[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Tue Aug 11 22:27:24 UTC 2015


The branch master has been updated
       via  ade44dcb16141c8a30ca6c56a1fd1a0b14dcc360 (commit)
      from  f75d5171be0b3b5419c8974133e1573cf976a8bb (commit)


- Log -----------------------------------------------------------------
commit ade44dcb16141c8a30ca6c56a1fd1a0b14dcc360
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue Aug 4 12:32:40 2015 -0400

    Remove Gost94 signature algorithm.
    
    This was obsolete in 2001.  This is not the same as Gost94 digest.
    Thanks to Dmitry Belyavsky <beldmit at gmail.com> for review and advice.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/s_cb.c                  |   1 -
 crypto/x509/x509type.c       |   1 -
 doc/apps/ciphers.pod         |   5 -
 engines/ccgost/Makefile      |  63 ++------
 engines/ccgost/e_gost_err.c  |  18 ---
 engines/ccgost/gost2001.c    |   1 -
 engines/ccgost/gost94_keyx.c | 281 ---------------------------------
 engines/ccgost/gost_ameth.c  | 316 +++----------------------------------
 engines/ccgost/gost_asn1.c   |  16 ++
 engines/ccgost/gost_crypt.c  |   1 -
 engines/ccgost/gost_eng.c    |  41 ++---
 engines/ccgost/gost_lcl.h    |  28 ++--
 engines/ccgost/gost_params.c | 129 +--------------
 engines/ccgost/gost_params.h |  34 ----
 engines/ccgost/gost_pmeth.c  | 164 +++----------------
 engines/ccgost/gost_sign.c   | 365 -------------------------------------------
 include/openssl/tls1.h       |   1 -
 ssl/s3_both.c                |   4 +-
 ssl/s3_clnt.c                |   3 +-
 ssl/s3_lib.c                 |  90 +----------
 ssl/s3_srvr.c                |  10 +-
 ssl/ssl_ciph.c               |  12 +-
 ssl/ssl_lib.c                |   5 -
 ssl/ssl_locl.h               |   3 -
 24 files changed, 118 insertions(+), 1474 deletions(-)
 delete mode 100644 engines/ccgost/gost94_keyx.c
 delete mode 100644 engines/ccgost/gost_params.h
 delete mode 100644 engines/ccgost/gost_sign.c

diff --git a/apps/s_cb.c b/apps/s_cb.c
index a14e00c..2a18f74 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -288,7 +288,6 @@ static STRINT_PAIR cert_type_list[] = {
     {"ECDSA sign", TLS_CT_ECDSA_SIGN},
     {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
     {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
-    {"GOST94 Sign", TLS_CT_GOST94_SIGN},
     {"GOST01 Sign", TLS_CT_GOST01_SIGN},
     {NULL}
 };
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index 97e5bab..232ba9b 100644
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -93,7 +93,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
     case EVP_PKEY_DH:
         ret = EVP_PK_DH | EVP_PKT_EXCH;
         break;
-    case NID_id_GostR3410_94:
     case NID_id_GostR3410_2001:
         ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
         break;
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index d7b7bea..5a4a4fd 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -310,11 +310,6 @@ cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
 
 cipher suites using GOST R 34.10-2001 authentication.
 
-=item B<aGOST94>
-
-cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
-standard has been expired so use GOST R 34.10-2001)
-
 =item B<kGOST>
 
 cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
index 57b9c59..3c1e4f9 100644
--- a/engines/ccgost/Makefile
+++ b/engines/ccgost/Makefile
@@ -8,9 +8,9 @@ AR= ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 LIB=$(TOP)/libcrypto.a
 
-LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
+LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_pmeth.c gost_params.c
 
-LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
+LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_pmeth.o gost_params.o
 
 SRC=$(LIBSRC)
 
@@ -100,8 +100,7 @@ gost2001.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 gost2001.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 gost2001.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 gost2001.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gost_params.h
-gost2001.o: gosthash.h
+gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gosthash.h
 gost2001_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost2001_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 gost2001_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -120,23 +119,6 @@ gost2001_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 gost2001_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost2001_keyx.c
 gost2001_keyx.o: gost2001_keyx.h gost89.h gost_keywrap.h gost_lcl.h gosthash.h
 gost89.o: gost89.c gost89.h
-gost94_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost94_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost94_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost94_keyx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-gost94_keyx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-gost94_keyx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-gost94_keyx.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-gost94_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost94_keyx.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost94_keyx.o: ../../include/openssl/opensslconf.h
-gost94_keyx.o: ../../include/openssl/opensslv.h
-gost94_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-gost94_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-gost94_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost94_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost94_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h
 gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
@@ -152,7 +134,7 @@ gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost_ameth.o: gost_ameth.c gost_lcl.h gost_params.h gosthash.h
+gost_ameth.o: gost_ameth.c gost_lcl.h gosthash.h
 gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -229,14 +211,21 @@ gost_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h
-gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-gost_params.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+gost_params.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+gost_params.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+gost_params.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+gost_params.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+gost_params.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+gost_params.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
 gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 gost_params.o: ../../include/openssl/opensslconf.h
 gost_params.o: ../../include/openssl/opensslv.h
-gost_params.o: ../../include/openssl/ossl_typ.h
-gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
+gost_params.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+gost_params.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+gost_params.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+gost_params.o: gost89.h gost_lcl.h gost_params.c gosthash.h
 gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
@@ -252,23 +241,5 @@ gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c
-gost_pmeth.o: gosthash.h
-gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_sign.o: ../../include/openssl/objects.h
-gost_sign.o: ../../include/openssl/opensslconf.h
-gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_sign.c
-gost_sign.o: gosthash.h
+gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_pmeth.c gosthash.h
 gosthash.o: gost89.h gosthash.c gosthash.h
diff --git a/engines/ccgost/e_gost_err.c b/engines/ccgost/e_gost_err.c
index 0afd913..d05ef61 100644
--- a/engines/ccgost/e_gost_err.c
+++ b/engines/ccgost/e_gost_err.c
@@ -73,7 +73,6 @@ static ERR_STRING_DATA GOST_str_functs[] = {
     {ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
     {ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
     {ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
-    {ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
     {ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
     {ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
     {ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
@@ -83,37 +82,24 @@ static ERR_STRING_DATA GOST_str_functs[] = {
      "GOST89_GET_ASN1_PARAMETERS"},
     {ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),
      "GOST89_SET_ASN1_PARAMETERS"},
-    {ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"},
     {ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"},
-    {ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
-    {ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
     {ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
     {ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
     {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
-    {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"},
     {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
-    {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
     {ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
     {ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
     {ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
     {ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
-    {ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
     {ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
     {ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
-    {ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
     {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
     {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
     {ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
     {ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
     {ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
     {ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
-    {ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
     {ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
-    {ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
     {ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
     {0, NULL}
 };
@@ -128,8 +114,6 @@ static ERR_STRING_DATA GOST_str_reasons[] = {
     {ERR_REASON(GOST_R_CTRL_CALL_FAILED), "ctrl call failed"},
     {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),
      "error computing shared key"},
-    {ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),
-     "error packing key transport info"},
     {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),
      "error parsing key transport info"},
     {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"},
@@ -137,11 +121,9 @@ static ERR_STRING_DATA GOST_str_reasons[] = {
     {ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"},
     {ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"},
     {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"},
-    {ERR_REASON(GOST_R_INVALID_GOST94_PARMSET), "invalid gost94 parmset"},
     {ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"},
     {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"},
     {ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"},
-    {ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"},
     {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"},
     {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING), "key parameters missing"},
     {ERR_REASON(GOST_R_MAC_KEY_NOT_SET), "mac key not set"},
diff --git a/engines/ccgost/gost2001.c b/engines/ccgost/gost2001.c
index 6d41f31..985795e 100644
--- a/engines/ccgost/gost2001.c
+++ b/engines/ccgost/gost2001.c
@@ -7,7 +7,6 @@
  *          Requires OpenSSL 0.9.9 for compilation                    *
  **********************************************************************/
 #include "gost_lcl.h"
-#include "gost_params.h"
 #include <string.h>
 #include <openssl/rand.h>
 #include <openssl/ecdsa.h>
diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c
deleted file mode 100644
index b529c8e..0000000
--- a/engines/ccgost/gost94_keyx.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/**********************************************************************
- *                             gost94_keyx.c                          *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *     Implements generation and parsing of GOST_KEY_TRANSPORT for    *
- *              GOST R 34.10-94 algorithms                            *
- *                                                                    *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <string.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-#include "gost89.h"
-#include "gosthash.h"
-#include "e_gost_err.h"
-#include "gost_keywrap.h"
-#include "gost_lcl.h"
-/* Common functions for both 94 and 2001 key exchange schemes */
-/*
- * Implementation of the Diffi-Hellman key agreement scheme based on GOST-94
- * keys
- */
-
-/*
- * Computes Diffie-Hellman key and stores it into buffer in little-endian
- * byte order as expected by both versions of GOST 94 algorithm
- */
-static int compute_pair_key_le(unsigned char *pair_key, BIGNUM *pub_key,
-                               DH *dh)
-{
-    unsigned char be_key[128];
-    int i, key_size;
-    key_size = DH_compute_key(be_key, pub_key, dh);
-    if (!key_size)
-        return 0;
-    memset(pair_key, 0, 128);
-    for (i = 0; i < key_size; i++) {
-        pair_key[i] = be_key[key_size - 1 - i];
-    }
-    return key_size;
-}
-
-/*
- * Computes 256 bit Key exchange key as specified in RFC 4357
- */
-static int make_cp_exchange_key(BIGNUM *priv_key, EVP_PKEY *pubk,
-                                unsigned char *shared_key)
-{
-    unsigned char dh_key[128];
-    int ret;
-    gost_hash_ctx hash_ctx;
-    DH *dh = DH_new();
-
-    if (!dh)
-        return 0;
-    memset(dh_key, 0, 128);
-    dh->g = BN_dup(pubk->pkey.dsa->g);
-    dh->p = BN_dup(pubk->pkey.dsa->p);
-    dh->priv_key = BN_dup(priv_key);
-    ret =
-        compute_pair_key_le(dh_key, ((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,
-                            dh);
-    DH_free(dh);
-    if (!ret)
-        return 0;
-    init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
-    start_hash(&hash_ctx);
-    hash_block(&hash_ctx, dh_key, 128);
-    finish_hash(&hash_ctx, shared_key);
-    done_gost_hash_ctx(&hash_ctx);
-    return 1;
-}
-
-/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */
-
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
-{
-    EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx);
-    EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx);
-    *keylen = 32;
-    if (key == NULL)
-        return 1;
-
-    return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key);
-}
-
-/*
- * EVP_PKEY_METHOD callback encrypt for GOST R 34.10-94 cryptopro
- * modification
- */
-
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *key,
-                          size_t key_len)
-{
-    GOST_KEY_TRANSPORT *gkt = NULL;
-    unsigned char shared_key[32], ukm[8], crypted_key[44];
-    const struct gost_cipher_info *param = get_encryption_params(NULL);
-    EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    gost_ctx cctx;
-    int key_is_ephemeral = 1;
-    int tmp_outlen;
-    EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
-
-    /* Do not use vizir cipher parameters with cryptopro */
-    if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
-        && param == gost_cipher_list) {
-        param = gost_cipher_list + 1;
-    }
-
-    if (mykey) {
-        /* If key already set, it is not ephemeral */
-        key_is_ephemeral = 0;
-        if (!gost_get0_priv_key(mykey)) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
-                    GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
-            goto err;
-        }
-    } else {
-        /* Otherwise generate ephemeral key */
-        key_is_ephemeral = 1;
-        if (out) {
-            mykey = EVP_PKEY_new();
-            EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new());
-            EVP_PKEY_copy_parameters(mykey, pubk);
-            if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) {
-                goto err;
-            }
-        }
-    }
-    if (out)
-        make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, shared_key);
-    if (data->shared_ukm) {
-        memcpy(ukm, data->shared_ukm, 8);
-    } else if (out) {
-        if (RAND_bytes(ukm, 8) <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
-                    GOST_R_RANDOM_GENERATOR_FAILURE);
-            goto err;
-        }
-    }
-
-    if (out) {
-        gost_init(&cctx, param->sblock);
-        keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
-    }
-    gkt = GOST_KEY_TRANSPORT_new();
-    if (!gkt) {
-        goto memerr;
-    }
-    if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
-        goto memerr;
-    }
-    if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
-        goto memerr;
-    }
-    if (!ASN1_OCTET_STRING_set
-        (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
-        goto memerr;
-    }
-    if (key_is_ephemeral) {
-        if (!X509_PUBKEY_set
-            (&gkt->key_agreement_info->ephem_key, out ? mykey : pubk)) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
-                    GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
-            goto err;
-        }
-        if (out)
-            EVP_PKEY_free(mykey);
-    }
-    ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
-    gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
-    tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
-    if (tmp_outlen <= 0) {
-        GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
-                GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
-        goto err;
-    }
-    *outlen = tmp_outlen;
-    if (!key_is_ephemeral) {
-        /* Set control "public key from client certificate used" */
-        if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
-            0) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
-            goto err;
-        }
-    }
-    GOST_KEY_TRANSPORT_free(gkt);
-    return 1;
- memerr:
-    if (key_is_ephemeral) {
-        EVP_PKEY_free(mykey);
-    }
-    GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, ERR_R_MALLOC_FAILURE);
- err:
-    GOST_KEY_TRANSPORT_free(gkt);
-    return -1;
-}
-
-/*
- * EVP_PLEY_METHOD callback decrypt for GOST R 34.10-94 cryptopro
- * modification
- */
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key,
-                          size_t *key_len, const unsigned char *in,
-                          size_t in_len)
-{
-    const unsigned char *p = in;
-    GOST_KEY_TRANSPORT *gkt = NULL;
-    unsigned char wrappedKey[44];
-    unsigned char sharedKey[32];
-    gost_ctx cctx;
-    const struct gost_cipher_info *param = NULL;
-    EVP_PKEY *eph_key = NULL, *peerkey = NULL;
-    EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(ctx);
-
-    if (!key) {
-        *key_len = 32;
-        return 1;
-    }
-
-    gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
-    if (!gkt) {
-        GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
-                GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
-        return 0;
-    }
-    eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
-    if (eph_key) {
-        if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
-                    GOST_R_INCOMPATIBLE_PEER_KEY);
-            goto err;
-        }
-    } else {
-        /* Set control "public key from client certificate used" */
-        if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
-            0) {
-            GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);
-            goto err;
-        }
-    }
-    peerkey = EVP_PKEY_CTX_get0_peerkey(ctx);
-    if (!peerkey) {
-        GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_NO_PEER_KEY);
-        goto err;
-    }
-
-    param = get_encryption_params(gkt->key_agreement_info->cipher);
-    if (!param) {
-        goto err;
-    }
-
-    gost_init(&cctx, param->sblock);
-    OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
-    memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
-    OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
-    memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
-    OPENSSL_assert(gkt->key_info->imit->length == 4);
-    memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
-    make_cp_exchange_key(gost_get0_priv_key(priv), peerkey, sharedKey);
-    if (!keyUnwrapCryptoPro(&cctx, sharedKey, wrappedKey, key)) {
-        GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
-                GOST_R_ERROR_COMPUTING_SHARED_KEY);
-        goto err;
-    }
-
-    EVP_PKEY_free(eph_key);
-    GOST_KEY_TRANSPORT_free(gkt);
-    return 1;
- err:
-    EVP_PKEY_free(eph_key);
-    GOST_KEY_TRANSPORT_free(gkt);
-    return -1;
-}
diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index 5ca3a6e..4f3bd90 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -16,23 +16,32 @@
 #ifndef OPENSSL_NO_CMS
 # include <openssl/cms.h>
 #endif
-#include "gost_params.h"
 #include "gost_lcl.h"
 #include "e_gost_err.h"
 
-int gost94_nid_by_params(DSA *p)
+
+/* Convert little-endian byte array into bignum */
+BIGNUM *hashsum2bn(const unsigned char *dgst)
 {
-    R3410_params *gost_params;
-    BIGNUM *q = BN_new();
-    for (gost_params = R3410_paramset; gost_params->q != NULL; gost_params++) {
-        BN_dec2bn(&q, gost_params->q);
-        if (!BN_cmp(q, p->q)) {
-            BN_free(q);
-            return gost_params->nid;
-        }
-    }
-    BN_free(q);
-    return NID_undef;
+    unsigned char buf[32];
+
+    BUF_reverse(buf, (unsigned char*)dgst, 32);
+    return BN_bin2bn(buf, 32, NULL);
+}
+
+/*
+ * Pack bignum into byte buffer of given size, filling all leading bytes by
+ * zeros
+ */
+int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
+{
+    int bytes = BN_num_bytes(bn);
+
+    if (bytes > len)
+        return 0;
+    memset(buf, 0, len);
+    BN_bn2bin(bn, buf + len - bytes);
+    return 1;
 }
 
 static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
@@ -53,17 +62,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
             EC_GROUP_get_curve_name(EC_KEY_get0_group
                                     (EVP_PKEY_get0((EVP_PKEY *)key)));
         break;
-    case NID_id_GostR3410_94:
-        pkey_param_nid =
-            (int)gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
-        if (pkey_param_nid == NID_undef) {
-            GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
-                    GOST_R_INVALID_GOST94_PARMSET);
-            ASN1_STRING_free(params);
-            params = NULL;
-            goto err;
-        }
-        break;
     }
     gkp->key_params = OBJ_nid2obj(pkey_param_nid);
     gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
@@ -120,18 +118,6 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
         return 0;
     }
     switch (pkey_nid) {
-    case NID_id_GostR3410_94:
-        {
-            DSA *dsa = EVP_PKEY_get0(pkey);
-            if (!dsa) {
-                dsa = DSA_new();
-                if (!EVP_PKEY_assign(pkey, pkey_nid, dsa))
-                    return 0;
-            }
-            if (!fill_GOST94_params(dsa, param_nid))
-                return 0;
-            break;
-        }
     case NID_id_GostR3410_2001:
         {
             EC_KEY *ec = EVP_PKEY_get0(pkey);
@@ -151,18 +137,6 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
 static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
 {
     switch (EVP_PKEY_base_id(pkey)) {
-    case NID_id_GostR3410_94:
-        {
-            DSA *dsa = EVP_PKEY_get0(pkey);
-            if (!dsa) {
-                dsa = DSA_new();
-                EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), dsa);
-            }
-            dsa->priv_key = BN_dup(priv);
-            if (!EVP_PKEY_missing_parameters(pkey))
-                gost94_compute_public(dsa);
-            break;
-        }
     case NID_id_GostR3410_2001:
         {
             EC_KEY *ec = EVP_PKEY_get0(pkey);
@@ -183,16 +157,6 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
 BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
 {
     switch (EVP_PKEY_base_id(pkey)) {
-    case NID_id_GostR3410_94:
-        {
-            DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
-            if (!dsa) {
-                return NULL;
-            }
-            if (!dsa->priv_key)
-                return NULL;
-            return dsa->priv_key;
-        }
     case NID_id_GostR3410_2001:
         {
             EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
@@ -277,11 +241,6 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 }
 
 /* --------------------- free functions * ------------------------------*/
-static void pkey_free_gost94(EVP_PKEY *key)
-{
-    DSA_free(key->pkey.dsa);
-}
-
 static void pkey_free_gost01(EVP_PKEY *key)
 {
     EC_KEY_free(key->pkey.ec);
@@ -355,58 +314,6 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
 }
 
 /* --------- printing keys --------------------------------*/
-static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
-                         ASN1_PCTX *pctx, int type)
-{
-    int param_nid = NID_undef;
-
-    if (type == 2) {
-        BIGNUM *key;
-
-        if (!BIO_indent(out, indent, 128))
-            return 0;
-        BIO_printf(out, "Private key: ");
-        key = gost_get0_priv_key(pkey);
-        if (!key)
-            BIO_printf(out, "<undefined>");
-        else
-            BN_print(out, key);
-        BIO_printf(out, "\n");
-    }
-    if (type >= 1) {
-        BIGNUM *pubkey;
-
-        pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
-        BIO_indent(out, indent, 128);
-        BIO_printf(out, "Public key: ");
-        BN_print(out, pubkey);
-        BIO_printf(out, "\n");
-    }
-
-    param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
-    BIO_indent(out, indent, 128);
-    BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
-    return 1;
-}
-
-static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
-                              ASN1_PCTX *pctx)
-{
-    return print_gost_94(out, pkey, indent, pctx, 0);
-}
-
-static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
-                            ASN1_PCTX *pctx)
-{
-    return print_gost_94(out, pkey, indent, pctx, 1);
-}
-
-static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
-                             ASN1_PCTX *pctx)
-{
-    return print_gost_94(out, pkey, indent, pctx, 2);
-}
-
 static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *pctx, int type)
 {
@@ -489,16 +396,6 @@ static int priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
 }
 
 /* ---------------------------------------------------------------------*/
-static int param_missing_gost94(const EVP_PKEY *pk)
-{
-    const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
-    if (!dsa)
-        return 1;
-    if (!dsa->q)
-        return 1;
-    return 0;
-}
-
 static int param_missing_gost01(const EVP_PKEY *pk)
 {
     const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
@@ -509,33 +406,6 @@ static int param_missing_gost01(const EVP_PKEY *pk)
     return 0;
 }
 
-static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
-{
-    const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
-    DSA *dto = EVP_PKEY_get0(to);
-    if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_INCOMPATIBLE_ALGORITHMS);
-        return 0;
-    }
-    if (!dfrom) {
-        GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_KEY_PARAMETERS_MISSING);
-        return 0;
-    }
-    if (!dto) {
-        dto = DSA_new();
-        EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto);
-    }
-    BN_free(dto->p);
-    dto->p = BN_dup(dfrom->p);
-    BN_free(dto->q);
-    dto->q = BN_dup(dfrom->q);
-    BN_free(dto->g);
-    dto->g = BN_dup(dfrom->g);
-
-    if (dto->priv_key)
-        gost94_compute_public(dto);
-    return 1;
-}
 
 static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
 {
@@ -570,15 +440,6 @@ static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
     return 1;
 }
 
-static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-    const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
-    const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
-    if (!BN_cmp(da->q, db->q))
-        return 1;
-    return 0;
-}
-
 static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
 {
     if (EC_GROUP_get_curve_name
@@ -592,84 +453,6 @@ static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
 }
 
 /* ---------- Public key functions * --------------------------------------*/
-static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
-{
-    X509_ALGOR *palg = NULL;
-    const unsigned char *pubkey_buf = NULL;
-    unsigned char *databuf;
-    ASN1_OBJECT *palgobj = NULL;
-    int pub_len, i, j;
-    DSA *dsa;
-    ASN1_OCTET_STRING *octet = NULL;
-
-    if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
-        return 0;
-    EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
-    if (!decode_gost_algor_params(pk, palg))
-        return 0;
-    octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
-    if (!octet) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    databuf = OPENSSL_malloc(octet->length);
-    if (databuf == NULL) {
-        GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
-        ASN1_OCTET_STRING_free(octet);
-        return 0;
-    }
-    for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
-        databuf[j] = octet->data[i];
-    }
-    dsa = EVP_PKEY_get0(pk);
-    dsa->pub_key = BN_bin2bn(databuf, octet->length, NULL);
-    ASN1_OCTET_STRING_free(octet);
-    OPENSSL_free(databuf);
-    return 1;
-
-}
-
-static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
-{
-    ASN1_OBJECT *algobj = NULL;
-    ASN1_OCTET_STRING *octet = NULL;
-    void *pval = NULL;
-    unsigned char *buf = NULL, *databuf, *sptr;
-    int i, j, data_len, ret = 0;
-
-    int ptype = V_ASN1_UNDEF;
-    DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
-    algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
-    if (pk->save_parameters) {
-        ASN1_STRING *params = encode_gost_algor_params(pk);
-        pval = params;
-        ptype = V_ASN1_SEQUENCE;
-    }
-    data_len = BN_num_bytes(dsa->pub_key);
-    databuf = OPENSSL_malloc(data_len);
-    if (databuf == NULL) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    BN_bn2bin(dsa->pub_key, databuf);
-    octet = ASN1_OCTET_STRING_new();
-    if (octet == NULL) {
-        GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
-        OPENSSL_free(databuf);
-        return 0;
-    }
-    ASN1_STRING_set(octet, NULL, data_len);
-    sptr = ASN1_STRING_data(octet);
-    for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
-        sptr[i] = databuf[j];
-    }
-    OPENSSL_free(databuf);
-    ret = i2d_ASN1_OCTET_STRING(octet, &buf);
-    ASN1_BIT_STRING_free(octet);
-    if (ret < 0)
-        return 0;
-    return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
-}
 
 static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
 {
@@ -808,17 +591,6 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
     return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
 }
 
-static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-    const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
-    const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
-    if (da && db && da->pub_key && db->pub_key
-        && !BN_cmp(da->pub_key, db->pub_key)) {
-        return 1;
-    }
-    return 0;
-}
-
 static int pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
 {
     const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
@@ -861,12 +633,6 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
     return -2;
 }
 
-static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
-    int nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
-    return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
-}
-
 static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
 {
     int nid =
@@ -875,27 +641,6 @@ static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
     return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
 }
 
-static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
-                               int derlen)
-{
-    ASN1_OBJECT *obj = NULL;
-    DSA *dsa = EVP_PKEY_get0(pkey);
-    int nid;
-    if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
-        return 0;
-    }
-    nid = OBJ_obj2nid(obj);
-    ASN1_OBJECT_free(obj);
-    if (!dsa) {
-        dsa = DSA_new();
-        if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa))
-            return 0;
-    }
-    if (!fill_GOST94_params(dsa, nid))
-        return 0;
-    return 1;
-}
-
 static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
                                  int derlen)
 {
@@ -925,23 +670,6 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
     if (!*ameth)
         return 0;
     switch (nid) {
-    case NID_id_GostR3410_94:
-        EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost94);
-        EVP_PKEY_asn1_set_private(*ameth,
-                                  priv_decode_gost, priv_encode_gost,
-                                  priv_print_gost94);
-
-        EVP_PKEY_asn1_set_param(*ameth,
-                                gost94_param_decode, gost94_param_encode,
-                                param_missing_gost94, param_copy_gost94,
-                                param_cmp_gost94, param_print_gost94);
-        EVP_PKEY_asn1_set_public(*ameth,
-                                 pub_decode_gost94, pub_encode_gost94,
-                                 pub_cmp_gost94, pub_print_gost94,
-                                 pkey_size_gost, pkey_bits_gost);
-
-        EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
-        break;
     case NID_id_GostR3410_2001:
         EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost01);
         EVP_PKEY_asn1_set_private(*ameth,
diff --git a/engines/ccgost/gost_asn1.c b/engines/ccgost/gost_asn1.c
index 1168633..0412d2c 100644
--- a/engines/ccgost/gost_asn1.c
+++ b/engines/ccgost/gost_asn1.c
@@ -54,3 +54,19 @@ ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /* FIXME incomplete */
 
 ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
 IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
+
+/* Convert byte buffer to bignum, skipping leading zeros*/
+BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
+{
+    BIGNUM *b;
+
+    while (*buf == 0 && len > 0) {
+        buf++;
+        len--;
+    }
+    if (len)
+        return BN_bin2bn(buf, len, NULL);
+    b = BN_new();
+    BN_zero(b);
+    return b;
+}
diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c
index 5f50fcc..e2a2ff6 100644
--- a/engines/ccgost/gost_crypt.c
+++ b/engines/ccgost/gost_crypt.c
@@ -118,7 +118,6 @@ struct gost_cipher_info gost_cipher_list[] = {
     /*
      * {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
      */
-    {NID_id_Gost28147_89_cc, &GostR3411_94_CryptoProParamSet, 0},
     {NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA,
      1},
     {NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB,
diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c
index 5924791..4129260 100644
--- a/engines/ccgost/gost_eng.c
+++ b/engines/ccgost/gost_eng.c
@@ -19,6 +19,10 @@ static const char *engine_gost_id = "gost";
 static const char *engine_gost_name =
     "Reference implementation of GOST engine";
 
+static int gost_pkey_meth_nids[] = {
+    NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
+};
+
 /* Symmetric cipher and digest function registrar */
 
 static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
@@ -38,15 +42,11 @@ static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 };
 static int gost_digest_nids[] =
     { NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };
 
-static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94,
-    NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
-};
-
-static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
-    *pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL;
+static EVP_PKEY_METHOD *pmeth_GostR3410_2001 = NULL;
+static EVP_PKEY_METHOD *pmeth_Gost28147_MAC = NULL;
 
-static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
-    *ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL;
+static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_2001 = NULL;
+static EVP_PKEY_ASN1_METHOD *ameth_Gost28147_MAC = NULL;
 
 static int gost_engine_init(ENGINE *e)
 {
@@ -62,10 +62,8 @@ static int gost_engine_destroy(ENGINE *e)
 {
     gost_param_free();
 
-    pmeth_GostR3410_94 = NULL;
     pmeth_GostR3410_2001 = NULL;
     pmeth_Gost28147_MAC = NULL;
-    ameth_GostR3410_94 = NULL;
     ameth_GostR3410_2001 = NULL;
     ameth_Gost28147_MAC = NULL;
     return 1;
@@ -76,7 +74,7 @@ static int bind_gost(ENGINE *e, const char *id)
     int ret = 0;
     if (id && strcmp(id, engine_gost_id))
         return 0;
-    if (ameth_GostR3410_94) {
+    if (ameth_GostR3410_2001) {
         printf("GOST engine already loaded\n");
         goto end;
     }
@@ -121,10 +119,6 @@ static int bind_gost(ENGINE *e, const char *id)
     }
 
     if (!register_ameth_gost
-        (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94",
-         "GOST R 34.10-94"))
-        goto end;
-    if (!register_ameth_gost
         (NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001",
          "GOST R 34.10-2001"))
         goto end;
@@ -132,12 +126,9 @@ static int bind_gost(ENGINE *e, const char *id)
                              "GOST-MAC", "GOST 28147-89 MAC"))
         goto end;
 
-    if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
-        goto end;
     if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
         goto end;
-    if (!register_pmeth_gost
-        (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
+    if (!register_pmeth_gost(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
         goto end;
     if (!ENGINE_register_ciphers(e)
         || !ENGINE_register_digests(e)
@@ -208,13 +199,10 @@ static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
 {
     if (!pmeth) {
         *nids = gost_pkey_meth_nids;
-        return 3;
+        return 2;
     }
 
     switch (nid) {
-    case NID_id_GostR3410_94:
-        *pmeth = pmeth_GostR3410_94;
-        return 1;
     case NID_id_GostR3410_2001:
         *pmeth = pmeth_GostR3410_2001;
         return 1;
@@ -233,12 +221,9 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
 {
     if (!ameth) {
         *nids = gost_pkey_meth_nids;
-        return 3;
+        return 2;
     }
     switch (nid) {
-    case NID_id_GostR3410_94:
-        *ameth = ameth_GostR3410_94;
-        return 1;
     case NID_id_GostR3410_2001:
         *ameth = ameth_GostR3410_2001;
         return 1;
@@ -269,7 +254,7 @@ static ENGINE *engine_gost(void)
 void ENGINE_load_gost(void)
 {
     ENGINE *toadd;
-    if (pmeth_GostR3410_94)
+    if (pmeth_GostR3410_2001)
         return;
     toadd = engine_gost();
     if (!toadd)
diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h
index 3a2c7d5..27fe0e7 100644
--- a/engines/ccgost/gost_lcl.h
+++ b/engines/ccgost/gost_lcl.h
@@ -23,6 +23,18 @@
 # define GOST_PARAM_MAX 0
 # define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
 
+typedef struct R3410_2001 {
+    int nid;
+    char *a;
+    char *b;
+    char *p;
+    char *q;
+    char *x;
+    char *y;
+} R3410_2001_params;
+
+extern R3410_2001_params R3410_2001_paramset[];
+
 extern const ENGINE_CMD_DEFN gost_cmds[];
 int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
 const char *get_gost_engine_param(int param);
@@ -167,14 +179,6 @@ extern EVP_CIPHER cipher_gost_cpacnt;
 # define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
 # define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
 /* EVP_PKEY_METHOD key encryption callbacks */
-/* From gost94_keyx.c */
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *key,
-                          size_t key_len);
-
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                          size_t *outlen, const unsigned char *in,
-                          size_t in_len);
 /* From gost2001_keyx.c */
 int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
                           size_t *outlen, const unsigned char *key,
@@ -187,10 +191,7 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
 /* From gost2001_keyx.c */
 int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                          size_t *keylen);
-/* From gost94_keyx.c */
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 /* Internal functions for signature algorithms */
-int fill_GOST94_params(DSA *dsa, int nid);
 int fill_GOST2001_params(EC_KEY *eckey, int nid);
 int gost_sign_keygen(DSA *dsa);
 int gost2001_keygen(EC_KEY *ec);
@@ -203,7 +204,6 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
 int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
                        DSA_SIG *sig, EC_KEY *ec);
 int gost2001_compute_public(EC_KEY *ec);
-int gost94_compute_public(DSA *dsa);
 /*============== miscellaneous functions============================= */
 /* from gost_sign.c */
 /* Convert GOST R 34.11 hash sum to bignum according to standard */
@@ -220,10 +220,8 @@ int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
 /* Unpack GOST R 34.10 signature according to CryptoPro rules */
 DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen);
 /* from ameth.c */
-/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001  keys*/
+/* Get private key as BIGNUM from both 34.10-2001 keys*/
 /* Returns pointer into EVP_PKEY structure */
 BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey);
-/* Find NID by GOST 94 parameters */
-int gost94_nid_by_params(DSA *p);
 
 #endif
diff --git a/engines/ccgost/gost_params.c b/engines/ccgost/gost_params.c
index 0411534..2371c9a 100644
--- a/engines/ccgost/gost_params.c
+++ b/engines/ccgost/gost_params.c
@@ -7,138 +7,11 @@
  *         OpenSSL 0.9.9 libraries required to compile and use        *
  *                              this code                             *
  **********************************************************************/
-#include "gost_params.h"
+#include "gost_lcl.h"
 #include <openssl/objects.h>
 /* Parameters of GOST 34.10 */
 
-R3410_params R3410_paramset[] = {
-/* Paramset A */
-    {NID_id_GostR3410_94_CryptoPro_A_ParamSet,
-     "100997906755055304772081815535925224869"
-     "8410825720534578748235158755771479905292727772441528526992987964833"
-     "5669968284202797289605274717317548059048560713474685214192868091256"
-     "1502802222185647539190902656116367847270145019066794290930185446216"
-     "3997308722217328898303231940973554032134009725883228768509467406639"
-     "62",
-     "127021248288932417465907042777176443525"
-     "7876535089165358128175072657050312609850984974231883334834011809259"
-     "9999512098893413065920561499672425412104927434935707492031276956145"
-     "1689224110579311248812610229678534638401693520013288995000362260684"
-     "2227508135323070045173416336850045410625869714168836867788425378203"
-     "83",
-     "683631961449557007844441656118272528951"
-     "02170888761442055095051287550314083023"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_B_ParamSet,
-     "429418261486158041438734477379555023926"
-     "7234596860714306679811299408947123142002706038521669956384871995765"
-     "7284814898909770759462613437669456364882730370838934791080835932647"
-     "9767786019153434744009610342313166725786869204821949328786333602033"
-     "8479709268434224762105576023501613261478065276102850944540333865234"
-     "1",
-     "139454871199115825601409655107690713107"
-     "0417070599280317977580014543757653577229840941243685222882398330391"
-     "1468164807668823692122073732267216074074777170091113455043205380464"
-     "7694904686120113087816240740184800477047157336662926249423571248823"
-     "9685422217536601433914856808405203368594584948031873412885804895251"
-     "63",
-     "79885141663410976897627118935756323747307951916507639758300472692338873533959"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_C_ParamSet,
-     "816552717970881016017893191415300348226"
-     "2544051353358162468249467681876621283478212884286545844013955142622"
-     "2087723485023722868022275009502224827866201744494021697716482008353"
-     "6398202298024892620480898699335508064332313529725332208819456895108"
-     "5155178100221003459370588291073071186553005962149936840737128710832"
-     "3",
-     "110624679233511963040518952417017040248"
-     "5862954819831383774196396298584395948970608956170224210628525560327"
-     "8638246716655439297654402921844747893079518669992827880792192992701"
-     "1428546551433875806377110443534293554066712653034996277099320715774"
-     "3542287621283671843703709141350171945045805050291770503634517804938"
-     "01",
-     "113468861199819350564868233378875198043"
-     "267947776488510997961231672532899549103"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_D_ParamSet,
-     "756976611021707301782128757801610628085"
-     "5283803109571158829574281419208532589041660017017859858216341400371"
-     "4687551412794400562878935266630754392677014598582103365983119173924"
-     "4732511225464712252386803315902707727668715343476086350472025298282"
-     "7271461690125050616858238384366331089777463541013033926723743254833"
-     "7",
-     "905457649621929965904290958774625315611"
-     "3056083907389766971404812524422262512556054474620855996091570786713"
-     "5849550236741915584185990627801066465809510095784713989819413820871"
-     "5964648914493053407920737078890520482730623038837767710173664838239"
-     "8574828787891286471201460474326612697849693665518073864436497893214"
-     "9",
-     "108988435796353506912374591498972192620"
-     "190487557619582334771735390599299211593"}
-    ,
-
-    {NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,
-     "1335318132727206734338595199483190012179423759678474868994823595993"
-     "6964252873471246159040332773182141032801252925387191478859899310331"
-     "0567744136196364803064721377826656898686468463277710150809401182608"
-     "7702016153249904683329312949209127762411378780302243557466062839716"
-     "59376426832674269780880061631528163475887",
-     "14201174159756348119636828602231808974327613839524373876287257344192"
-     "74593935127189736311660784676003608489466235676257952827747192122419"
-     "29071046134208380636394084512691828894000571524625445295769349356752"
-     "72895683154177544176313938445719175509684710784659566254794231229333"
-     "8483924514339614727760681880609734239",
-     "91771529896554605945588149018382750217296858393520724172743325725474"
-     "374979801"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,
-     "8890864727828423151699995801875757891031463338652579140051973659"
-     "3048131440685857067369829407947744496306656291505503608252399443"
-     "7900272386749145996230867832228661977543992816745254823298629859"
-     "8753575466286051738837854736167685769017780335804511440773337196"
-     "2538423532919394477873664752824509986617878992443177",
-     "1028946126624994859676552074360530315217970499989304888248413244"
-     "8474923022758470167998871003604670704877377286176171227694098633"
-     "1539089568784129110109512690503345393869871295783467257264868341"
-     "7200196629860561193666752429682367397084815179752036423595736533"
-     "68957392061769855284593965042530895046088067160269433",
-     "9109671391802626916582318050603555673628769498182593088388796888"
-     "5281641595199"}
-    ,
-    {NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,
-     "4430618464297584182473135030809859326863990650118941756995270074"
-     "8609973181426950235239623239110557450826919295792878938752101867"
-     "7047181623251027516953100431855964837602657827828194249605561893"
-     "6965865325513137194483136247773653468410118796740709840825496997"
-     "9375560722345106704721086025979309968763193072908334",
-     "1246996366993477513607147265794064436203408861395055989217248455"
-     "7299870737698999651480662364723992859320868822848751165438350943"
-     "3276647222625940615560580450040947211826027729977563540237169063"
-     "0448079715771649447778447000597419032457722226253269698374446528"
-     "35352729304393746106576383349151001715930924115499549",
-     "6787876137336591234380295020065682527118129468050147943114675429"
-     "4748422492761"}
-    ,
-
-    {NID_undef, NULL, NULL, NULL}
-};
-
 R3410_2001_params R3410_2001_paramset[] = {
-    /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
-    {NID_id_GostR3410_2001_ParamSet_cc,
-     /* A */
-     "C0000000000000000000000000000000000000000000000000000000000003c4",
-     /* B */
-     "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c",
-     /* P */
-     "C0000000000000000000000000000000000000000000000000000000000003C7",
-     /* Q */
-     "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85",
-     /* X */
-     "2",
-     /* Y */
-     "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"}
-    ,
     /* 1.2.643.2.2.35.0 */
     {NID_id_GostR3410_2001_TestParamSet,
      "7",
diff --git a/engines/ccgost/gost_params.h b/engines/ccgost/gost_params.h
deleted file mode 100644
index 0773cbf..0000000
--- a/engines/ccgost/gost_params.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/**********************************************************************
- *                        gost_params.h                               *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *       This file is distributed under the same license as OpenSSL   *
- *                                                                    *
- *       Declaration of structures used to represent  GOST R 34.10    *
- *                     parameter sets, defined in RFC 4357                *
- *         OpenSSL 0.9.9 libraries required to compile and use        *
- *                              this code                             *
- **********************************************************************/
-#ifndef GOST_PARAMSET_H
-# define GOST_PARAMSET_H
-typedef struct R3410 {
-    int nid;
-    char *a;
-    char *p;
-    char *q;
-} R3410_params;
-
-extern R3410_params R3410_paramset[];
-
-typedef struct R3410_2001 {
-    int nid;
-    char *a;
-    char *b;
-    char *p;
-    char *q;
-    char *x;
-    char *y;
-} R3410_2001_params;
-
-extern R3410_2001_params R3410_2001_paramset[];
-
-#endif
diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c
index af1d29e..0574d6e 100644
--- a/engines/ccgost/gost_pmeth.c
+++ b/engines/ccgost/gost_pmeth.c
@@ -15,7 +15,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#include "gost_params.h"
 #include "gost_lcl.h"
 #include "e_gost_err.h"
 /* -----init, cleanup, copy - uniform for all algs  ---------------*/
@@ -31,9 +30,6 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx)
     memset(data, 0, sizeof(*data));
     if (pkey && EVP_PKEY_get0(pkey)) {
         switch (EVP_PKEY_base_id(pkey)) {
-        case NID_id_GostR3410_94:
-            data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
-            break;
         case NID_id_GostR3410_2001:
             data->sign_param_nid =
                 EC_GROUP_get_curve_name(EC_KEY_get0_group
@@ -126,69 +122,6 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     return -2;
 }
 
-static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
-                                const char *type, const char *value)
-{
-    int param_nid = 0;
-
-    if (strcmp(type, param_ctrl_string) == 0) {
-        if (!value) {
-            return 0;
-        }
-        if (strlen(value) == 1) {
-            switch (toupper((unsigned char)value[0])) {
-            case 'A':
-                param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
-                break;
-            case 'B':
-                param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet;
-                break;
-            case 'C':
-                param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet;
-                break;
-            case 'D':
-                param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet;
-                break;
-            default:
-                return 0;
-            }
-        } else if ((strlen(value) == 2)
-                   && (toupper((unsigned char)value[0]) == 'X')) {
-            switch (toupper((unsigned char)value[1])) {
-            case 'A':
-                param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
-                break;
-            case 'B':
-                param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet;
-                break;
-            case 'C':
-                param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet;
-                break;
-            default:
-                return 0;
-            }
-        } else {
-            R3410_params *p = R3410_paramset;
-            param_nid = OBJ_txt2nid(value);
-            if (param_nid == NID_undef) {
-                return 0;
-            }
-            for (; p->nid != NID_undef; p++) {
-                if (p->nid == param_nid)
-                    break;
-            }
-            if (p->nid == NID_undef) {
-                GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, GOST_R_INVALID_PARAMSET);
-                return 0;
-            }
-        }
-
-        return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
-                              param_nid, NULL);
-    }
-    return -2;
-}
-
 static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
                                 const char *type, const char *value)
 {
@@ -256,23 +189,6 @@ static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
     return 1;
 }
 
-static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-    DSA *dsa = NULL;
-    if (data->sign_param_nid == NID_undef) {
-        GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
-        return 0;
-    }
-    dsa = DSA_new();
-    if (!fill_GOST94_params(dsa, data->sign_param_nid)) {
-        DSA_free(dsa);
-        return 0;
-    }
-    EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);
-    return 1;
-}
-
 static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
@@ -292,17 +208,6 @@ static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
     return 1;
 }
 
-/* Generates Gost_R3410_94_cp key */
-static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    DSA *dsa;
-    if (!pkey_gost94_paramgen(ctx, pkey))
-        return 0;
-    dsa = EVP_PKEY_get0(pkey);
-    gost_sign_keygen(dsa);
-    return 1;
-}
-
 /* Generates GOST_R3410 2001 key and assigns it using specified type */
 static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
@@ -315,26 +220,21 @@ static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 }
 
 /* ----------- sign callbacks --------------------------------------*/
-
-static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
-                               size_t *siglen, const unsigned char *tbs,
-                               size_t tbs_len)
+/*
+ * Packs signature according to Cryptopro rules
+ * and frees up DSA_SIG structure
+ */
+int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
 {
-    DSA_SIG *unpacked_sig = NULL;
-    EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
-    if (!siglen)
-        return 0;
-    if (!sig) {
-        *siglen = 64;           /* better to check size of pkey->pkey.dsa-q */
-        return 1;
-    }
-    unpacked_sig = gost_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
-    if (!unpacked_sig) {
-        return 0;
-    }
-    return pack_sign_cp(unpacked_sig, 32, sig, siglen);
+    *siglen = 2 * order;
+    memset(sig, 0, *siglen);
+    store_bignum(s->s, sig, order);
+    store_bignum(s->r, sig + order, order);
+    DSA_SIG_free(s);
+    return 1;
 }
 
+
 static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
                                size_t *siglen, const unsigned char *tbs,
                                size_t tbs_len)
@@ -355,22 +255,22 @@ static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
 }
 
 /* ------------------- verify callbacks ---------------------------*/
-
-static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
-                                 size_t siglen, const unsigned char *tbs,
-                                 size_t tbs_len)
+/* Unpack signature according to cryptopro rules  */
+DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
 {
-    int ok = 0;
-    EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
-    DSA_SIG *s = unpack_cp_signature(sig, siglen);
-    if (!s)
-        return 0;
-    if (pub_key)
-        ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
-    DSA_SIG_free(s);
-    return ok;
+    DSA_SIG *s;
+
+    s = DSA_SIG_new();
+    if (s == NULL) {
+        GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    s->s = BN_bin2bn(sig, siglen / 2, NULL);
+    s->r = BN_bin2bn(sig + siglen / 2, siglen / 2, NULL);
+    return s;
 }
 
+
 static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
                                  size_t siglen, const unsigned char *tbs,
                                  size_t tbs_len)
@@ -570,20 +470,6 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
         return 0;
 
     switch (id) {
-    case NID_id_GostR3410_94:
-        EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl94_str);
-        EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost94cp_keygen);
-        EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
-        EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
-        EVP_PKEY_meth_set_encrypt(*pmeth,
-                                  pkey_gost_encrypt_init,
-                                  pkey_GOST94cp_encrypt);
-        EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt);
-        EVP_PKEY_meth_set_derive(*pmeth,
-                                 pkey_gost_derive_init, pkey_gost94_derive);
-        EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
-                                   pkey_gost94_paramgen);
-        break;
     case NID_id_GostR3410_2001:
         EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl01_str);
         EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
diff --git a/engines/ccgost/gost_sign.c b/engines/ccgost/gost_sign.c
deleted file mode 100644
index 543c399..0000000
--- a/engines/ccgost/gost_sign.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/**********************************************************************
- *                          gost_sign.c                               *
- *             Copyright (c) 2005-2006 Cryptocom LTD                  *
- *         This file is distributed under the same license as OpenSSL *
- *                                                                    *
- *       Implementation of GOST R 34.10-94 signature algorithm        *
- *       for OpenSSL                                                  *
- *          Requires OpenSSL 0.9.9 for compilation                    *
- **********************************************************************/
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-
-#include "gost_params.h"
-#include "gost_lcl.h"
-#include "e_gost_err.h"
-
-#ifdef DEBUG_SIGN
-void dump_signature(const char *message, const unsigned char *buffer,
-                    size_t len)
-{
-    size_t i;
-    fprintf(stderr, "signature %s Length=%d", message, len);
-    for (i = 0; i < len; i++) {
-        if (i % 16 == 0)
-            fputc('\n', stderr);
-        fprintf(stderr, " %02x", buffer[i]);
-    }
-    fprintf(stderr, "\nEnd of signature\n");
-}
-
-void dump_dsa_sig(const char *message, DSA_SIG *sig)
-{
-    fprintf(stderr, "%s\nR=", message);
-    BN_print_fp(stderr, sig->r);
-    fprintf(stderr, "\nS=");
-    BN_print_fp(stderr, sig->s);
-    fprintf(stderr, "\n");
-}
-
-#else
-
-# define dump_signature(a,b,c)
-# define dump_dsa_sig(a,b)
-#endif
-
-/*
- * Computes signature and returns it as DSA_SIG structure
- */
-DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
-    BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
-    DSA_SIG *newsig = NULL, *ret = NULL;
-    BIGNUM *md = hashsum2bn(dgst);
-    /* check if H(M) mod q is zero */
-    BN_CTX *ctx = BN_CTX_new();
-    if (!ctx) {
-        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN_CTX_start(ctx);
-    newsig = DSA_SIG_new();
-    if (!newsig) {
-        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    tmp = BN_CTX_get(ctx);
-    k = BN_CTX_get(ctx);
-    tmp2 = BN_CTX_get(ctx);
-    if (!tmp || !k || !tmp2) {
-        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    BN_mod(tmp, md, dsa->q, ctx);
-    if (BN_is_zero(tmp)) {
-        BN_one(md);
-    }
-    do {
-        do {
-            /*
-             * Generate random number k less than q
-             */
-            BN_rand_range(k, dsa->q);
-            /* generate r = (a^x mod p) mod q */
-            BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
-            if (!(newsig->r)) {
-                newsig->r = BN_new();
-                if (!newsig->r) {
-                    GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-            }
-            BN_mod(newsig->r, tmp, dsa->q, ctx);
-        }
-        while (BN_is_zero(newsig->r));
-        /* generate s = (xr + k(Hm)) mod q */
-        BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
-        BN_mod_mul(tmp2, k, md, dsa->q, ctx);
-        if (!newsig->s) {
-            newsig->s = BN_new();
-            if (!newsig->s) {
-                GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-        }
-        BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
-    }
-    while (BN_is_zero(newsig->s));
-
-    ret = newsig;
- err:
-    BN_free(md);
-    if (ctx)
-        BN_CTX_end(ctx);
-    BN_CTX_free(ctx);
-    if (!ret)
-        DSA_SIG_free(newsig);
-    return ret;
-}
-
-/*
- * Packs signature according to Cryptocom rules
- * and frees up DSA_SIG structure
- */
-/*-
-int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
-        {
-        *siglen = 2*order;
-        memset(sig,0,*siglen);
-        store_bignum(s->r, sig,order);
-        store_bignum(s->s, sig + order,order);
-        dump_signature("serialized",sig,*siglen);
-        DSA_SIG_free(s);
-        return 1;
-        }
-*/
-/*
- * Packs signature according to Cryptopro rules
- * and frees up DSA_SIG structure
- */
-int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
-{
-    *siglen = 2 * order;
-    memset(sig, 0, *siglen);
-    store_bignum(s->s, sig, order);
-    store_bignum(s->r, sig + order, order);
-    dump_signature("serialized", sig, *siglen);
-    DSA_SIG_free(s);
-    return 1;
-}
-
-/*
- * Verifies signature passed as DSA_SIG structure
- *
- */
-
-int gost_do_verify(const unsigned char *dgst, int dgst_len,
-                   DSA_SIG *sig, DSA *dsa)
-{
-    BIGNUM *md = NULL, *tmp = NULL;
-    BIGNUM *q2 = NULL;
-    BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
-    BIGNUM *tmp2 = NULL, *tmp3 = NULL;
-    int ok = 0;
-    BN_CTX *ctx = BN_CTX_new();
-    if (!ctx) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    BN_CTX_start(ctx);
-    if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
-        goto err;
-    }
-    md = hashsum2bn(dgst);
-
-    tmp = BN_CTX_get(ctx);
-    v = BN_CTX_get(ctx);
-    q2 = BN_CTX_get(ctx);
-    z1 = BN_CTX_get(ctx);
-    z2 = BN_CTX_get(ctx);
-    tmp2 = BN_CTX_get(ctx);
-    tmp3 = BN_CTX_get(ctx);
-    u = BN_CTX_get(ctx);
-    if (!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    BN_mod(tmp, md, dsa->q, ctx);
-    if (BN_is_zero(tmp)) {
-        BN_one(md);
-    }
-    BN_copy(q2, dsa->q);
-    BN_sub_word(q2, 2);
-    BN_mod_exp(v, md, q2, dsa->q, ctx);
-    BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
-    BN_sub(tmp, dsa->q, sig->r);
-    BN_mod_mul(z2, tmp, v, dsa->p, ctx);
-    BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
-    BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
-    BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
-    BN_mod(u, tmp3, dsa->q, ctx);
-    ok = (BN_cmp(u, sig->r) == 0);
-
-    if (!ok) {
-        GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
-    }
-err:
-    BN_free(md);
-    if (ctx)
-        BN_CTX_end(ctx);
-    BN_CTX_free(ctx);
-    return (ok == 0);
-}
-
-/*
- * Computes public keys for GOST R 34.10-94 algorithm
- *
- */
-int gost94_compute_public(DSA *dsa)
-{
-    /* Now fill algorithm parameters with correct values */
-    BN_CTX *ctx;
-    if (!dsa->g) {
-        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
-        return 0;
-    }
-    ctx = BN_CTX_new();
-    if (!ctx) {
-        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    dsa->pub_key = BN_new();
-    if (!dsa->pub_key) {
-        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
-        BN_CTX_free(ctx);
-        return 0;
-    }
-    /* Compute public key  y = a^x mod p */
-    BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
-    BN_CTX_free(ctx);
-    return 1;
-}
-
-/*
- * Fill GOST 94 params, searching them in R3410_paramset array
- * by nid of paramset
- *
- */
-int fill_GOST94_params(DSA *dsa, int nid)
-{
-    R3410_params *params = R3410_paramset;
-    while (params->nid != NID_undef && params->nid != nid)
-        params++;
-    if (params->nid == NID_undef) {
-        GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
-        return 0;
-    }
-#define dump_signature(a,b,c)
-    BN_free(dsa->p);
-    dsa->p = NULL;
-    BN_dec2bn(&(dsa->p), params->p);
-    BN_free(dsa->q);
-    dsa->q = NULL;
-    BN_dec2bn(&(dsa->q), params->q);
-    BN_free(dsa->g);
-    dsa->g = NULL;
-    BN_dec2bn(&(dsa->g), params->a);
-    return 1;
-}
-
-/*
- *  Generate GOST R 34.10-94 keypair
- *
- *
- */
-int gost_sign_keygen(DSA *dsa)
-{
-    dsa->priv_key = BN_new();
-    if (!dsa->priv_key) {
-        GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    BN_rand_range(dsa->priv_key, dsa->q);
-    return gost94_compute_public(dsa);
-}
-
-/* Unpack signature according to cryptocom rules  */
-/*-
-DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
-        {
-        DSA_SIG *s;
-        s = DSA_SIG_new();
-        if (s == NULL)
-                {
-                GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        s->r = getbnfrombuf(sig, siglen/2);
-        s->s = getbnfrombuf(sig + siglen/2, siglen/2);
-        return s;
-        }
-*/
-/* Unpack signature according to cryptopro rules  */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
-{
-    DSA_SIG *s;
-
-    s = DSA_SIG_new();
-    if (s == NULL) {
-        GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    s->s = getbnfrombuf(sig, siglen / 2);
-    s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
-    return s;
-}
-
-/* Convert little-endian byte array into bignum */
-BIGNUM *hashsum2bn(const unsigned char *dgst)
-{
-    unsigned char buf[32];
-    int i;
-    for (i = 0; i < 32; i++) {
-        buf[31 - i] = dgst[i];
-    }
-    return getbnfrombuf(buf, 32);
-}
-
-/* Convert byte buffer to bignum, skipping leading zeros*/
-BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
-{
-    while (*buf == 0 && len > 0) {
-        buf++;
-        len--;
-    }
-    if (len) {
-        return BN_bin2bn(buf, len, NULL);
-    } else {
-        BIGNUM *b = BN_new();
-        BN_zero(b);
-        return b;
-    }
-}
-
-/*
- * Pack bignum into byte buffer of given size, filling all leading bytes by
- * zeros
- */
-int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
-{
-    int bytes = BN_num_bytes(bn);
-    if (bytes > len)
-        return 0;
-    memset(buf, 0, len);
-    BN_bn2bin(bn, buf + len - bytes);
-    return 1;
-}
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 1eef9cc..6e98784 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -878,7 +878,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS_CT_ECDSA_SIGN               64
 # define TLS_CT_RSA_FIXED_ECDH           65
 # define TLS_CT_ECDSA_FIXED_ECDH         66
-# define TLS_CT_GOST94_SIGN              21
 # define TLS_CT_GOST01_SIGN              22
 /*
  * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 943cf73..4d69c2a 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -618,9 +618,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
         ret = SSL_PKEY_ECC;
     }
 #endif
-    else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
-        ret = SSL_PKEY_GOST94;
-    } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
+    else if (i == NID_id_GostR3410_2001) {
         ret = SSL_PKEY_GOST01;
     } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
         /*
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1661b0e..01a0a8c 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3059,8 +3059,7 @@ int ssl3_send_client_verify(SSL *s)
             n = j + 2;
         } else
 #endif
-        if (pkey->type == NID_id_GostR3410_94
-                || pkey->type == NID_id_GostR3410_2001) {
+        if (pkey->type == NID_id_GostR3410_2001) {
             unsigned char signbuf[64];
             int i;
             size_t sigsize = 64;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 83b8f68..0a3bba4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1147,19 +1147,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
 
     {
      1,
-     "GOST94-GOST89-GOST89",
-     0x3000080,
-     SSL_kGOST,
-     SSL_aGOST94,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
-     256,
-     256},
-    {
-     1,
      "GOST2001-GOST89-GOST89",
      0x3000081,
      SSL_kGOST,
@@ -1170,20 +1157,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      SSL_NOT_EXP | SSL_HIGH,
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
      256,
-     256},
-    {
-     1,
-     "GOST94-NULL-GOST94",
-     0x3000082,
-     SSL_kGOST,
-     SSL_aGOST94,
-     SSL_eNULL,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
-     0,
-     0},
+     256
+    },
     {
      1,
      "GOST2001-NULL-GOST94",
@@ -1196,7 +1171,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      SSL_NOT_EXP | SSL_STRONG_NONE,
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
      0,
-     0},
+     0
+    },
 
 #ifndef OPENSSL_NO_CAMELLIA
     /* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -3474,63 +3450,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      256},
 #endif
 
-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
-    {
-     1,
-     "GOST-MD5",
-     0x0300ff00,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_MD5,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-    {
-     1,
-     "GOST-GOST94",
-     0x0300ff01,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256},
-    {
-     1,
-     "GOST-GOST89MAC",
-     0x0300ff02,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256},
-    {
-     1,
-     "GOST-GOST89STREAM",
-     0x0300ff03,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
-     256,
-     256},
-#endif
-
 /* end of list */
 };
 
@@ -4694,7 +4613,6 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #ifndef OPENSSL_NO_GOST
     if (s->version >= TLS1_VERSION) {
         if (alg_k & SSL_kGOST) {
-            p[ret++] = TLS_CT_GOST94_SIGN;
             p[ret++] = TLS_CT_GOST01_SIGN;
             return (ret);
         }
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 76f49bd..acb2fa9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2736,9 +2736,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 
         /* Get our certificate private key */
         alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-        if (alg_a & SSL_aGOST94)
-            pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
-        else if (alg_a & SSL_aGOST01)
+        if (alg_a & SSL_aGOST01)
             pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
 
         pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
@@ -2874,8 +2872,7 @@ int ssl3_get_cert_verify(SSL *s)
      * If key is GOST and n is exactly 64, it is bare signature without
      * length field
      */
-    if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
-                    pkey->type == NID_id_GostR3410_2001)) {
+    if (n == 64 && pkey->type == NID_id_GostR3410_2001) {
         len = 64;
     } else {
         if (SSL_USE_SIGALGS(s)) {
@@ -2984,8 +2981,7 @@ int ssl3_get_cert_verify(SSL *s)
         }
     } else
 #endif
-    if (pkey->type == NID_id_GostR3410_94
-            || pkey->type == NID_id_GostR3410_2001) {
+    if (pkey->type == NID_id_GostR3410_2001) {
         unsigned char signature[64];
         int idx;
         EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index da64301..08a95f9 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -331,9 +331,8 @@ static const SSL_CIPHER cipher_aliases[] = {
     {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
     {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
     {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
     {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
     {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0},
 
     /* aliases combining key exchange and server authentication */
@@ -528,14 +527,12 @@ void ssl_load_ciphers(void)
         disabled_mac_mask |= SSL_GOST89MAC;
     }
 
-    if (!get_optional_pkey_id("gost94"))
-        disabled_auth_mask |= SSL_aGOST94;
     if (!get_optional_pkey_id("gost2001"))
         disabled_auth_mask |= SSL_aGOST01;
     /*
      * Disable GOST key exchange if no GOST signature algs are available *
      */
-    if ((disabled_auth_mask & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01))
+    if ((disabled_auth_mask & SSL_aGOST01) == SSL_aGOST01)
         disabled_mkey_mask |= SSL_kGOST;
 }
 
@@ -1673,9 +1670,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     case SSL_aSRP:
         au = "SRP";
         break;
-    case SSL_aGOST94:
-        au = "GOST94";
-        break;
     case SSL_aGOST01:
         au = "GOST01";
         break;
@@ -1961,8 +1955,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
         return SSL_PKEY_DSA_SIGN;
     else if (alg_a & SSL_aRSA)
         return SSL_PKEY_RSA_ENC;
-    else if (alg_a & SSL_aGOST94)
-        return SSL_PKEY_GOST94;
     else if (alg_a & SSL_aGOST01)
         return SSL_PKEY_GOST01;
     return -1;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5a0ec8a..2a2eb78 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2007,11 +2007,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
         mask_k |= SSL_kGOST;
         mask_a |= SSL_aGOST01;
     }
-    cpk = &(c->pkeys[SSL_PKEY_GOST94]);
-    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-        mask_k |= SSL_kGOST;
-        mask_a |= SSL_aGOST94;
-    }
 
     if (rsa_enc || (rsa_tmp && rsa_sign))
         mask_k |= SSL_kRSA;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index bc8388a..63b547a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -339,8 +339,6 @@
 # define SSL_aECDSA              0x00000040L
 /* PSK auth */
 # define SSL_aPSK                0x00000080L
-/* GOST R 34.10-94 signature auth */
-# define SSL_aGOST94                             0x00000100L
 /* GOST R 34.10-2001 signature auth */
 # define SSL_aGOST01                     0x00000200L
 /* SRP auth */
@@ -508,7 +506,6 @@
 # define SSL_PKEY_DH_RSA         3
 # define SSL_PKEY_DH_DSA         4
 # define SSL_PKEY_ECC            5
-# define SSL_PKEY_GOST94         6
 # define SSL_PKEY_GOST01         7
 # define SSL_PKEY_NUM            8
 


More information about the openssl-commits mailing list