21 files changed, 148 insertions, 871 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 1ae2d047bc7..bb8e9465ba6 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.248 2023/11/29 13:39:34 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.249 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -577,41 +577,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
-	/* GOST Ciphersuites */
-
-	/* Cipher 81 */
-	{
-		.valid = 1,
-		.name = "GOST2001-GOST89-GOST89",
-		.id = 0x3000081,
-		.algorithm_mkey = SSL_kGOST,
-		.algorithm_auth = SSL_aGOST01,
-		.algorithm_enc = SSL_eGOST2814789CNT,
-		.algorithm_mac = SSL_GOST89MAC,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
-		    TLS1_STREAM_MAC,
-		.strength_bits = 256,
-		.alg_bits = 256
-	},
-
-	/* Cipher 83 */
-	{
-		.valid = 1,
-		.name = "GOST2001-NULL-GOST94",
-		.id = 0x3000083,
-		.algorithm_mkey = SSL_kGOST,
-		.algorithm_auth = SSL_aGOST01,
-		.algorithm_enc = SSL_eNULL,
-		.algorithm_mac = SSL_GOST94,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
-		.strength_bits = 0,
-		.alg_bits = 0
-	},
-
 #ifndef OPENSSL_NO_CAMELLIA
 	/* Camellia ciphersuites from RFC4132 (256-bit portion) */
 
@@ -1362,40 +1327,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
-	/* Cipher FF85 FIXME IANA */
-	{
-		.valid = 1,
-		.name = "GOST2012256-GOST89-GOST89",
-		.id = 0x300ff85, /* FIXME IANA */
-		.algorithm_mkey = SSL_kGOST,
-		.algorithm_auth = SSL_aGOST01,
-		.algorithm_enc = SSL_eGOST2814789CNT,
-		.algorithm_mac = SSL_GOST89MAC,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_HIGH,
-		.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
-		    TLS1_STREAM_MAC,
-		.strength_bits = 256,
-		.alg_bits = 256
-	},
-
-	/* Cipher FF87 FIXME IANA */
-	{
-		.valid = 1,
-		.name = "GOST2012256-NULL-STREEBOG256",
-		.id = 0x300ff87, /* FIXME IANA */
-		.algorithm_mkey = SSL_kGOST,
-		.algorithm_auth = SSL_aGOST01,
-		.algorithm_enc = SSL_eNULL,
-		.algorithm_mac = SSL_STREEBOG256,
-		.algorithm_ssl = SSL_TLSV1,
-		.algo_strength = SSL_STRONG_NONE,
-		.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
-		.strength_bits = 0,
-		.alg_bits = 0
-	},
-
-
 	/* end of list */
 };
 
@@ -2668,21 +2599,6 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
 
 	alg_k = s->s3->hs.cipher->algorithm_mkey;
 
-#ifndef OPENSSL_NO_GOST
-	if ((alg_k & SSL_kGOST) != 0) {
-		if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN))
-			return 0;
-		if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN))
-			return 0;
-		if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
-			return 0;
-		if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
-			return 0;
-		if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
-			return 0;
-	}
-#endif
-
 	if ((alg_k & SSL_kDHE) != 0) {
 		if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
 			return 0;
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 8d65a1ec03b..03a5a80d0a7 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.232 2023/11/22 15:43:42 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.233 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -245,7 +245,6 @@ extern "C" {
 #define SSL_TXT_kECDH		"kECDH"
 #define SSL_TXT_kEECDH		"kEECDH"
 #define SSL_TXT_kPSK            "kPSK"
-#define SSL_TXT_kGOST		"kGOST"
 #define SSL_TXT_kSRP		"kSRP"
 
 #define	SSL_TXT_aRSA		"aRSA"
@@ -255,9 +254,6 @@ extern "C" {
 #define SSL_TXT_aKRB5     	"aKRB5"
 #define SSL_TXT_aECDSA		"aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94		"aGOST94"
-#define SSL_TXT_aGOST01		"aGOST01"
-#define SSL_TXT_aGOST		"aGOST"
 
 #define	SSL_TXT_DSS		"DSS"
 #define SSL_TXT_DH		"DH"
@@ -293,12 +289,8 @@ extern "C" {
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA" /* same as "SHA1" */
-#define SSL_TXT_GOST94		"GOST94"
-#define SSL_TXT_GOST89MAC		"GOST89MAC"
 #define SSL_TXT_SHA256		"SHA256"
 #define SSL_TXT_SHA384		"SHA384"
-#define SSL_TXT_STREEBOG256		"STREEBOG256"
-#define SSL_TXT_STREEBOG512		"STREEBOG512"
 
 #define SSL_TXT_DTLS1		"DTLSv1"
 #define SSL_TXT_DTLS1_2		"DTLSv1.2"
@@ -2176,7 +2168,6 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_CLIENT_CERT_METHOD			 331
 #define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
 #define SSL_R_NO_COMPRESSION_SPECIFIED			 187
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER		 330
 #define SSL_R_NO_METHOD_SPECIFIED			 188
 #define SSL_R_NO_PRIVATEKEY				 189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 6c6cc2ad2b0..603d9ccb4f1 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */
+/* $OpenBSD: ssl3.h,v 1.58 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -325,7 +325,7 @@ extern "C" {
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER			13
+#define SSL3_CT_NUMBER			7
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
 #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 14d9aa85a76..995f1c46015 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.46 2023/07/07 08:53:55 tb Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -384,9 +384,6 @@ ssl_cert_type(EVP_PKEY *pkey)
 	switch (EVP_PKEY_id(pkey)) {
 	case EVP_PKEY_EC:
 		return SSL_PKEY_ECC;
-	case NID_id_GostR3410_2001:
-	case NID_id_GostR3410_2001_cc:
-		return SSL_PKEY_GOST01;
 	case EVP_PKEY_RSA:
 	case EVP_PKEY_RSA_PSS:
 		return SSL_PKEY_RSA;
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index a288050269c..5b2fe1a48d3 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.107 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.108 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -233,10 +233,6 @@ ssl_cert_dup(SSL_CERT *cert)
 				/* We have an ECC key */
 				break;
 
-			case SSL_PKEY_GOST01:
-				/* We have a GOST key */
-				break;
-
 			default:
 				/* Can't happen. */
 				SSLerrorx(SSL_R_LIBRARY_BUG);
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index cea4d3e6f46..76a38405209 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.139 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -212,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.name = SSL_TXT_ECDH,
 		.algorithm_mkey = SSL_kECDHE,
 	},
-	{
-		.name = SSL_TXT_kGOST,
-		.algorithm_mkey = SSL_kGOST,
-	},
 
 	/* server authentication aliases */
 	{
@@ -242,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.name = SSL_TXT_ECDSA,
 		.algorithm_auth = SSL_aECDSA,
 	},
-	{
-		.name = SSL_TXT_aGOST01,
-		.algorithm_auth = SSL_aGOST01,
-	},
-	{
-		.name = SSL_TXT_aGOST,
-		.algorithm_auth = SSL_aGOST01,
-	},
 
 	/* aliases combining key exchange and server authentication */
 	{
@@ -356,14 +344,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.algorithm_mac = SSL_SHA1,
 	},
 	{
-		.name = SSL_TXT_GOST94,
-		.algorithm_mac = SSL_GOST94,
-	},
-	{
-		.name = SSL_TXT_GOST89MAC,
-		.algorithm_mac = SSL_GOST89MAC,
-	},
-	{
 		.name = SSL_TXT_SHA256,
 		.algorithm_mac = SSL_SHA256,
 	},
@@ -371,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.name = SSL_TXT_SHA384,
 		.algorithm_mac = SSL_SHA384,
 	},
-	{
-		.name = SSL_TXT_STREEBOG256,
-		.algorithm_mac = SSL_STREEBOG256,
-	},
 
 	/* protocol version aliases */
 	{
@@ -472,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
 	case SSL_CAMELLIA256:
 		*enc = EVP_camellia_256_cbc();
 		break;
-#ifndef OPENSSL_NO_GOST
-	case SSL_eGOST2814789CNT:
-		*enc = EVP_gost2814789_cnt();
-		break;
-#endif
 	}
 
 	switch (ss->cipher->algorithm_mac) {
@@ -492,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
 	case SSL_SHA384:
 		*md = EVP_sha384();
 		break;
-#ifndef OPENSSL_NO_GOST
-	case SSL_GOST89MAC:
-		*md = EVP_gost2814789imit();
-		break;
-	case SSL_GOST94:
-		*md = EVP_gostr341194();
-		break;
-	case SSL_STREEBOG256:
-		*md = EVP_streebog256();
-		break;
-#endif
 	}
 	if (*enc == NULL || *md == NULL)
 		return 0;
 
+	/* XXX remove these from ssl_cipher_get_evp? */
 	/*
 	 * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
 	 * supported via EVP_CIPHER (they should be using EVP_AEAD instead).
@@ -515,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
 		return 0;
 	if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
 		return 0;
-#ifndef OPENSSL_NO_GOST
-	/* XXX JFC. die in fire already */
-	if (ss->cipher->algorithm_mac == SSL_GOST89MAC) {
-		*mac_pkey_type = EVP_PKEY_GOSTIMIT;
-		*mac_secret_size = 32; /* XXX */
-	} else {
-#endif
-		*mac_pkey_type = EVP_PKEY_HMAC;
-		*mac_secret_size = EVP_MD_size(*md);
-#ifndef OPENSSL_NO_GOST
-	}
-#endif
+
+	*mac_pkey_type = EVP_PKEY_HMAC;
+	*mac_secret_size = EVP_MD_size(*md);
 	return 1;
 }
 
@@ -581,14 +533,6 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
 	case SSL_HANDSHAKE_MAC_DEFAULT:
 		*md = EVP_md5_sha1();
 		return 1;
-#ifndef OPENSSL_NO_GOST
-	case SSL_HANDSHAKE_MAC_GOST94:
-		*md = EVP_gostr341194();
-		return 1;
-	case SSL_HANDSHAKE_MAC_STREEBOG256:
-		*md = EVP_streebog256();
-		return 1;
-#endif
 	case SSL_HANDSHAKE_MAC_SHA256:
 		*md = EVP_sha256();
 		return 1;
@@ -641,6 +585,7 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
 	*head = curr;
 }
 
+/* XXX beck: remove this in a followon to removing GOST */
 static void
 ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
     unsigned long *enc, unsigned long *mac, unsigned long *ssl)
@@ -651,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
 	*mac = 0;
 	*ssl = 0;
 
-	/*
-	 * Check for the availability of GOST 34.10 public/private key
-	 * algorithms. If they are not available disable the associated
-	 * authentication and key exchange algorithms.
-	 */
-#if defined(OPENSSL_NO_GOST) || !defined(EVP_PKEY_GOSTR01)
-	*auth |= SSL_aGOST01;
-	*mkey |= SSL_kGOST;
-#endif
-
 #ifdef SSL_FORBID_ENULL
 	*enc |= SSL_eNULL;
 #endif
@@ -1455,9 +1390,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_kECDHE:
 		kx = "ECDH";
 		break;
-	case SSL_kGOST:
-		kx = "GOST";
-		break;
 	case SSL_kTLS1_3:
 		kx = "TLSv1.3";
 		break;
@@ -1478,9 +1410,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_aECDSA:
 		au = "ECDSA";
 		break;
-	case SSL_aGOST01:
-		au = "GOST01";
-		break;
 	case SSL_aTLS1_3:
 		au = "TLSv1.3";
 		break;
@@ -1520,9 +1449,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_CHACHA20POLY1305:
 		enc = "ChaCha20-Poly1305";
 		break;
-	case SSL_eGOST2814789CNT:
-		enc = "GOST-28178-89-CNT";
-		break;
 	default:
 		enc = "unknown";
 		break;
@@ -1544,15 +1470,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_AEAD:
 		mac = "AEAD";
 		break;
-	case SSL_GOST94:
-		mac = "GOST94";
-		break;
-	case SSL_GOST89MAC:
-		mac = "GOST89IMIT";
-		break;
-	case SSL_STREEBOG256:
-		mac = "STREEBOG256";
-		break;
 	default:
 		mac = "unknown";
 		break;
@@ -1666,8 +1583,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
 		return NID_des_cbc;
 	case SSL_RC4:
 		return NID_rc4;
-	case SSL_eGOST2814789CNT:
-		return NID_gost89_cnt;
 	default:
 		return NID_undef;
 	}
@@ -1680,10 +1595,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
 	switch (c->algorithm_mac) {
 	case SSL_AEAD:
 		return NID_undef;
-	case SSL_GOST89MAC:
-		return NID_id_Gost28147_89_MAC;
-	case SSL_GOST94:
-		return NID_id_GostR3411_94;
 	case SSL_MD5:
 		return NID_md5;
 	case SSL_SHA1:
@@ -1692,8 +1603,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
 		return NID_sha256;
 	case SSL_SHA384:
 		return NID_sha384;
-	case SSL_STREEBOG256:
-		return NID_id_tc26_gost3411_2012_256;
 	default:
 		return NID_undef;
 	}
@@ -1708,8 +1617,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
 		return NID_kx_dhe;
 	case SSL_kECDHE:
 		return NID_kx_ecdhe;
-	case SSL_kGOST:
-		return NID_kx_gost;
 	case SSL_kRSA:
 		return NID_kx_rsa;
 	default:
@@ -1726,8 +1633,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
 		return NID_auth_null;
 	case SSL_aECDSA:
 		return NID_auth_ecdsa;
-	case SSL_aGOST01:
-		return NID_auth_gost01;
 	case SSL_aRSA:
 		return NID_auth_rsa;
 	default:
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 52f5de35a44..56fb9ba1c7e 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.164 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,10 +161,6 @@
 #include <openssl/objects.h>
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -829,7 +825,6 @@ ssl3_get_server_hello(SSL *s)
 	uint8_t compression_method;
 	const SSL_CIPHER *cipher;
 	const SSL_METHOD *method;
-	unsigned long alg_k;
 	int al, ret;
 
 	s->first_packet = 1;
@@ -1038,8 +1033,7 @@ ssl3_get_server_hello(SSL *s)
 	 * Don't digest cached records if no sigalgs: we may need them for
 	 * client authentication.
 	 */
-	alg_k = s->s3->hs.cipher->algorithm_mkey;
-	if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
+	if (!SSL_USE_SIGALGS(s))
 		tls1_transcript_free(s);
 
 	if (!CBS_get_u8(&cbs, &compression_method))
@@ -1931,119 +1925,6 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
 }
 
 static int
-ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
-{
-	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
-	EVP_PKEY_CTX *pkey_ctx = NULL;
-	EVP_MD_CTX *ukm_hash = NULL;
-	EVP_PKEY *pkey;
-	size_t msglen;
-	unsigned int md_len;
-	CBB gostblob;
-	int nid;
-	int ret = 0;
-
-	/* Get server certificate PKEY and create ctx from it */
-	pkey = X509_get0_pubkey(s->session->peer_cert);
-	if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) {
-		SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-		goto err;
-	}
-	if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-		SSLerror(s, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	/*
-	 * If we have send a certificate, and certificate key parameters match
-	 * those of server certificate, use certificate key for key exchange.
-	 * Otherwise, generate ephemeral key pair.
-	 */
-	if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
-		goto err;
-
-	/* Generate session key. */
-	arc4random_buf(premaster_secret, sizeof(premaster_secret));
-
-	/*
-	 * If we have client certificate, use its secret as peer key.
-	 * XXX - this presumably lacks PFS.
-	 */
-	if (s->s3->hs.tls12.cert_request != 0 &&
-	    s->cert->key->privatekey != NULL) {
-		if (EVP_PKEY_derive_set_peer(pkey_ctx,
-		    s->cert->key->privatekey) <=0) {
-			/*
-			 * If there was an error - just ignore it.
-			 * Ephemeral key would be used.
-			 */
-			ERR_clear_error();
-		}
-	}
-
-	/*
-	 * Compute shared IV and store it in algorithm-specific context data.
-	 */
-	if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
-		SSLerror(s, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	/* XXX check handshake hash instead. */
-	if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
-		nid = NID_id_GostR3411_94;
-	else
-		nid = NID_id_tc26_gost3411_2012_256;
-	if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
-		goto err;
-	if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
-		goto err;
-	if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
-		goto err;
-	if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
-		goto err;
-	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-	    EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
-		SSLerror(s, SSL_R_LIBRARY_BUG);
-		goto err;
-	}
-
-	/*
-	 * Make GOST keytransport blob message, encapsulate it into sequence.
-	 */
-	msglen = 255;
-	if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
-	    sizeof(premaster_secret)) < 0) {
-		SSLerror(s, SSL_R_LIBRARY_BUG);
-		goto err;
-	}
-
-	if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE))
-		goto err;
-	if (!CBB_add_bytes(&gostblob, tmp, msglen))
-		goto err;
-	if (!CBB_flush(cbb))
-		goto err;
-
-	/* Check if pubkey from client certificate was used. */
-	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
-	    NULL) > 0)
-		s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-
-	if (!tls12_derive_master_secret(s, premaster_secret, 32))
-		goto err;
-
-	ret = 1;
-
- err:
-	explicit_bzero(premaster_secret, sizeof(premaster_secret));
-	EVP_PKEY_CTX_free(pkey_ctx);
-	EVP_MD_CTX_free(ukm_hash);
-
-	return ret;
-}
-
-static int
 ssl3_send_client_key_exchange(SSL *s)
 {
 	unsigned long alg_k;
@@ -2067,9 +1948,6 @@ ssl3_send_client_key_exchange(SSL *s)
 		} else if (alg_k & SSL_kECDHE) {
 			if (!ssl3_send_client_kex_ecdhe(s, &kex))
 				goto err;
-		} else if (alg_k & SSL_kGOST) {
-			if (!ssl3_send_client_kex_gost(s, &kex))
-				goto err;
 		} else {
 			ssl3_send_alert(s, SSL3_AL_FATAL,
 			    SSL_AD_HANDSHAKE_FAILURE);
@@ -2115,14 +1993,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
 		SSLerror(s, ERR_R_EVP_LIB);
 		goto err;
 	}
-#ifndef OPENSSL_NO_GOST
-	if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-	    EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-	    EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-		SSLerror(s, ERR_R_EVP_LIB);
-		goto err;
-	}
-#endif
 	if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
 	    (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
 	    !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
@@ -2230,72 +2100,6 @@ ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
 	return ret;
 }
 
-#ifndef OPENSSL_NO_GOST
-static int
-ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
-{
-	CBB cbb_signature;
-	EVP_MD_CTX *mctx;
-	EVP_PKEY_CTX *pctx;
-	const EVP_MD *md;
-	const unsigned char *hdata;
-	unsigned char *signature = NULL;
-	size_t signature_len;
-	size_t hdata_len;
-	int nid;
-	int ret = 0;
-
-	if ((mctx = EVP_MD_CTX_new()) == NULL)
-		goto err;
-
-	if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
-		SSLerror(s, ERR_R_INTERNAL_ERROR);
-		goto err;
-	}
-	if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-	    (md = EVP_get_digestbynid(nid)) == NULL) {
-		SSLerror(s, ERR_R_EVP_LIB);
-		goto err;
-	}
-	if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) {
-		SSLerror(s, ERR_R_EVP_LIB);
-		goto err;
-	}
-#ifndef OPENSSL_NO_GOST
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-	    EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-		SSLerror(s, ERR_R_EVP_LIB);
-		goto err;
-	}
-#endif
-	if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
-		SSLerror(s, ERR_R_EVP_LIB);
-		goto err;
-	}
-	if ((signature = calloc(1, signature_len)) == NULL) {
-		SSLerror(s, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
-		SSLerror(s, ERR_R_EVP_LIB);
-		goto err;
-	}
-
-	if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
-		goto err;
-	if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
-		goto err;
-	if (!CBB_flush(cert_verify))
-		goto err;
-
-	ret = 1;
- err:
-	EVP_MD_CTX_free(mctx);
-	free(signature);
-	return ret;
-}
-#endif
-
 static int
 ssl3_send_client_verify(SSL *s)
 {
@@ -2331,12 +2135,6 @@ ssl3_send_client_verify(SSL *s)
 		} else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
 			if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))
 				goto err;
-#ifndef OPENSSL_NO_GOST
-		} else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-		    EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-			if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify))
-				goto err;
-#endif
 		} else {
 			SSLerror(s, ERR_R_INTERNAL_ERROR);
 			goto err;
diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c
index 28097ea70a9..30ca96b2fa4 100644
--- a/lib/libssl/ssl_err.c
+++ b/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.46 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -306,7 +306,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
 	{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"},
 	{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
 	{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
-	{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"},
 	{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   , "no method specified"},
 	{ERR_REASON(SSL_R_NO_PRIVATEKEY)         , "no privatekey"},
 	{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index c97441c9c01..0277202de3b 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.319 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2297,12 +2297,6 @@ ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
 			mask_a |= SSL_aECDSA;
 	}
 
-	cpk = &(c->pkeys[SSL_PKEY_GOST01]);
-	if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-		mask_k |= SSL_kGOST;
-		mask_a |= SSL_aGOST01;
-	}
-
 	cpk = &(c->pkeys[SSL_PKEY_RSA]);
 	if (cpk->x509 != NULL && cpk->privatekey != NULL) {
 		mask_a |= SSL_aRSA;
@@ -2363,8 +2357,6 @@ ssl_get_server_send_pkey(const SSL *s)
 		i = SSL_PKEY_ECC;
 	} else if (alg_a & SSL_aRSA) {
 		i = SSL_PKEY_RSA;
-	} else if (alg_a & SSL_aGOST01) {
-		i = SSL_PKEY_GOST01;
 	} else { /* if (alg_a & SSL_aNULL) */
 		SSLerror(s, ERR_R_INTERNAL_ERROR);
 		return (NULL);
diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h
index bd6275fac7e..b4d093b2262 100644
--- a/lib/libssl/ssl_local.h
+++ b/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -197,7 +197,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_kRSA		0x00000001L /* RSA key exchange */
 #define SSL_kDHE		0x00000008L /* tmp DH key no DH cert */
 #define SSL_kECDHE		0x00000080L /* ephemeral ECDH */
-#define SSL_kGOST		0x00000200L /* GOST key exchange */
 #define SSL_kTLS1_3		0x00000400L /* TLSv1.3 key exchange */
 
 /* Bits for algorithm_auth (server authentication) */
@@ -205,7 +204,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_aDSS		0x00000002L /* DSS auth */
 #define SSL_aNULL		0x00000004L /* no auth (i.e. use ADH or AECDH) */
 #define SSL_aECDSA              0x00000040L /* ECDSA auth*/
-#define SSL_aGOST01		0x00000200L /* GOST R 34.10-2001 signature auth */
 #define SSL_aTLS1_3		0x00000400L /* TLSv1.3 authentication */
 
 /* Bits for algorithm_enc (symmetric encryption) */
@@ -218,7 +216,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_AES256		0x00000040L
 #define SSL_CAMELLIA128		0x00000080L
 #define SSL_CAMELLIA256		0x00000100L
-#define SSL_eGOST2814789CNT	0x00000200L
 #define SSL_AES128GCM		0x00000400L
 #define SSL_AES256GCM		0x00000800L
 #define SSL_CHACHA20POLY1305	0x00001000L
@@ -231,8 +228,6 @@ __BEGIN_HIDDEN_DECLS
 
 #define SSL_MD5			0x00000001L
 #define SSL_SHA1		0x00000002L
-#define SSL_GOST94      0x00000004L
-#define SSL_GOST89MAC   0x00000008L
 #define SSL_SHA256		0x00000010L
 #define SSL_SHA384		0x00000020L
 /* Not a real MAC, just an indication it is part of cipher */
@@ -251,10 +246,8 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_HANDSHAKE_MAC_MASK		0xff0
 #define SSL_HANDSHAKE_MAC_MD5		0x010
 #define SSL_HANDSHAKE_MAC_SHA		0x020
-#define SSL_HANDSHAKE_MAC_GOST94	0x040
 #define SSL_HANDSHAKE_MAC_SHA256	0x080
 #define SSL_HANDSHAKE_MAC_SHA384	0x100
-#define SSL_HANDSHAKE_MAC_STREEBOG256	0x200
 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 
 #define SSL3_CK_ID		0x03000000
@@ -267,17 +260,9 @@ __BEGIN_HIDDEN_DECLS
 #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
 
 /*
- * Stream MAC for GOST ciphersuites from cryptopro draft
- * (currently this also goes into algorithm2).
- */
-#define TLS1_STREAM_MAC 0x04
-
-/*
  * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
  * indicates that the variable part of the nonce is included as a prefix of
  * the record (AES-GCM, for example, does this with an 8-byte variable nonce.)
@@ -324,8 +309,7 @@ __BEGIN_HIDDEN_DECLS
 
 #define SSL_PKEY_RSA		0
 #define SSL_PKEY_ECC		1
-#define SSL_PKEY_GOST01		2
-#define SSL_PKEY_NUM		3
+#define SSL_PKEY_NUM		2
 
 #define SSL_MAX_EMPTY_RECORDS	32
 
diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index f59beb4320a..9876e82a6f9 100644
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.48 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -41,14 +41,6 @@ const struct ssl_sigalg sigalgs[] = {
 		.security_level = 5,
 		.group_nid = NID_secp521r1,
 	},
-#ifndef OPENSSL_NO_GOST
-	{
-		.value = SIGALG_GOSTR12_512_STREEBOG_512,
-		.key_type = EVP_PKEY_GOSTR12_512,
-		.md = EVP_streebog512,
-		.security_level = 0,
-	},
-#endif
 	{
 		.value = SIGALG_RSA_PKCS1_SHA384,
 		.key_type = EVP_PKEY_RSA,
@@ -75,20 +67,6 @@ const struct ssl_sigalg sigalgs[] = {
 		.security_level = 3,
 		.group_nid = NID_X9_62_prime256v1,
 	},
-#ifndef OPENSSL_NO_GOST
-	{
-		.value = SIGALG_GOSTR12_256_STREEBOG_256,
-		.key_type = EVP_PKEY_GOSTR12_256,
-		.md = EVP_streebog256,
-		.security_level = 0,
-	},
-	{
-		.value = SIGALG_GOSTR01_GOST94,
-		.key_type = EVP_PKEY_GOSTR01,
-		.md = EVP_gostr341194,
-		.security_level = 0, /* XXX */
-	},
-#endif
 	{
 		.value = SIGALG_RSA_PSS_RSAE_SHA256,
 		.key_type = EVP_PKEY_RSA,
@@ -283,10 +261,6 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
 		return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
 	case EVP_PKEY_EC:
 		return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-#ifndef OPENSSL_NO_GOST
-	case EVP_PKEY_GOSTR01:
-		return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
-#endif
 	}
 	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
 	return NULL;
diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h
index 21a54d642bc..5211ec6b628 100644
--- a/lib/libssl/ssl_sigalgs.h
+++ b/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.27 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
  *
@@ -47,14 +47,6 @@ __BEGIN_HIDDEN_DECLS
 #define SIGALG_PRIVATE_START		0xFE00
 #define SIGALG_PRIVATE_END		0xFFFF
 
-/*
- * If Russia can elect the US President, surely
- * IANA could fix this problem.
- */
-#define SIGALG_GOSTR12_512_STREEBOG_512	0xEFEF
-#define SIGALG_GOSTR12_256_STREEBOG_256	0xEEEE
-#define SIGALG_GOSTR01_GOST94		0xEDED
-
 /* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */
 #define SIGALG_RSA_PKCS1_MD5_SHA1	0xFF01
 
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index f26fde50610..117afac85e6 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.159 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -162,10 +162,6 @@
 #include <openssl/opensslconf.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -564,15 +560,7 @@ ssl3_accept(SSL *s)
 			}
 
 			alg_k = s->s3->hs.cipher->algorithm_mkey;
-			if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-				/*
-				 * A GOST client may use the key from its
-				 * certificate for key exchange, in which case
-				 * the CertificateVerify message is not sent.
-				 */
-				s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
-				s->init_num = 0;
-			} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
+			if (SSL_USE_SIGALGS(s)) {
 				s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
 				s->init_num = 0;
 				if (!s->session->peer_cert)
@@ -795,7 +783,6 @@ ssl3_get_client_hello(SSL *s)
 	unsigned long id;
 	SSL_CIPHER *c;
 	STACK_OF(SSL_CIPHER) *ciphers = NULL;
-	unsigned long alg_k;
 	const SSL_METHOD *method;
 	uint16_t shared_version;
 
@@ -1138,10 +1125,8 @@ ssl3_get_client_hello(SSL *s)
 	if (!tls1_transcript_hash_init(s))
 		goto err;
 
-	alg_k = s->s3->hs.cipher->algorithm_mkey;
-	if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
-	    !(s->verify_mode & SSL_VERIFY_PEER))
-		tls1_transcript_free(s);
+	if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER))
+		tls1_transcript_free(s); 
 
 	/*
 	 * We now have the following setup.
@@ -1816,75 +1801,6 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
 }
 
 static int
-ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
-{
-	unsigned char premaster_secret[32];
-	EVP_PKEY_CTX *pkey_ctx = NULL;
-	EVP_PKEY *client_pubkey;
-	EVP_PKEY *pkey = NULL;
-	size_t outlen;
-	CBS gostblob;
-
-	/* Get our certificate private key*/
-#ifndef OPENSSL_NO_GOST
-	if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
-		pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-#endif
-
-	if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
-		goto err;
-	if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0)
-		goto err;
-
-	/*
-	 * If client certificate is present and is of the same type,
-	 * maybe use it for key exchange.
-	 * Don't mind errors from EVP_PKEY_derive_set_peer, because
-	 * it is completely valid to use a client certificate for
-	 * authorization only.
-	 */
-	if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) {
-		if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0)
-			ERR_clear_error();
-	}
-
-	/* Decrypt session key */
-	if (!CBS_get_asn1(cbs, &gostblob, CBS_ASN1_SEQUENCE))
-		goto decode_err;
-	if (CBS_len(cbs) != 0)
-		goto decode_err;
-	outlen = sizeof(premaster_secret);
-	if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
-	    CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) {
-		SSLerror(s, SSL_R_DECRYPTION_FAILED);
-		goto err;
-	}
-
-	if (!tls12_derive_master_secret(s, premaster_secret,
-	    sizeof(premaster_secret)))
-		goto err;
-
-	/* Check if pubkey from client certificate was used */
-	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY,
-	    2, NULL) > 0)
-		s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-
-	explicit_bzero(premaster_secret, sizeof(premaster_secret));
-	EVP_PKEY_CTX_free(pkey_ctx);
-
-	return 1;
-
- decode_err:
-	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- err:
-	explicit_bzero(premaster_secret, sizeof(premaster_secret));
-	EVP_PKEY_CTX_free(pkey_ctx);
-
-	return 0;
-}
-
-static int
 ssl3_get_client_key_exchange(SSL *s)
 {
 	unsigned long alg_k;
@@ -1912,9 +1828,6 @@ ssl3_get_client_key_exchange(SSL *s)
 	} else if (alg_k & SSL_kECDHE) {
 		if (!ssl3_get_client_kex_ecdhe(s, &cbs))
 			goto err;
-	} else if (alg_k & SSL_kGOST) {
-		if (!ssl3_get_client_kex_gost(s, &cbs))
-			goto err;
 	} else {
 		al = SSL_AD_HANDSHAKE_FAILURE;
 		SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
@@ -2043,15 +1956,6 @@ ssl3_get_cert_verify(SSL *s)
 			al = SSL_AD_INTERNAL_ERROR;
 			goto fatal_err;
 		}
-#ifndef OPENSSL_NO_GOST
-		if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-		    EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-		    EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
-		    NULL) <= 0) {
-			al = SSL_AD_INTERNAL_ERROR;
-			goto fatal_err;
-		}
-#endif
 		if (EVP_DigestVerify(mctx, CBS_data(&signature),
 		    CBS_len(&signature), hdata, hdatalen) <= 0) {
 			SSLerror(s, ERR_R_EVP_LIB);
@@ -2096,54 +2000,6 @@ ssl3_get_cert_verify(SSL *s)
 			SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
 			goto fatal_err;
 		}
-#ifndef OPENSSL_NO_GOST
-	} else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-	    EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-		unsigned char sigbuf[128];
-		unsigned int siglen = sizeof(sigbuf);
-		EVP_PKEY_CTX *pctx;
-		const EVP_MD *md;
-		int nid;
-
-		if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
-			SSLerror(s, ERR_R_INTERNAL_ERROR);
-			al = SSL_AD_INTERNAL_ERROR;
-			goto fatal_err;
-		}
-		if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-		    !(md = EVP_get_digestbynid(nid))) {
-			SSLerror(s, ERR_R_EVP_LIB);
-			al = SSL_AD_INTERNAL_ERROR;
-			goto fatal_err;
-		}
-		if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-			SSLerror(s, ERR_R_EVP_LIB);
-			al = SSL_AD_INTERNAL_ERROR;
-			goto fatal_err;
-		}
-		if (!EVP_DigestInit_ex(mctx, md, NULL) ||
-		    !EVP_DigestUpdate(mctx, hdata, hdatalen) ||
-		    !EVP_DigestFinal(mctx, sigbuf, &siglen) ||
-		    (EVP_PKEY_verify_init(pctx) <= 0) ||
-		    (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
-		    (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-		    EVP_PKEY_CTRL_GOST_SIG_FORMAT,
-		    GOST_SIG_FORMAT_RS_LE, NULL) <= 0)) {
-			SSLerror(s, ERR_R_EVP_LIB);
-			al = SSL_AD_INTERNAL_ERROR;
-			EVP_PKEY_CTX_free(pctx);
-			goto fatal_err;
-		}
-		if (EVP_PKEY_verify(pctx, CBS_data(&signature),
-		    CBS_len(&signature), sigbuf, siglen) <= 0) {
-			al = SSL_AD_DECRYPT_ERROR;
-			SSLerror(s, SSL_R_BAD_SIGNATURE);
-			EVP_PKEY_CTX_free(pctx);
-			goto fatal_err;
-		}
-
-		EVP_PKEY_CTX_free(pctx);
-#endif
 	} else {
 		SSLerror(s, ERR_R_INTERNAL_ERROR);
 		al = SSL_AD_UNSUPPORTED_CERTIFICATE;
diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h
index 2bdbd3c1843..daf6cba6faf 100644
--- a/lib/libssl/tls1.h
+++ b/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.57 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -741,18 +741,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3
 #define TLS_CT_DSS_FIXED_DH		4
-#define TLS_CT_GOST94_SIGN		21
-#define TLS_CT_GOST01_SIGN		22
 #define TLS_CT_ECDSA_SIGN		64
 #define TLS_CT_RSA_FIXED_ECDH		65
 #define TLS_CT_ECDSA_FIXED_ECDH 	66
-#define TLS_CT_GOST12_256_SIGN		67
-#define TLS_CT_GOST12_512_SIGN		68
-#define TLS_CT_GOST12_256_SIGN_COMPAT	238 /* pre-IANA, for compat */
-#define TLS_CT_GOST12_512_SIGN_COMPAT	239 /* pre-IANA, for compat */
 /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
  * comment there) */
-#define TLS_CT_NUMBER			13
+#define TLS_CT_NUMBER			7
 
 #define TLS1_FINISH_MAC_LENGTH		12
 
diff --git a/lib/libssl/tls12_key_schedule.c b/lib/libssl/tls12_key_schedule.c
index 6d714c1183a..1ac003329e3 100644
--- a/lib/libssl/tls12_key_schedule.c
+++ b/lib/libssl/tls12_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_key_schedule.c,v 1.3 2022/11/26 16:08:56 tb Exp $ */
+/* $OpenBSD: tls12_key_schedule.c,v 1.4 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
  *
@@ -124,10 +124,6 @@ tls12_key_block_generate(struct tls12_key_block *kb, SSL *s,
 		mac_key_len = EVP_MD_size(mac_hash);
 		key_len = EVP_CIPHER_key_length(cipher);
 		iv_len = EVP_CIPHER_iv_length(cipher);
-
-		/* Special handling for GOST... */
-		if (EVP_MD_type(mac_hash) == NID_id_Gost28147_89_MAC)
-			mac_key_len = 32;
 	}
 
 	if (mac_key_len > EVP_MAX_MD_SIZE)
diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c
index 3f2fe71e210..9786d7d0bda 100644
--- a/lib/libssl/tls12_record_layer.c
+++ b/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.41 2024/01/18 16:30:43 tb Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -468,7 +468,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
     CBS *iv)
 {
 	EVP_PKEY *mac_pkey = NULL;
-	int gost_param_nid;
 	int mac_type;
 	int ret = 0;
 
@@ -484,25 +483,10 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
 		goto err;
 	if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key))
 		goto err;
-
-#ifndef OPENSSL_NO_GOST
-	/* XXX die die die */
-	/* Special handling for GOST... */
-	if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
-		if (CBS_len(mac_key) != 32)
-			goto err;
-		mac_type = EVP_PKEY_GOSTIMIT;
-		rp->stream_mac = 1;
-	} else {
-#endif
-		if (CBS_len(mac_key) > INT_MAX)
-			goto err;
-		if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
-			goto err;
-#ifndef OPENSSL_NO_GOST
-	}
-#endif
-
+	if (CBS_len(mac_key) > INT_MAX)
+		goto err;
+	if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
+		goto err;
 	if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
 		goto err;
 	if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
@@ -524,23 +508,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
 	    mac_pkey) <= 0)
 		goto err;
 
-	/* More special handling for GOST... */
-	if (EVP_CIPHER_nid(rl->cipher) == NID_gost89_cnt) {
-		gost_param_nid = NID_id_tc26_gost_28147_param_Z;
-		if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94)
-			gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
-
-		if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX,
-		    gost_param_nid, 0) <= 0)
-			goto err;
-
-		if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
-			if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX,
-			    gost_param_nid, 0) <= 0)
-				goto err;
-		}
-	}
-
 	ret = 1;
 
  err:
diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c
index 8fb5a1da7f5..18cf2d0c957 100644
--- a/regress/lib/libssl/client/clienttest.c
+++ b/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: clienttest.c,v 1.42 2023/07/11 17:03:44 tb Exp $ */
+/*	$OpenBSD: clienttest.c,v 1.43 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  *
@@ -36,7 +36,7 @@
 #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
 #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
 #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
-#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 188)
+#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 184)
 #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98)
 
 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
@@ -75,57 +75,54 @@ static const uint8_t cipher_list_dtls12_aes[] = {
 	0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
 	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
 	0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
-	0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-	0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-	0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-	0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-	0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-	0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-	0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-	0x00, 0x0a, 0x00, 0xff
+	0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+	0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+	0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+	0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+	0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+	0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
+	0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_dtls12_chacha[] = {
 	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
 	0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
 	0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-	0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-	0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-	0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-	0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-	0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-	0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-	0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-	0x00, 0x0a, 0x00, 0xff,
+	0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+	0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+	0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+	0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+	0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+	0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
+	0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_dtls12[] = {
 	0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00,
-	0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0xba, 0x01, 0x00, 0x00,
+	0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xae, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xc0,
 	0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
 	0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00,
-	0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff,
-	0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00,
-	0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00,
-	0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0,
-	0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00,
-	0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00,
-	0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00,
-	0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00,
-	0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00,
-	0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00,
-	0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00,
-	0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00,
-	0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06,
-	0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05,
-	0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02,
-	0x01, 0x02, 0x03,
+	0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00,
+	0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00,
+	0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0,
+	0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0,
+	0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00,
+	0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00,
+	0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 0xc0,
+	0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01,
+	0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01,
+	0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
+	0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
+	0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00,
+	0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
+	0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
+	0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls10[] = {
@@ -186,92 +183,90 @@ static const uint8_t cipher_list_tls12_aes[] = {
 	0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
 	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
 	0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
-	0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-	0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-	0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-	0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-	0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-	0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-	0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
-	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-	0x00, 0xff,
+	0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+	0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+	0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+	0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+	0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+	0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
+	0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
+	0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_tls12_chacha[] = {
 	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
 	0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
 	0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-	0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
-	0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
-	0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
-	0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
-	0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
-	0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
-	0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
-	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
-	0x00, 0xff,
+	0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
+	0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+	0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+	0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
+	0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
+	0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
+	0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
+	0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_tls12[] = {
-	0x16, 0x03, 0x03, 0x00, 0xbb, 0x01, 0x00, 0x00,
-	0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x16, 0x03, 0x03, 0x00, 0xb7, 0x01, 0x00, 0x00,
+	0xb3, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x5a, 0xc0, 0x30,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0xc0, 0x30,
 	0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
 	0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
-	0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-	0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-	0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-	0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-	0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-	0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-	0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
-	0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02,
-	0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08,
-	0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19,
-	0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18,
-	0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
-	0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
-	0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
+	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
+	0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+	0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+	0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+	0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+	0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+	0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+	0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+	0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34,
+	0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
+	0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
+	0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
+	0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
+	0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
+	0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
+	0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls13_aes[] = {
 	0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30,
 	0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
 	0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
-	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
-	0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-	0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-	0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-	0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-	0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-	0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-	0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
+	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
+	0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+	0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+	0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+	0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+	0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+	0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+	0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+	0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t cipher_list_tls13_chacha[] = {
 	0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9,
 	0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,
 	0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
-	0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85,
-	0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
-	0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
-	0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
-	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
-	0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
-	0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
-	0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12,
-	0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
+	0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4,
+	0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+	0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+	0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+	0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+	0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+	0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+	0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+	0x00, 0x0a, 0x00, 0xff,
 };
 
 static const uint8_t client_hello_tls13[] = {
-	0x16, 0x03, 0x03, 0x01, 0x14, 0x01, 0x00, 0x01,
-	0x10, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01,
+	0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -279,33 +274,32 @@ static const uint8_t client_hello_tls13[] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x13, 0x03,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x13, 0x03,
 	0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8,
 	0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28,
 	0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f,
-	0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4,
-	0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d,
-	0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
-	0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
-	0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
-	0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
-	0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
-	0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
-	0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00,
-	0x00, 0x67, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03,
-	0x04, 0x03, 0x03, 0x00, 0x33, 0x00, 0x26, 0x00,
-	0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00,
+	0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, 0x00, 0x88,
+	0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
+	0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
+	0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
+	0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
+	0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+	0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
+	0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+	0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b,
+	0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00,
+	0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
+	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00,
-	0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,
-	0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
-	0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
-	0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06,
-	0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08,
-	0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02,
-	0x03,
+	0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
+	0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
+	0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00,
+	0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08,
+	0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
+	0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
+	0x03, 0x02, 0x01, 0x02, 0x03,
 };
 
 static const uint8_t cipher_list_tls13_only_aes[] = {
diff --git a/regress/lib/libssl/interop/Makefile.inc b/regress/lib/libssl/interop/Makefile.inc
index 4a66390cbd8..fa22fb8514c 100644
--- a/regress/lib/libssl/interop/Makefile.inc
+++ b/regress/lib/libssl/interop/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.9 2023/10/18 19:14:32 anton Exp $
+# $OpenBSD: Makefile.inc,v 1.10 2024/02/03 15:58:34 beck Exp $
 
 .PATH:			${.CURDIR}/..
 
@@ -39,7 +39,7 @@ run-self-client-server: client server 127.0.0.1.crt
 CLEANFILES +=		127.0.0.1.{crt,key} \
 			ca.{crt,key,srl} fake-ca.{crt,key} \
 			{client,server}.{req,crt,key} \
-			{dsa,ec,gost,rsa}.{key,req,crt} \
+			{dsa,ec,rsa}.{key,req,crt} \
 			dh.param
 
 127.0.0.1.crt:
@@ -70,10 +70,6 @@ dsa.key:
 ec.key:
 	openssl ecparam -genkey -name secp256r1 -out $@
 
-gost.key:
-	openssl genpkey -algorithm gost2001 \
-	    -pkeyopt paramset:A -pkeyopt dgst:md_gost94 -out $@
-
 rsa.key:
 	openssl genrsa -out $@ 2048
 
@@ -82,11 +78,6 @@ dsa.req ec.req rsa.req: ${@:R}.key
 	    -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
 	    -nodes -key ${@:R}.key -out $@
 
-gost.req: ${@:R}.key
-	openssl req -batch -new -md_gost94 \
-	    -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
-	    -nodes -key ${@:R}.key -out $@
-
-dsa.crt ec.crt gost.crt rsa.crt: ca.crt ${@:R}.req
+dsa.crt ec.crt rsa.crt: ca.crt ${@:R}.req
 	openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
 	    -req -in ${@:R}.req -out $@
diff --git a/regress/lib/libssl/interop/cipher/Makefile b/regress/lib/libssl/interop/cipher/Makefile
index 627cfc8f9f0..3a116d5ed59 100644
--- a/regress/lib/libssl/interop/cipher/Makefile
+++ b/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $
+# $OpenBSD: Makefile,v 1.14 2024/02/03 15:58:34 beck Exp $
 
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or 3.0.  Create lists of supported ciphers
@@ -6,17 +6,6 @@
 # certificate with compatible type.  Check that client and server
 # have used correct cipher by grepping in their session print out.
 
-run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
-client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
-	# gost does not work with libressl TLS 1.3 right now
-	@echo DISABLED
-
 LIBRARIES =		libressl
 .if exists(/usr/local/bin/eopenssl11)
 LIBRARIES +=		openssl11
@@ -96,8 +85,6 @@ LEVEL_openssl30 = ,@SECLEVEL=0
 TYPE_${cipher} =	dsa
 .elif "${cipher:M*-ECDSA-*}" != ""
 TYPE_${cipher} =	ec
-.elif "${cipher:M*-GOST89-*}" != ""
-TYPE_${cipher} =	gost
 .elif "${cipher:M*-RSA-*}" != ""
 TYPE_${cipher} =	rsa
 .else
diff --git a/regress/lib/libssl/unit/tls_prf.c b/regress/lib/libssl/unit/tls_prf.c
index a22d0e70d08..b6836da167e 100644
--- a/regress/lib/libssl/unit/tls_prf.c
+++ b/regress/lib/libssl/unit/tls_prf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_prf.c,v 1.8 2022/11/26 16:08:57 tb Exp $ */
+/* $OpenBSD: tls_prf.c,v 1.9 2024/02/03 15:58:34 beck Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -58,29 +58,6 @@ static struct tls_prf_test tls_prf_tests[] = {
 		},
 	},
 	{
-		.desc = "GOST94",
-		.ssl_method = TLSv1_2_method,
-		.cipher_value = 0x0081,
-		.out = {
-			 0xcc, 0xd4, 0x89, 0x5f, 0x52, 0x08, 0x9b, 0xc7,
-			 0xf9, 0xb5, 0x83, 0x58, 0xe8, 0xc7, 0x71, 0x49,
-			 0x39, 0x99, 0x1f, 0x14, 0x8f, 0x85, 0xbe, 0x64,
-			 0xee, 0x40, 0x5c, 0xe7, 0x5f, 0x68, 0xaf, 0xf2,
-			 0xcd, 0x3a, 0x94, 0x52, 0x33, 0x53, 0x46, 0x7d,
-			 0xb6, 0xc5, 0xe1, 0xb8, 0xa4, 0x04, 0x69, 0x91,
-			 0x0a, 0x9c, 0x88, 0x86, 0xd9, 0x60, 0x63, 0xdd,
-			 0xd8, 0xe7, 0x2e, 0xee, 0xce, 0xe2, 0x20, 0xd8,
-			 0x9a, 0xfa, 0x9c, 0x63, 0x0c, 0x9c, 0xa1, 0x76,
-			 0xed, 0x78, 0x9a, 0x84, 0x70, 0xb4, 0xd1, 0x51,
-			 0x1f, 0xde, 0x44, 0xe8, 0x90, 0x21, 0x3f, 0xeb,
-			 0x05, 0xf4, 0x77, 0x59, 0xf3, 0xad, 0xdd, 0x34,
-			 0x3d, 0x3a, 0x7c, 0xd0, 0x59, 0x40, 0xe1, 0x3f,
-			 0x04, 0x4b, 0x8b, 0xd6, 0x95, 0x46, 0xb4, 0x9e,
-			 0x4c, 0x2d, 0xf7, 0xee, 0xbd, 0xbc, 0xcb, 0x5c,
-			 0x3a, 0x36, 0x0c, 0xd0, 0x27, 0xcb, 0x45, 0x06,
-		},
-	},
-	{
 		.desc = "SHA256 (via TLSv1.2)",
 		.ssl_method = TLSv1_2_method,
 		.cipher_value = 0x0033,
@@ -126,29 +103,6 @@ static struct tls_prf_test tls_prf_tests[] = {
 			 0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
 		},
 	},
-	{
-		.desc = "STREEBOG256",
-		.ssl_method = TLSv1_2_method,
-		.cipher_value = 0xff87,
-		.out = {
-			0x3e, 0x13, 0xb9, 0xeb, 0x85, 0x8c, 0xb4, 0x21,
-			0x23, 0x40, 0x9b, 0x73, 0x04, 0x56, 0xe2, 0xff,
-			0xce, 0x52, 0x1f, 0x82, 0x7f, 0x17, 0x5b, 0x80,
-			0x23, 0x71, 0xca, 0x30, 0xdf, 0xfc, 0xdc, 0x2d,
-			0xc0, 0xfc, 0x5d, 0x23, 0x5a, 0x54, 0x7f, 0xae,
-			0xf5, 0x7d, 0x52, 0x1e, 0x86, 0x95, 0xe1, 0x2d,
-			0x28, 0xe7, 0xbe, 0xd7, 0xd0, 0xbf, 0xa9, 0x96,
-			0x13, 0xd0, 0x9c, 0x0c, 0x1c, 0x16, 0x05, 0xbb,
-			0x26, 0xd7, 0x30, 0x39, 0xb9, 0x53, 0x28, 0x98,
-			0x4f, 0x1b, 0x83, 0xc3, 0xce, 0x1c, 0x7c, 0x34,
-			0xa2, 0xc4, 0x7a, 0x54, 0x16, 0xc6, 0xa7, 0x9e,
-			0xed, 0x4b, 0x7b, 0x83, 0xa6, 0xae, 0xe2, 0x5b,
-			0x96, 0xf5, 0x6c, 0xad, 0x1f, 0xa3, 0x83, 0xb2,
-			0x84, 0x32, 0xed, 0xe3, 0x2c, 0xf6, 0xd4, 0x73,
-			0x30, 0xef, 0x9d, 0xbe, 0xe7, 0x23, 0x9a, 0xbf,
-			0x4d, 0x1c, 0xe7, 0xef, 0x3d, 0xea, 0x46, 0xe2,
-		},
-	},
 };
 
 #define N_TLS_PRF_TESTS \
diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c
index e5ff31a2c5a..7a42b70f2bc 100644
--- a/usr.bin/openssl/openssl.c
+++ b/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.35 2023/06/11 13:02:10 jsg Exp $ */
+/* $OpenBSD: openssl.c,v 1.36 2024/02/03 15:58:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -211,12 +211,6 @@ FUNCTION functions[] = {
 #endif
 
 	/* Message Digests. */
-#ifndef OPENSSL_NO_GOST
-	{ FUNC_TYPE_MD, "gost-mac", dgst_main },
-	{ FUNC_TYPE_MD, "md_gost94", dgst_main },
-	{ FUNC_TYPE_MD, "streebog256", dgst_main },
-	{ FUNC_TYPE_MD, "streebog512", dgst_main },
-#endif
 #ifndef OPENSSL_NO_MD4
 	{ FUNC_TYPE_MD, "md4", dgst_main },
 #endif