Remove GOST and STREEBOG support from libssl.

This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere.  Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.

At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.

This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump

ok tb@

1 files changed, 1 insertions, 9 deletions

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c97441c9c0..0277202de3 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.319 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2297,12 +2297,6 @@ ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
                         mask_a |= SSL_aECDSA;
         }
 
-        cpk = &(c->pkeys[SSL_PKEY_GOST01]);
-        if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-                mask_k |= SSL_kGOST;
-                mask_a |= SSL_aGOST01;
-        }
-
         cpk = &(c->pkeys[SSL_PKEY_RSA]);
         if (cpk->x509 != NULL && cpk->privatekey != NULL) {
                 mask_a |= SSL_aRSA;
@@ -2363,8 +2357,6 @@ ssl_get_server_send_pkey(const SSL *s)
                 i = SSL_PKEY_ECC;
         } else if (alg_a & SSL_aRSA) {
                 i = SSL_PKEY_RSA;
-        } else if (alg_a & SSL_aGOST01) {
-                i = SSL_PKEY_GOST01;
         } else { /* if (alg_a & SSL_aNULL) */
                 SSLerror(s, ERR_R_INTERNAL_ERROR);
                 return (NULL);