21 files changed, 148 insertions, 871 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1ae2d047bc..bb8e9465ba 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.248 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.249 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -577,41 +577,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
                 .alg_bits = 256,
         },
 
-        /* GOST Ciphersuites */
-
-        /* Cipher 81 */
-        {
-                .valid = 1,
-                .name = "GOST2001-GOST89-GOST89",
-                .id = 0x3000081,
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eGOST2814789CNT,
-                .algorithm_mac = SSL_GOST89MAC,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
-                    TLS1_STREAM_MAC,
-                .strength_bits = 256,
-                .alg_bits = 256
-        },
-
-        /* Cipher 83 */
-        {
-                .valid = 1,
-                .name = "GOST2001-NULL-GOST94",
-                .id = 0x3000083,
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_GOST94,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
-                .strength_bits = 0,
-                .alg_bits = 0
-        },
-
 #ifndef OPENSSL_NO_CAMELLIA
         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
 
@@ -1362,40 +1327,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
                 .alg_bits = 256,
         },
 
-        /* Cipher FF85 FIXME IANA */
-        {
-                .valid = 1,
-                .name = "GOST2012256-GOST89-GOST89",
-                .id = 0x300ff85, /* FIXME IANA */
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eGOST2814789CNT,
-                .algorithm_mac = SSL_GOST89MAC,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
-                    TLS1_STREAM_MAC,
-                .strength_bits = 256,
-                .alg_bits = 256
-        },
-
-        /* Cipher FF87 FIXME IANA */
-        {
-                .valid = 1,
-                .name = "GOST2012256-NULL-STREEBOG256",
-                .id = 0x300ff87, /* FIXME IANA */
-                .algorithm_mkey = SSL_kGOST,
-                .algorithm_auth = SSL_aGOST01,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_STREEBOG256,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
-                .strength_bits = 0,
-                .alg_bits = 0
-        },
-
-
         /* end of list */
 };
 
@@ -2668,21 +2599,6 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
 
         alg_k = s->s3->hs.cipher->algorithm_mkey;
 
-#ifndef OPENSSL_NO_GOST
-        if ((alg_k & SSL_kGOST) != 0) {
-                if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
-                        return 0;
-                if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
-                        return 0;
-        }
-#endif
-
         if ((alg_k & SSL_kDHE) != 0) {
                 if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
                         return 0;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 8d65a1ec03..03a5a80d0a 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.232 2023/11/22 15:43:42 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.233 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -245,7 +245,6 @@ extern "C" {
 #define SSL_TXT_kECDH           "kECDH"
 #define SSL_TXT_kEECDH          "kEECDH"
 #define SSL_TXT_kPSK            "kPSK"
-#define SSL_TXT_kGOST           "kGOST"
 #define SSL_TXT_kSRP            "kSRP"
 
 #define SSL_TXT_aRSA            "aRSA"
@@ -255,9 +254,6 @@ extern "C" {
 #define SSL_TXT_aKRB5           "aKRB5"
 #define SSL_TXT_aECDSA          "aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94         "aGOST94"
-#define SSL_TXT_aGOST01         "aGOST01"
-#define SSL_TXT_aGOST           "aGOST"
 
 #define SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH              "DH"
@@ -293,12 +289,8 @@ extern "C" {
 #define SSL_TXT_MD5             "MD5"
 #define SSL_TXT_SHA1            "SHA1"
 #define SSL_TXT_SHA             "SHA" /* same as "SHA1" */
-#define SSL_TXT_GOST94          "GOST94"
-#define SSL_TXT_GOST89MAC               "GOST89MAC"
 #define SSL_TXT_SHA256          "SHA256"
 #define SSL_TXT_SHA384          "SHA384"
-#define SSL_TXT_STREEBOG256             "STREEBOG256"
-#define SSL_TXT_STREEBOG512             "STREEBOG512"
 
 #define SSL_TXT_DTLS1           "DTLSv1"
 #define SSL_TXT_DTLS1_2         "DTLSv1.2"
@@ -2176,7 +2168,6 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_CLIENT_CERT_METHOD                      331
 #define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
 #define SSL_R_NO_COMPRESSION_SPECIFIED                   187
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
 #define SSL_R_NO_METHOD_SPECIFIED                        188
 #define SSL_R_NO_PRIVATEKEY                              189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 6c6cc2ad2b..603d9ccb4f 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */
+/* $OpenBSD: ssl3.h,v 1.58 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -325,7 +325,7 @@ extern "C" {
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                  13
+#define SSL3_CT_NUMBER                  7
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 14d9aa85a7..995f1c4601 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.46 2023/07/07 08:53:55 tb Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -384,9 +384,6 @@ ssl_cert_type(EVP_PKEY *pkey)
         switch (EVP_PKEY_id(pkey)) {
         case EVP_PKEY_EC:
                 return SSL_PKEY_ECC;
-        case NID_id_GostR3410_2001:
-        case NID_id_GostR3410_2001_cc:
-                return SSL_PKEY_GOST01;
         case EVP_PKEY_RSA:
         case EVP_PKEY_RSA_PSS:
                 return SSL_PKEY_RSA;
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index a288050269..5b2fe1a48d 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.107 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.108 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -233,10 +233,6 @@ ssl_cert_dup(SSL_CERT *cert)
                                 /* We have an ECC key */
                                 break;
 
-                        case SSL_PKEY_GOST01:
-                                /* We have a GOST key */
-                                break;
-
                         default:
                                 /* Can't happen. */
                                 SSLerrorx(SSL_R_LIBRARY_BUG);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index cea4d3e6f4..76a3840520 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.139 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -212,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .name = SSL_TXT_ECDH,
                 .algorithm_mkey = SSL_kECDHE,
         },
-        {
-                .name = SSL_TXT_kGOST,
-                .algorithm_mkey = SSL_kGOST,
-        },
 
         /* server authentication aliases */
         {
@@ -242,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .name = SSL_TXT_ECDSA,
                 .algorithm_auth = SSL_aECDSA,
         },
-        {
-                .name = SSL_TXT_aGOST01,
-                .algorithm_auth = SSL_aGOST01,
-        },
-        {
-                .name = SSL_TXT_aGOST,
-                .algorithm_auth = SSL_aGOST01,
-        },
 
         /* aliases combining key exchange and server authentication */
         {
@@ -356,14 +344,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .algorithm_mac = SSL_SHA1,
         },
         {
-                .name = SSL_TXT_GOST94,
-                .algorithm_mac = SSL_GOST94,
-        },
-        {
-                .name = SSL_TXT_GOST89MAC,
-                .algorithm_mac = SSL_GOST89MAC,
-        },
-        {
                 .name = SSL_TXT_SHA256,
                 .algorithm_mac = SSL_SHA256,
         },
@@ -371,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = {
                 .name = SSL_TXT_SHA384,
                 .algorithm_mac = SSL_SHA384,
         },
-        {
-                .name = SSL_TXT_STREEBOG256,
-                .algorithm_mac = SSL_STREEBOG256,
-        },
 
         /* protocol version aliases */
         {
@@ -472,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
         case SSL_CAMELLIA256:
                 *enc = EVP_camellia_256_cbc();
                 break;
-#ifndef OPENSSL_NO_GOST
-        case SSL_eGOST2814789CNT:
-                *enc = EVP_gost2814789_cnt();
-                break;
-#endif
         }
 
         switch (ss->cipher->algorithm_mac) {
@@ -492,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
         case SSL_SHA384:
                 *md = EVP_sha384();
                 break;
-#ifndef OPENSSL_NO_GOST
-        case SSL_GOST89MAC:
-                *md = EVP_gost2814789imit();
-                break;
-        case SSL_GOST94:
-                *md = EVP_gostr341194();
-                break;
-        case SSL_STREEBOG256:
-                *md = EVP_streebog256();
-                break;
-#endif
         }
         if (*enc == NULL || *md == NULL)
                 return 0;
 
+        /* XXX remove these from ssl_cipher_get_evp? */
         /*
          * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
          * supported via EVP_CIPHER (they should be using EVP_AEAD instead).
@@ -515,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
                 return 0;
         if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
                 return 0;
-#ifndef OPENSSL_NO_GOST
-        /* XXX JFC. die in fire already */
-        if (ss->cipher->algorithm_mac == SSL_GOST89MAC) {
-                *mac_pkey_type = EVP_PKEY_GOSTIMIT;
-                *mac_secret_size = 32; /* XXX */
-        } else {
-#endif
-                *mac_pkey_type = EVP_PKEY_HMAC;
-                *mac_secret_size = EVP_MD_size(*md);
-#ifndef OPENSSL_NO_GOST
-        }
-#endif
+
+        *mac_pkey_type = EVP_PKEY_HMAC;
+        *mac_secret_size = EVP_MD_size(*md);
         return 1;
 }
 
@@ -581,14 +533,6 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
         case SSL_HANDSHAKE_MAC_DEFAULT:
                 *md = EVP_md5_sha1();
                 return 1;
-#ifndef OPENSSL_NO_GOST
-        case SSL_HANDSHAKE_MAC_GOST94:
-                *md = EVP_gostr341194();
-                return 1;
-        case SSL_HANDSHAKE_MAC_STREEBOG256:
-                *md = EVP_streebog256();
-                return 1;
-#endif
         case SSL_HANDSHAKE_MAC_SHA256:
                 *md = EVP_sha256();
                 return 1;
@@ -641,6 +585,7 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
         *head = curr;
 }
 
+/* XXX beck: remove this in a followon to removing GOST */
 static void
 ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
     unsigned long *enc, unsigned long *mac, unsigned long *ssl)
@@ -651,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
         *mac = 0;
         *ssl = 0;
 
-        /*
-         * Check for the availability of GOST 34.10 public/private key
-         * algorithms. If they are not available disable the associated
-         * authentication and key exchange algorithms.
-         */
-#if defined(OPENSSL_NO_GOST) || !defined(EVP_PKEY_GOSTR01)
-        *auth |= SSL_aGOST01;
-        *mkey |= SSL_kGOST;
-#endif
-
 #ifdef SSL_FORBID_ENULL
         *enc |= SSL_eNULL;
 #endif
@@ -1455,9 +1390,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_kECDHE:
                 kx = "ECDH";
                 break;
-        case SSL_kGOST:
-                kx = "GOST";
-                break;
         case SSL_kTLS1_3:
                 kx = "TLSv1.3";
                 break;
@@ -1478,9 +1410,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_aECDSA:
                 au = "ECDSA";
                 break;
-        case SSL_aGOST01:
-                au = "GOST01";
-                break;
         case SSL_aTLS1_3:
                 au = "TLSv1.3";
                 break;
@@ -1520,9 +1449,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_CHACHA20POLY1305:
                 enc = "ChaCha20-Poly1305";
                 break;
-        case SSL_eGOST2814789CNT:
-                enc = "GOST-28178-89-CNT";
-                break;
         default:
                 enc = "unknown";
                 break;
@@ -1544,15 +1470,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_AEAD:
                 mac = "AEAD";
                 break;
-        case SSL_GOST94:
-                mac = "GOST94";
-                break;
-        case SSL_GOST89MAC:
-                mac = "GOST89IMIT";
-                break;
-        case SSL_STREEBOG256:
-                mac = "STREEBOG256";
-                break;
         default:
                 mac = "unknown";
                 break;
@@ -1666,8 +1583,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
                 return NID_des_cbc;
         case SSL_RC4:
                 return NID_rc4;
-        case SSL_eGOST2814789CNT:
-                return NID_gost89_cnt;
         default:
                 return NID_undef;
         }
@@ -1680,10 +1595,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
         switch (c->algorithm_mac) {
         case SSL_AEAD:
                 return NID_undef;
-        case SSL_GOST89MAC:
-                return NID_id_Gost28147_89_MAC;
-        case SSL_GOST94:
-                return NID_id_GostR3411_94;
         case SSL_MD5:
                 return NID_md5;
         case SSL_SHA1:
@@ -1692,8 +1603,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
                 return NID_sha256;
         case SSL_SHA384:
                 return NID_sha384;
-        case SSL_STREEBOG256:
-                return NID_id_tc26_gost3411_2012_256;
         default:
                 return NID_undef;
         }
@@ -1708,8 +1617,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
                 return NID_kx_dhe;
         case SSL_kECDHE:
                 return NID_kx_ecdhe;
-        case SSL_kGOST:
-                return NID_kx_gost;
         case SSL_kRSA:
                 return NID_kx_rsa;
         default:
@@ -1726,8 +1633,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
                 return NID_auth_null;
         case SSL_aECDSA:
                 return NID_auth_ecdsa;
-        case SSL_aGOST01:
-                return NID_auth_gost01;
         case SSL_aRSA:
                 return NID_auth_rsa;
         default:
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 52f5de35a4..56fb9ba1c7 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.164 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,10 +161,6 @@
 #include <openssl/objects.h>
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -829,7 +825,6 @@ ssl3_get_server_hello(SSL *s)
         uint8_t compression_method;
         const SSL_CIPHER *cipher;
         const SSL_METHOD *method;
-        unsigned long alg_k;
         int al, ret;
 
         s->first_packet = 1;
@@ -1038,8 +1033,7 @@ ssl3_get_server_hello(SSL *s)
          * Don't digest cached records if no sigalgs: we may need them for
          * client authentication.
          */
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
+        if (!SSL_USE_SIGALGS(s))
                 tls1_transcript_free(s);
 
         if (!CBS_get_u8(&cbs, &compression_method))
@@ -1931,119 +1925,6 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
 }
 
 static int
-ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
-{
-        unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
-        EVP_PKEY_CTX *pkey_ctx = NULL;
-        EVP_MD_CTX *ukm_hash = NULL;
-        EVP_PKEY *pkey;
-        size_t msglen;
-        unsigned int md_len;
-        CBB gostblob;
-        int nid;
-        int ret = 0;
-
-        /* Get server certificate PKEY and create ctx from it */
-        pkey = X509_get0_pubkey(s->session->peer_cert);
-        if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) {
-                SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-                goto err;
-        }
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        /*
-         * If we have send a certificate, and certificate key parameters match
-         * those of server certificate, use certificate key for key exchange.
-         * Otherwise, generate ephemeral key pair.
-         */
-        if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
-                goto err;
-
-        /* Generate session key. */
-        arc4random_buf(premaster_secret, sizeof(premaster_secret));
-
-        /*
-         * If we have client certificate, use its secret as peer key.
-         * XXX - this presumably lacks PFS.
-         */
-        if (s->s3->hs.tls12.cert_request != 0 &&
-            s->cert->key->privatekey != NULL) {
-                if (EVP_PKEY_derive_set_peer(pkey_ctx,
-                    s->cert->key->privatekey) <=0) {
-                        /*
-                         * If there was an error - just ignore it.
-                         * Ephemeral key would be used.
-                         */
-                        ERR_clear_error();
-                }
-        }
-
-        /*
-         * Compute shared IV and store it in algorithm-specific context data.
-         */
-        if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        /* XXX check handshake hash instead. */
-        if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
-                nid = NID_id_GostR3411_94;
-        else
-                nid = NID_id_tc26_gost3411_2012_256;
-        if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
-                goto err;
-        if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
-                goto err;
-        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-            EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
-                SSLerror(s, SSL_R_LIBRARY_BUG);
-                goto err;
-        }
-
-        /*
-         * Make GOST keytransport blob message, encapsulate it into sequence.
-         */
-        msglen = 255;
-        if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
-            sizeof(premaster_secret)) < 0) {
-                SSLerror(s, SSL_R_LIBRARY_BUG);
-                goto err;
-        }
-
-        if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE))
-                goto err;
-        if (!CBB_add_bytes(&gostblob, tmp, msglen))
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-
-        /* Check if pubkey from client certificate was used. */
-        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
-            NULL) > 0)
-                s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-
-        if (!tls12_derive_master_secret(s, premaster_secret, 32))
-                goto err;
-
-        ret = 1;
-
- err:
-        explicit_bzero(premaster_secret, sizeof(premaster_secret));
-        EVP_PKEY_CTX_free(pkey_ctx);
-        EVP_MD_CTX_free(ukm_hash);
-
-        return ret;
-}
-
-static int
 ssl3_send_client_key_exchange(SSL *s)
 {
         unsigned long alg_k;
@@ -2067,9 +1948,6 @@ ssl3_send_client_key_exchange(SSL *s)
                 } else if (alg_k & SSL_kECDHE) {
                         if (!ssl3_send_client_kex_ecdhe(s, &kex))
                                 goto err;
-                } else if (alg_k & SSL_kGOST) {
-                        if (!ssl3_send_client_kex_gost(s, &kex))
-                                goto err;
                 } else {
                         ssl3_send_alert(s, SSL3_AL_FATAL,
                             SSL_AD_HANDSHAKE_FAILURE);
@@ -2115,14 +1993,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
                 SSLerror(s, ERR_R_EVP_LIB);
                 goto err;
         }
-#ifndef OPENSSL_NO_GOST
-        if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-            EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#endif
         if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
             (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
             !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
@@ -2230,72 +2100,6 @@ ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
         return ret;
 }
 
-#ifndef OPENSSL_NO_GOST
-static int
-ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
-{
-        CBB cbb_signature;
-        EVP_MD_CTX *mctx;
-        EVP_PKEY_CTX *pctx;
-        const EVP_MD *md;
-        const unsigned char *hdata;
-        unsigned char *signature = NULL;
-        size_t signature_len;
-        size_t hdata_len;
-        int nid;
-        int ret = 0;
-
-        if ((mctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-
-        if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-        if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-            (md = EVP_get_digestbynid(nid)) == NULL) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#ifndef OPENSSL_NO_GOST
-        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-            EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#endif
-        if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if ((signature = calloc(1, signature_len)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-
-        if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
-                goto err;
-        if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
-                goto err;
-        if (!CBB_flush(cert_verify))
-                goto err;
-
-        ret = 1;
- err:
-        EVP_MD_CTX_free(mctx);
-        free(signature);
-        return ret;
-}
-#endif
-
 static int
 ssl3_send_client_verify(SSL *s)
 {
@@ -2331,12 +2135,6 @@ ssl3_send_client_verify(SSL *s)
                 } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
                         if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))
                                 goto err;
-#ifndef OPENSSL_NO_GOST
-                } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-                    EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-                        if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify))
-                                goto err;
-#endif
                 } else {
                         SSLerror(s, ERR_R_INTERNAL_ERROR);
                         goto err;
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 28097ea70a..30ca96b2fa 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.46 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -306,7 +306,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
         {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"},
         {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
         {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
-        {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"},
         {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   , "no method specified"},
         {ERR_REASON(SSL_R_NO_PRIVATEKEY)         , "no privatekey"},
         {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c97441c9c0..0277202de3 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.319 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2297,12 +2297,6 @@ ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
                         mask_a |= SSL_aECDSA;
         }
 
-        cpk = &(c->pkeys[SSL_PKEY_GOST01]);
-        if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-                mask_k |= SSL_kGOST;
-                mask_a |= SSL_aGOST01;
-        }
-
         cpk = &(c->pkeys[SSL_PKEY_RSA]);
         if (cpk->x509 != NULL && cpk->privatekey != NULL) {
                 mask_a |= SSL_aRSA;
@@ -2363,8 +2357,6 @@ ssl_get_server_send_pkey(const SSL *s)
                 i = SSL_PKEY_ECC;
         } else if (alg_a & SSL_aRSA) {
                 i = SSL_PKEY_RSA;
-        } else if (alg_a & SSL_aGOST01) {
-                i = SSL_PKEY_GOST01;
         } else { /* if (alg_a & SSL_aNULL) */
                 SSLerror(s, ERR_R_INTERNAL_ERROR);
                 return (NULL);
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index bd6275fac7..b4d093b226 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -197,7 +197,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_kRSA                0x00000001L /* RSA key exchange */
 #define SSL_kDHE                0x00000008L /* tmp DH key no DH cert */
 #define SSL_kECDHE              0x00000080L /* ephemeral ECDH */
-#define SSL_kGOST               0x00000200L /* GOST key exchange */
 #define SSL_kTLS1_3             0x00000400L /* TLSv1.3 key exchange */
 
 /* Bits for algorithm_auth (server authentication) */
@@ -205,7 +204,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_aDSS                0x00000002L /* DSS auth */
 #define SSL_aNULL               0x00000004L /* no auth (i.e. use ADH or AECDH) */
 #define SSL_aECDSA              0x00000040L /* ECDSA auth*/
-#define SSL_aGOST01             0x00000200L /* GOST R 34.10-2001 signature auth */
 #define SSL_aTLS1_3             0x00000400L /* TLSv1.3 authentication */
 
 /* Bits for algorithm_enc (symmetric encryption) */
@@ -218,7 +216,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_AES256              0x00000040L
 #define SSL_CAMELLIA128         0x00000080L
 #define SSL_CAMELLIA256         0x00000100L
-#define SSL_eGOST2814789CNT     0x00000200L
 #define SSL_AES128GCM           0x00000400L
 #define SSL_AES256GCM           0x00000800L
 #define SSL_CHACHA20POLY1305    0x00001000L
@@ -231,8 +228,6 @@ __BEGIN_HIDDEN_DECLS
 
 #define SSL_MD5                 0x00000001L
 #define SSL_SHA1                0x00000002L
-#define SSL_GOST94      0x00000004L
-#define SSL_GOST89MAC   0x00000008L
 #define SSL_SHA256              0x00000010L
 #define SSL_SHA384              0x00000020L
 /* Not a real MAC, just an indication it is part of cipher */
@@ -251,10 +246,8 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_HANDSHAKE_MAC_MASK          0xff0
 #define SSL_HANDSHAKE_MAC_MD5           0x010
 #define SSL_HANDSHAKE_MAC_SHA           0x020
-#define SSL_HANDSHAKE_MAC_GOST94        0x040
 #define SSL_HANDSHAKE_MAC_SHA256        0x080
 #define SSL_HANDSHAKE_MAC_SHA384        0x100
-#define SSL_HANDSHAKE_MAC_STREEBOG256   0x200
 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 
 #define SSL3_CK_ID              0x03000000
@@ -267,17 +260,9 @@ __BEGIN_HIDDEN_DECLS
 #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
 
 /*
- * Stream MAC for GOST ciphersuites from cryptopro draft
- * (currently this also goes into algorithm2).
- */
-#define TLS1_STREAM_MAC 0x04
-
-/*
  * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
  * indicates that the variable part of the nonce is included as a prefix of
  * the record (AES-GCM, for example, does this with an 8-byte variable nonce.)
@@ -324,8 +309,7 @@ __BEGIN_HIDDEN_DECLS
 
 #define SSL_PKEY_RSA            0
 #define SSL_PKEY_ECC            1
-#define SSL_PKEY_GOST01         2
-#define SSL_PKEY_NUM            3
+#define SSL_PKEY_NUM            2
 
 #define SSL_MAX_EMPTY_RECORDS   32
 
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index f59beb4320..9876e82a6f 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.48 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -41,14 +41,6 @@ const struct ssl_sigalg sigalgs[] = {
                 .security_level = 5,
                 .group_nid = NID_secp521r1,
         },
-#ifndef OPENSSL_NO_GOST
-        {
-                .value = SIGALG_GOSTR12_512_STREEBOG_512,
-                .key_type = EVP_PKEY_GOSTR12_512,
-                .md = EVP_streebog512,
-                .security_level = 0,
-        },
-#endif
         {
                 .value = SIGALG_RSA_PKCS1_SHA384,
                 .key_type = EVP_PKEY_RSA,
@@ -75,20 +67,6 @@ const struct ssl_sigalg sigalgs[] = {
                 .security_level = 3,
                 .group_nid = NID_X9_62_prime256v1,
         },
-#ifndef OPENSSL_NO_GOST
-        {
-                .value = SIGALG_GOSTR12_256_STREEBOG_256,
-                .key_type = EVP_PKEY_GOSTR12_256,
-                .md = EVP_streebog256,
-                .security_level = 0,
-        },
-        {
-                .value = SIGALG_GOSTR01_GOST94,
-                .key_type = EVP_PKEY_GOSTR01,
-                .md = EVP_gostr341194,
-                .security_level = 0, /* XXX */
-        },
-#endif
         {
                 .value = SIGALG_RSA_PSS_RSAE_SHA256,
                 .key_type = EVP_PKEY_RSA,
@@ -283,10 +261,6 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
                 return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
         case EVP_PKEY_EC:
                 return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-#ifndef OPENSSL_NO_GOST
-        case EVP_PKEY_GOSTR01:
-                return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
-#endif
         }
         SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
         return NULL;
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index 21a54d642b..5211ec6b62 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.27 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
  *
@@ -47,14 +47,6 @@ __BEGIN_HIDDEN_DECLS
 #define SIGALG_PRIVATE_START            0xFE00
 #define SIGALG_PRIVATE_END              0xFFFF
 
-/*
- * If Russia can elect the US President, surely
- * IANA could fix this problem.
- */
-#define SIGALG_GOSTR12_512_STREEBOG_512 0xEFEF
-#define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE
-#define SIGALG_GOSTR01_GOST94           0xEDED
-
 /* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */
 #define SIGALG_RSA_PKCS1_MD5_SHA1       0xFF01
 
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index f26fde5061..117afac85e 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.159 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,10 +162,6 @@
 #include <openssl/opensslconf.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -564,15 +560,7 @@ ssl3_accept(SSL *s)
                         }
 
                         alg_k = s->s3->hs.cipher->algorithm_mkey;
-                        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                                /*
-                                 * A GOST client may use the key from its
-                                 * certificate for key exchange, in which case
-                                 * the CertificateVerify message is not sent.
-                                 */
-                                s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
-                                s->init_num = 0;
-                        } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
+                        if (SSL_USE_SIGALGS(s)) {
                                 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
                                 s->init_num = 0;
                                 if (!s->session->peer_cert)
@@ -795,7 +783,6 @@ ssl3_get_client_hello(SSL *s)
         unsigned long id;
         SSL_CIPHER *c;
         STACK_OF(SSL_CIPHER) *ciphers = NULL;
-        unsigned long alg_k;
         const SSL_METHOD *method;
         uint16_t shared_version;
 
@@ -1138,10 +1125,8 @@ ssl3_get_client_hello(SSL *s)
         if (!tls1_transcript_hash_init(s))
                 goto err;
 
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
-            !(s->verify_mode & SSL_VERIFY_PEER))
-                tls1_transcript_free(s);
+        if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER))
+                tls1_transcript_free(s); 
 
         /*
          * We now have the following setup.
@@ -1816,75 +1801,6 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
 }
 
 static int
-ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
-{
-        unsigned char premaster_secret[32];
-        EVP_PKEY_CTX *pkey_ctx = NULL;
-        EVP_PKEY *client_pubkey;
-        EVP_PKEY *pkey = NULL;
-        size_t outlen;
-        CBS gostblob;
-
-        /* Get our certificate private key*/
-#ifndef OPENSSL_NO_GOST
-        if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
-                pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-#endif
-
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
-                goto err;
-        if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0)
-                goto err;
-
-        /*
-         * If client certificate is present and is of the same type,
-         * maybe use it for key exchange.
-         * Don't mind errors from EVP_PKEY_derive_set_peer, because
-         * it is completely valid to use a client certificate for
-         * authorization only.
-         */
-        if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) {
-                if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0)
-                        ERR_clear_error();
-        }
-
-        /* Decrypt session key */
-        if (!CBS_get_asn1(cbs, &gostblob, CBS_ASN1_SEQUENCE))
-                goto decode_err;
-        if (CBS_len(cbs) != 0)
-                goto decode_err;
-        outlen = sizeof(premaster_secret);
-        if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
-            CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) {
-                SSLerror(s, SSL_R_DECRYPTION_FAILED);
-                goto err;
-        }
-
-        if (!tls12_derive_master_secret(s, premaster_secret,
-            sizeof(premaster_secret)))
-                goto err;
-
-        /* Check if pubkey from client certificate was used */
-        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY,
-            2, NULL) > 0)
-                s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-
-        explicit_bzero(premaster_secret, sizeof(premaster_secret));
-        EVP_PKEY_CTX_free(pkey_ctx);
-
-        return 1;
-
- decode_err:
-        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- err:
-        explicit_bzero(premaster_secret, sizeof(premaster_secret));
-        EVP_PKEY_CTX_free(pkey_ctx);
-
-        return 0;
-}
-
-static int
 ssl3_get_client_key_exchange(SSL *s)
 {
         unsigned long alg_k;
@@ -1912,9 +1828,6 @@ ssl3_get_client_key_exchange(SSL *s)
         } else if (alg_k & SSL_kECDHE) {
                 if (!ssl3_get_client_kex_ecdhe(s, &cbs))
                         goto err;
-        } else if (alg_k & SSL_kGOST) {
-                if (!ssl3_get_client_kex_gost(s, &cbs))
-                        goto err;
         } else {
                 al = SSL_AD_HANDSHAKE_FAILURE;
                 SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
@@ -2043,15 +1956,6 @@ ssl3_get_cert_verify(SSL *s)
                         al = SSL_AD_INTERNAL_ERROR;
                         goto fatal_err;
                 }
-#ifndef OPENSSL_NO_GOST
-                if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-                    EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-                    EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
-                    NULL) <= 0) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-#endif
                 if (EVP_DigestVerify(mctx, CBS_data(&signature),
                     CBS_len(&signature), hdata, hdatalen) <= 0) {
                         SSLerror(s, ERR_R_EVP_LIB);
@@ -2096,54 +2000,6 @@ ssl3_get_cert_verify(SSL *s)
                         SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
                         goto fatal_err;
                 }
-#ifndef OPENSSL_NO_GOST
-        } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-            EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-                unsigned char sigbuf[128];
-                unsigned int siglen = sizeof(sigbuf);
-                EVP_PKEY_CTX *pctx;
-                const EVP_MD *md;
-                int nid;
-
-                if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-                    !(md = EVP_get_digestbynid(nid))) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if (!EVP_DigestInit_ex(mctx, md, NULL) ||
-                    !EVP_DigestUpdate(mctx, hdata, hdatalen) ||
-                    !EVP_DigestFinal(mctx, sigbuf, &siglen) ||
-                    (EVP_PKEY_verify_init(pctx) <= 0) ||
-                    (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
-                    (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-                    EVP_PKEY_CTRL_GOST_SIG_FORMAT,
-                    GOST_SIG_FORMAT_RS_LE, NULL) <= 0)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        EVP_PKEY_CTX_free(pctx);
-                        goto fatal_err;
-                }
-                if (EVP_PKEY_verify(pctx, CBS_data(&signature),
-                    CBS_len(&signature), sigbuf, siglen) <= 0) {
-                        al = SSL_AD_DECRYPT_ERROR;
-                        SSLerror(s, SSL_R_BAD_SIGNATURE);
-                        EVP_PKEY_CTX_free(pctx);
-                        goto fatal_err;
-                }
-
-                EVP_PKEY_CTX_free(pctx);
-#endif
         } else {
                 SSLerror(s, ERR_R_INTERNAL_ERROR);
                 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 2bdbd3c184..daf6cba6fa 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.57 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -741,18 +741,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_DSS_SIGN                 2
 #define TLS_CT_RSA_FIXED_DH             3
 #define TLS_CT_DSS_FIXED_DH             4
-#define TLS_CT_GOST94_SIGN              21
-#define TLS_CT_GOST01_SIGN              22
 #define TLS_CT_ECDSA_SIGN               64
 #define TLS_CT_RSA_FIXED_ECDH           65
 #define TLS_CT_ECDSA_FIXED_ECDH         66
-#define TLS_CT_GOST12_256_SIGN          67
-#define TLS_CT_GOST12_512_SIGN          68
-#define TLS_CT_GOST12_256_SIGN_COMPAT   238 /* pre-IANA, for compat */
-#define TLS_CT_GOST12_512_SIGN_COMPAT   239 /* pre-IANA, for compat */
 /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
  * comment there) */
-#define TLS_CT_NUMBER                   13
+#define TLS_CT_NUMBER                   7
 
 #define TLS1_FINISH_MAC_LENGTH          12
 
diff --git a/src/lib/libssl/tls12_key_schedule.c b/src/lib/libssl/tls12_key_schedule.c
index 6d714c1183..1ac003329e 100644
--- a/src/lib/libssl/tls12_key_schedule.c
+++ b/src/lib/libssl/tls12_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_key_schedule.c,v 1.3 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: tls12_key_schedule.c,v 1.4 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
  *
@@ -124,10 +124,6 @@ tls12_key_block_generate(struct tls12_key_block *kb, SSL *s,
                 mac_key_len = EVP_MD_size(mac_hash);
                 key_len = EVP_CIPHER_key_length(cipher);
                 iv_len = EVP_CIPHER_iv_length(cipher);
-
-                /* Special handling for GOST... */
-                if (EVP_MD_type(mac_hash) == NID_id_Gost28147_89_MAC)
-                        mac_key_len = 32;
         }
 
         if (mac_key_len > EVP_MAX_MD_SIZE)
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 3f2fe71e21..9786d7d0bd 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.41 2024/01/18 16:30:43 tb Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -468,7 +468,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
     CBS *iv)
 {
         EVP_PKEY *mac_pkey = NULL;
-        int gost_param_nid;
         int mac_type;
         int ret = 0;
 
@@ -484,25 +483,10 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
                 goto err;
         if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key))
                 goto err;
-
-#ifndef OPENSSL_NO_GOST
-        /* XXX die die die */
-        /* Special handling for GOST... */
-        if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
-                if (CBS_len(mac_key) != 32)
-                        goto err;
-                mac_type = EVP_PKEY_GOSTIMIT;
-                rp->stream_mac = 1;
-        } else {
-#endif
-                if (CBS_len(mac_key) > INT_MAX)
-                        goto err;
-                if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
-                        goto err;
-#ifndef OPENSSL_NO_GOST
-        }
-#endif
-
+        if (CBS_len(mac_key) > INT_MAX)
+                goto err;
+        if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
+                goto err;
         if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
                 goto err;
         if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
@@ -524,23 +508,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
             mac_pkey) <= 0)
                 goto err;
 
-        /* More special handling for GOST... */
-        if (EVP_CIPHER_nid(rl->cipher) == NID_gost89_cnt) {
-                gost_param_nid = NID_id_tc26_gost_28147_param_Z;
-                if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94)
-                        gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
-
-                if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX,
-                    gost_param_nid, 0) <= 0)
-                        goto err;
-
-                if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
-                        if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX,
-                            gost_param_nid, 0) <= 0)
-                                goto err;
-                }
-        }
-
         ret = 1;
 
  err:
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index 8fb5a1da7f..18cf2d0c95 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: clienttest.c,v 1.42 2023/07/11 17:03:44 tb Exp $ */
+/*      $OpenBSD: clienttest.c,v 1.43 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  *
@@ -36,7 +36,7 @@
 #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
 #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
 #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
-#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 188)
+#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 184)
 #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98)
 
 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
@@ -75,57 +75,54 @@ static const uint8_t cipher_list_dtls12_aes[] = {
         0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
         0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
         0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
-        0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-        0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-        0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-        0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-        0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-        0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-        0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-        0x00, 0x0a, 0x00, 0xff
+        0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
+        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_dtls12_chacha[] = {
         0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
         0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
         0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-        0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-        0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-        0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-        0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-        0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-        0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-        0x00, 0x0a, 0x00, 0xff,
+        0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
+        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_dtls12[] = {
         0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00,
-        0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0xba, 0x01, 0x00, 0x00,
+        0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0xae, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xc0,
         0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
         0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00,
-        0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff,
-        0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00,
-        0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00,
-        0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0,
-        0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00,
-        0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00,
-        0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00,
-        0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00,
-        0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00,
-        0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00,
-        0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00,
-        0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00,
-        0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06,
-        0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05,
-        0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02,
-        0x01, 0x02, 0x03,
+        0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00,
+        0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00,
+        0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0,
+        0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0,
+        0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00,
+        0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00,
+        0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 0xc0,
+        0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01,
+        0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01,
+        0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
+        0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
+        0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00,
+        0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
+        0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
+        0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls10[] = {
@@ -186,92 +183,90 @@ static const uint8_t cipher_list_tls12_aes[] = {
         0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
         0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
         0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
-        0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-        0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-        0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-        0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-        0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-        0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-        0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
-        0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-        0x00, 0xff,
+        0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
+        0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
+        0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_tls12_chacha[] = {
         0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
         0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
         0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-        0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-        0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-        0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-        0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-        0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-        0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
-        0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-        0x00, 0xff,
+        0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
+        0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
+        0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_tls12[] = {
-        0x16, 0x03, 0x03, 0x00, 0xbb, 0x01, 0x00, 0x00,
-        0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x16, 0x03, 0x03, 0x00, 0xb7, 0x01, 0x00, 0x00,
+        0xb3, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x5a, 0xc0, 0x30,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0xc0, 0x30,
         0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
         0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
-        0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-        0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
-        0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02,
-        0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08,
-        0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19,
-        0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18,
-        0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
-        0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
-        0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
+        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
+        0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+        0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+        0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+        0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34,
+        0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
+        0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
+        0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
+        0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
+        0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
+        0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
+        0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls13_aes[] = {
         0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30,
         0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
         0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
-        0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-        0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
+        0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
+        0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+        0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+        0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+        0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_tls13_chacha[] = {
         0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9,
         0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,
         0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
-        0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85,
-        0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-        0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-        0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-        0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-        0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
+        0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4,
+        0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+        0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+        0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+        0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_tls13[] = {
-        0x16, 0x03, 0x03, 0x01, 0x14, 0x01, 0x00, 0x01,
-        0x10, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01,
+        0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -279,33 +274,32 @@ static const uint8_t client_hello_tls13[] = {
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x13, 0x03,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x13, 0x03,
         0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8,
         0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28,
         0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f,
-        0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4,
-        0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d,
-        0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
-        0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
-        0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
-        0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
-        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
-        0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
-        0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00,
-        0x00, 0x67, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03,
-        0x04, 0x03, 0x03, 0x00, 0x33, 0x00, 0x26, 0x00,
-        0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00,
+        0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, 0x00, 0x88,
+        0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+        0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+        0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+        0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b,
+        0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00,
+        0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00,
-        0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
-        0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
-        0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
-        0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06,
-        0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08,
-        0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02,
-        0x03,
+        0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
+        0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
+        0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00,
+        0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08,
+        0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
+        0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
+        0x03, 0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls13_only_aes[] = {
diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc
index 4a66390cbd..fa22fb8514 100644
--- a/src/regress/lib/libssl/interop/Makefile.inc
+++ b/src/regress/lib/libssl/interop/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.9 2023/10/18 19:14:32 anton Exp $
+# $OpenBSD: Makefile.inc,v 1.10 2024/02/03 15:58:34 beck Exp $
 
 .PATH:                  ${.CURDIR}/..
 
@@ -39,7 +39,7 @@ run-self-client-server: client server 127.0.0.1.crt
 CLEANFILES +=           127.0.0.1.{crt,key} \
                         ca.{crt,key,srl} fake-ca.{crt,key} \
                         {client,server}.{req,crt,key} \
-                        {dsa,ec,gost,rsa}.{key,req,crt} \
+                        {dsa,ec,rsa}.{key,req,crt} \
                         dh.param
 
 127.0.0.1.crt:
@@ -70,10 +70,6 @@ dsa.key:
 ec.key:
         openssl ecparam -genkey -name secp256r1 -out $@
 
-gost.key:
-        openssl genpkey -algorithm gost2001 \
-            -pkeyopt paramset:A -pkeyopt dgst:md_gost94 -out $@
-
 rsa.key:
         openssl genrsa -out $@ 2048
 
@@ -82,11 +78,6 @@ dsa.req ec.req rsa.req: ${@:R}.key
             -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
             -nodes -key ${@:R}.key -out $@
 
-gost.req: ${@:R}.key
-        openssl req -batch -new -md_gost94 \
-            -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
-            -nodes -key ${@:R}.key -out $@
-
-dsa.crt ec.crt gost.crt rsa.crt: ca.crt ${@:R}.req
+dsa.crt ec.crt rsa.crt: ca.crt ${@:R}.req
         openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
             -req -in ${@:R}.req -out $@
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index 627cfc8f9f..3a116d5ed5 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $
+# $OpenBSD: Makefile,v 1.14 2024/02/03 15:58:34 beck Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or 3.0.  Create lists of supported ciphers
@@ -6,17 +6,6 @@
 # certificate with compatible type.  Check that client and server
 # have used correct cipher by grepping in their session print out.
 
-run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
-client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
-        # gost does not work with libressl TLS 1.3 right now
-        @echo DISABLED
-
 LIBRARIES =             libressl
 .if exists(/usr/local/bin/eopenssl11)
 LIBRARIES +=            openssl11
@@ -96,8 +85,6 @@ LEVEL_openssl30 = ,@SECLEVEL=0
 TYPE_${cipher} =        dsa
 .elif "${cipher:M*-ECDSA-*}" != ""
 TYPE_${cipher} =        ec
-.elif "${cipher:M*-GOST89-*}" != ""
-TYPE_${cipher} =        gost
 .elif "${cipher:M*-RSA-*}" != ""
 TYPE_${cipher} =        rsa
 .else
diff --git a/src/regress/lib/libssl/unit/tls_prf.c b/src/regress/lib/libssl/unit/tls_prf.c
index a22d0e70d0..b6836da167 100644
--- a/src/regress/lib/libssl/unit/tls_prf.c
+++ b/src/regress/lib/libssl/unit/tls_prf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_prf.c,v 1.8 2022/11/26 16:08:57 tb Exp $ */
+/* $OpenBSD: tls_prf.c,v 1.9 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -58,29 +58,6 @@ static struct tls_prf_test tls_prf_tests[] = {
                 },
         },
         {
-                .desc = "GOST94",
-                .ssl_method = TLSv1_2_method,
-                .cipher_value = 0x0081,
-                .out = {
-                         0xcc, 0xd4, 0x89, 0x5f, 0x52, 0x08, 0x9b, 0xc7,
-                         0xf9, 0xb5, 0x83, 0x58, 0xe8, 0xc7, 0x71, 0x49,
-                         0x39, 0x99, 0x1f, 0x14, 0x8f, 0x85, 0xbe, 0x64,
-                         0xee, 0x40, 0x5c, 0xe7, 0x5f, 0x68, 0xaf, 0xf2,
-                         0xcd, 0x3a, 0x94, 0x52, 0x33, 0x53, 0x46, 0x7d,
-                         0xb6, 0xc5, 0xe1, 0xb8, 0xa4, 0x04, 0x69, 0x91,
-                         0x0a, 0x9c, 0x88, 0x86, 0xd9, 0x60, 0x63, 0xdd,
-                         0xd8, 0xe7, 0x2e, 0xee, 0xce, 0xe2, 0x20, 0xd8,
-                         0x9a, 0xfa, 0x9c, 0x63, 0x0c, 0x9c, 0xa1, 0x76,
-                         0xed, 0x78, 0x9a, 0x84, 0x70, 0xb4, 0xd1, 0x51,
-                         0x1f, 0xde, 0x44, 0xe8, 0x90, 0x21, 0x3f, 0xeb,
-                         0x05, 0xf4, 0x77, 0x59, 0xf3, 0xad, 0xdd, 0x34,
-                         0x3d, 0x3a, 0x7c, 0xd0, 0x59, 0x40, 0xe1, 0x3f,
-                         0x04, 0x4b, 0x8b, 0xd6, 0x95, 0x46, 0xb4, 0x9e,
-                         0x4c, 0x2d, 0xf7, 0xee, 0xbd, 0xbc, 0xcb, 0x5c,
-                         0x3a, 0x36, 0x0c, 0xd0, 0x27, 0xcb, 0x45, 0x06,
-                },
-        },
-        {
                 .desc = "SHA256 (via TLSv1.2)",
                 .ssl_method = TLSv1_2_method,
                 .cipher_value = 0x0033,
@@ -126,29 +103,6 @@ static struct tls_prf_test tls_prf_tests[] = {
                          0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
                 },
         },
-        {
-                .desc = "STREEBOG256",
-                .ssl_method = TLSv1_2_method,
-                .cipher_value = 0xff87,
-                .out = {
-                        0x3e, 0x13, 0xb9, 0xeb, 0x85, 0x8c, 0xb4, 0x21,
-                        0x23, 0x40, 0x9b, 0x73, 0x04, 0x56, 0xe2, 0xff,
-                        0xce, 0x52, 0x1f, 0x82, 0x7f, 0x17, 0x5b, 0x80,
-                        0x23, 0x71, 0xca, 0x30, 0xdf, 0xfc, 0xdc, 0x2d,
-                        0xc0, 0xfc, 0x5d, 0x23, 0x5a, 0x54, 0x7f, 0xae,
-                        0xf5, 0x7d, 0x52, 0x1e, 0x86, 0x95, 0xe1, 0x2d,
-                        0x28, 0xe7, 0xbe, 0xd7, 0xd0, 0xbf, 0xa9, 0x96,
-                        0x13, 0xd0, 0x9c, 0x0c, 0x1c, 0x16, 0x05, 0xbb,
-                        0x26, 0xd7, 0x30, 0x39, 0xb9, 0x53, 0x28, 0x98,
-                        0x4f, 0x1b, 0x83, 0xc3, 0xce, 0x1c, 0x7c, 0x34,
-                        0xa2, 0xc4, 0x7a, 0x54, 0x16, 0xc6, 0xa7, 0x9e,
-                        0xed, 0x4b, 0x7b, 0x83, 0xa6, 0xae, 0xe2, 0x5b,
-                        0x96, 0xf5, 0x6c, 0xad, 0x1f, 0xa3, 0x83, 0xb2,
-                        0x84, 0x32, 0xed, 0xe3, 0x2c, 0xf6, 0xd4, 0x73,
-                        0x30, 0xef, 0x9d, 0xbe, 0xe7, 0x23, 0x9a, 0xbf,
-                        0x4d, 0x1c, 0xe7, 0xef, 0x3d, 0xea, 0x46, 0xe2,
-                },
-        },
 };
 
 #define N_TLS_PRF_TESTS \
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index e5ff31a2c5..7a42b70f2b 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.35 2023/06/11 13:02:10 jsg Exp $ */
+/* $OpenBSD: openssl.c,v 1.36 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -211,12 +211,6 @@ FUNCTION functions[] = {
 #endif
 
         /* Message Digests. */
-#ifndef OPENSSL_NO_GOST
-        { FUNC_TYPE_MD, "gost-mac", dgst_main },
-        { FUNC_TYPE_MD, "md_gost94", dgst_main },
-        { FUNC_TYPE_MD, "streebog256", dgst_main },
-        { FUNC_TYPE_MD, "streebog512", dgst_main },
-#endif
 #ifndef OPENSSL_NO_MD4
         { FUNC_TYPE_MD, "md4", dgst_main },
 #endif