MAC_LENGTH          12
 
diff --git a/src/lib/libssl/tls12_key_schedule.c b/src/lib/libssl/tls12_key_schedule.c
index 6d714c1183..1ac003329e 100644
--- a/src/lib/libssl/tls12_key_schedule.c
+++ b/src/lib/libssl/tls12_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_key_schedule.c,v 1.3 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: tls12_key_schedule.c,v 1.4 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
  *
@@ -124,10 +124,6 @@ tls12_key_block_generate(struct tls12_key_block *kb, SSL *s,
                 mac_key_len = EVP_MD_size(mac_hash);
                 key_len = EVP_CIPHER_key_length(cipher);
                 iv_len = EVP_CIPHER_iv_length(cipher);
-
-                /* Special handling for GOST... */
-                if (EVP_MD_type(mac_hash) == NID_id_Gost28147_89_MAC)
-                        mac_key_len = 32;
         }
 
         if (mac_key_len > EVP_MAX_MD_SIZE)
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 3f2fe71e21..9786d7d0bd 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.41 2024/01/18 16:30:43 tb Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -468,7 +468,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
     CBS *iv)
 {
         EVP_PKEY *mac_pkey = NULL;
-        int gost_param_nid;
         int mac_type;
         int ret = 0;
 
@@ -484,25 +483,10 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
                 goto err;
         if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key))
                 goto err;
-
-#ifndef OPENSSL_NO_GOST
-        /* XXX die die die */
-        /* Special handling for GOST... */
-        if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
-                if (CBS_len(mac_key) != 32)
-                        goto err;
-                mac_type = EVP_PKEY_GOSTIMIT;
-                rp->stream_mac = 1;
-        } else {
-#endif
-                if (CBS_len(mac_key) > INT_MAX)
-                        goto err;
-                if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
-                        goto err;
-#ifndef OPENSSL_NO_GOST
-        }
-#endif
-
+        if (CBS_len(mac_key) > INT_MAX)
+                goto err;
+        if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
+                goto err;
         if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
                 goto err;
         if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
@@ -524,23 +508,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
             mac_pkey) <= 0)
                 goto err;
 
-        /* More special handling for GOST... */
-        if (EVP_CIPHER_nid(rl->cipher) == NID_gost89_cnt) {
-                gost_param_nid = NID_id_tc26_gost_28147_param_Z;
-                if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94)
-                        gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
-
-                if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX,
-                    gost_param_nid, 0) <= 0)
-                        goto err;
-
-                if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
-                        if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX,
-                            gost_param_nid, 0) <= 0)
-                                goto err;
-                }
-        }
-
         ret = 1;
 
  err:
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index 8fb5a1da7f..18cf2d0c95 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: clienttest.c,v 1.42 2023/07/11 17:03:44 tb Exp $ */
+/*      $OpenBSD: clienttest.c,v 1.43 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  *
@@ -36,7 +36,7 @@
 #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
 #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
 #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
-#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 188)
+#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 184)
 #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98)
 
 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
@@ -75,57 +75,54 @@ static const uint8_t cipher_list_dtls12_aes[] = {
         0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
         0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
         0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
-        0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-        0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-        0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-        0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-        0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-        0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-        0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-        0x00, 0x0a, 0x00, 0xff
+        0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
+        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_dtls12_chacha[] = {
         0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
         0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
         0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-        0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-        0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-        0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-        0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-        0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-        0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-        0x00, 0x0a, 0x00, 0xff,
+        0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
+        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_dtls12[] = {
         0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00,
-        0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0xba, 0x01, 0x00, 0x00,
+        0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0xae, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xc0,
         0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
         0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00,
-        0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff,
-        0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00,
-        0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00,
-        0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0,
-        0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00,
-        0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00,
-        0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00,
-        0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00,
-        0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00,
-        0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00,
-        0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00,
-        0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00,
-        0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06,
-        0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05,
-        0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02,
-        0x01, 0x02, 0x03,
+        0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00,
+        0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00,
+        0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0,
+        0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0,
+        0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00,
+        0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00,
+        0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 0xc0,
+        0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01,
+        0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01,
+        0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
+        0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
+        0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00,
+        0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
+        0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
+        0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls10[] = {
@@ -186,92 +183,90 @@ static const uint8_t cipher_list_tls12_aes[] = {
         0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
         0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
         0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
-        0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-        0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-        0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-        0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-        0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-        0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-        0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
-        0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-        0x00, 0xff,
+        0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
+        0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
+        0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_tls12_chacha[] = {
         0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
         0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
         0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-        0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-        0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-        0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-        0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-        0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-        0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
-        0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-        0x00, 0xff,
+        0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
+        0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
+        0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_tls12[] = {
-        0x16, 0x03, 0x03, 0x00, 0xbb, 0x01, 0x00, 0x00,
-        0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x16, 0x03, 0x03, 0x00, 0xb7, 0x01, 0x00, 0x00,
+        0xb3, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x5a, 0xc0, 0x30,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0xc0, 0x30,
         0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
         0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
-        0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-        0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
-        0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02,
-        0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08,
-        0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19,
-        0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18,
-        0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
-        0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
-        0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
+        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
+        0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+        0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+        0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+        0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34,
+        0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
+        0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
+        0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
+        0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
+        0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
+        0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
+        0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls13_aes[] = {
         0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30,
         0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
         0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
-        0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-        0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
+        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
+        0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+        0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+        0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+        0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_tls13_chacha[] = {
         0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9,
         0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,
         0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
-        0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85,
-        0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-        0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
+        0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4,
+        0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+        0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+        0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+        0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_tls13[] = {
-        0x16, 0x03, 0x03, 0x01, 0x14, 0x01, 0x00, 0x01,
-        0x10, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01,
+        0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -279,33 +274,32 @@ static const uint8_t client_hello_tls13[] = {
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x13, 0x03,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x13, 0x03,
         0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8,
         0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28,
         0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f,
-        0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4,
-        0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d,
-        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
-        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
-        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
-        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
-        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
-        0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
-        0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00,
-        0x00, 0x67, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03,
-        0x04, 0x03, 0x03, 0x00, 0x33, 0x00, 0x26, 0x00,
-        0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00,
+        0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, 0x00, 0x88,
+        0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+        0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+        0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+        0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b,
+        0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00,
+        0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00,
-        0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
-        0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
-        0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
-        0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06,
-        0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08,
-        0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02,
-        0x03,
+        0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
+        0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
+        0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00,
+        0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08,
+        0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
+        0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
+        0x03, 0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls13_only_aes[] = {
diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc
index 4a66390cbd..fa22fb8514 100644
--- a/src/regress/lib/libssl/interop/Makefile.inc
+++ b/src/regress/lib/libssl/interop/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.9 2023/10/18 19:14:32 anton Exp $
+# $OpenBSD: Makefile.inc,v 1.10 2024/02/03 15:58:34 beck Exp $
 
 .PATH:                  ${.CURDIR}/..
 
@@ -39,7 +39,7 @@ run-self-client-server: client server 127.0.0.1.crt
 CLEANFILES +=           127.0.0.1.{crt,key} \
                         ca.{crt,key,srl} fake-ca.{crt,key} \
                         {client,server}.{req,crt,key} \
-                        {dsa,ec,gost,rsa}.{key,req,crt} \
+                        {dsa,ec,rsa}.{key,req,crt} \
                         dh.param
 
 127.0.0.1.crt:
@@ -70,10 +70,6 @@ dsa.key:
 ec.key:
         openssl ecparam -genkey -name secp256r1 -out $@
 
-gost.key:
-        openssl genpkey -algorithm gost2001 \
-            -pkeyopt paramset:A -pkeyopt dgst:md_gost94 -out $@
-
 rsa.key:
         openssl genrsa -out $@ 2048
 
@@ -82,11 +78,6 @@ dsa.req ec.req rsa.req: ${@:R}.key
             -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
             -nodes -key ${@:R}.key -out $@
 
-gost.req: ${@:R}.key
-        openssl req -batch -new -md_gost94 \
-            -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
-            -nodes -key ${@:R}.key -out $@
-
-dsa.crt ec.crt gost.crt rsa.crt: ca.crt ${@:R}.req
+dsa.crt ec.crt rsa.crt: ca.crt ${@:R}.req
         openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
             -req -in ${@:R}.req -out $@
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index 627cfc8f9f..3a116d5ed5 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $
+# $OpenBSD: Makefile,v 1.14 2024/02/03 15:58:34 beck Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or 3.0.  Create lists of supported ciphers
@@ -6,17 +6,6 @@
 # certificate with compatible type.  Check that client and server
 # have used correct cipher by grepping in their session print out.
 
-run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
-client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
-        # gost does not work with libressl TLS 1.3 right now
-        @echo DISABLED
-
 LIBRARIES =             libressl
 .if exists(/usr/local/bin/eopenssl11)
 LIBRARIES +=            openssl11
@@ -96,8 +85,6 @@ LEVEL_openssl30 = ,@SECLEVEL=0
 TYPE_${cipher} =        dsa
 .elif "${cipher:M*-ECDSA-*}" != ""
 TYPE_${cipher} =        ec
-.elif "${cipher:M*-GOST89-*}" != ""
-TYPE_${cipher} =        gost
 .elif "${cipher:M*-RSA-*}" != ""
 TYPE_${cipher} =        rsa
 .else
diff --git a/src/regress/lib/libssl/unit/tls_prf.c b/src/regress/lib/libssl/unit/tls_prf.c
index a22d0e70d0..b6836da167 100644
--- a/src/regress/lib/libssl/unit/tls_prf.c
+++ b/src/regress/lib/libssl/unit/tls_prf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_prf.c,v 1.8 2022/11/26 16:08:57 tb Exp $ */
+/* $OpenBSD: tls_prf.c,v 1.9 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -58,29 +58,6 @@ static struct tls_prf_test tls_prf_tests[] = {
                 },
         },
         {
-                .desc = "GOST94",
-                .ssl_method = TLSv1_2_method,
-                .cipher_value = 0x0081,
-                .out = {
-                         0xcc, 0xd4, 0x89, 0x5f, 0x52, 0x08, 0x9b, 0xc7,
-                         0xf9, 0xb5, 0x83, 0x58, 0xe8, 0xc7, 0x71, 0x49,
-                         0x39, 0x99, 0x1f, 0x14, 0x8f, 0x85, 0xbe, 0x64,
-                         0xee, 0x40, 0x5c, 0xe7, 0x5f, 0x68, 0xaf, 0xf2,
-                         0xcd, 0x3a, 0x94, 0x52, 0x33, 0x53, 0x46, 0x7d,
-                         0xb6, 0xc5, 0xe1, 0xb8, 0xa4, 0x04, 0x69, 0x91,
-                         0x0a, 0x9c, 0x88, 0x86, 0xd9, 0x60, 0x63, 0xdd,
-                         0xd8, 0xe7, 0x2e, 0xee, 0xce, 0xe2, 0x20, 0xd8,
-                         0x9a, 0xfa, 0x9c, 0x63, 0x0c, 0x9c, 0xa1, 0x76,
-                         0xed, 0x78, 0x9a, 0x84, 0x70, 0xb4, 0xd1, 0x51,
-                         0x1f, 0xde, 0x44, 0xe8, 0x90, 0x21, 0x3f, 0xeb,
-                         0x05, 0xf4, 0x77, 0x59, 0xf3, 0xad, 0xdd, 0x34,
-                         0x3d, 0x3a, 0x7c, 0xd0, 0x59, 0x40, 0xe1, 0x3f,
-                         0x04, 0x4b, 0x8b, 0xd6, 0x95, 0x46, 0xb4, 0x9e,
-                         0x4c, 0x2d, 0xf7, 0xee, 0xbd, 0xbc, 0xcb, 0x5c,
-                         0x3a, 0x36, 0x0c, 0xd0, 0x27, 0xcb, 0x45, 0x06,
-                },
-        },
-        {
                 .desc = "SHA256 (via TLSv1.2)",
                 .ssl_method = TLSv1_2_method,
                 .cipher_value = 0x0033,
@@ -126,29 +103,6 @@ static struct tls_prf_test tls_prf_tests[] = {
                          0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
                 },
         },
-        {
-                .desc = "STREEBOG256",
-                .ssl_method = TLSv1_2_method,
-                .cipher_value = 0xff87,
-                .out = {
-                        0x3e, 0x13, 0xb9, 0xeb, 0x85, 0x8c, 0xb4, 0x21,
-                        0x23, 0x40, 0x9b, 0x73, 0x04, 0x56, 0xe2, 0xff,
-                        0xce, 0x52, 0x1f, 0x82, 0x7f, 0x17, 0x5b, 0x80,
-                        0x23, 0x71, 0xca, 0x30, 0xdf, 0xfc, 0xdc, 0x2d,
-                        0xc0, 0xfc, 0x5d, 0x23, 0x5a, 0x54, 0x7f, 0xae,
-                        0xf5, 0x7d, 0x52, 0x1e, 0x86, 0x95, 0xe1, 0x2d,
-                        0x28, 0xe7, 0xbe, 0xd7, 0xd0, 0xbf, 0xa9, 0x96,
-                        0x13, 0xd0, 0x9c, 0x0c, 0x1c, 0x16, 0x05, 0xbb,
-                        0x26, 0xd7, 0x30, 0x39, 0xb9, 0x53, 0x28, 0x98,
-                        0x4f, 0x1b, 0x83, 0xc3, 0xce, 0x1c, 0x7c, 0x34,
-                        0xa2, 0xc4, 0x7a, 0x54, 0x16, 0xc6, 0xa7, 0x9e,
-                        0xed, 0x4b, 0x7b, 0x83, 0xa6, 0xae, 0xe2, 0x5b,
-                        0x96, 0xf5, 0x6c, 0xad, 0x1f, 0xa3, 0x83, 0xb2,
-                        0x84, 0x32, 0xed, 0xe3, 0x2c, 0xf6, 0xd4, 0x73,
-                        0x30, 0xef, 0x9d, 0xbe, 0xe7, 0x23, 0x9a, 0xbf,
-                        0x4d, 0x1c, 0xe7, 0xef, 0x3d, 0xea, 0x46, 0xe2,
-                },
-        },
 };
 
 #define N_TLS_PRF_TESTS \
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index e5ff31a2c5..7a42b70f2b 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.35 2023/06/11 13:02:10 jsg Exp $ */
+/* $OpenBSD: openssl.c,v 1.36 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -211,12 +211,6 @@ FUNCTION functions[] = {
 #endif
 
         /* Message Digests. */
-#ifndef OPENSSL_NO_GOST
-        { FUNC_TYPE_MD, "gost-mac", dgst_main },
-        { FUNC_TYPE_MD, "md_gost94", dgst_main },
-        { FUNC_TYPE_MD, "streebog256", dgst_main },
-        { FUNC_TYPE_MD, "streebog512", dgst_main },
-#endif
 #ifndef OPENSSL_NO_MD4
         { FUNC_TYPE_MD, "md4", dgst_main },
 #endif