Remove Gost94 signature algorithm.

This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <matt@openssl.org>
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 943cf73..4d69c2a 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -618,9 +618,7 @@
         ret = SSL_PKEY_ECC;
     }
 #endif
-    else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
-        ret = SSL_PKEY_GOST94;
-    } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
+    else if (i == NID_id_GostR3410_2001) {
         ret = SSL_PKEY_GOST01;
     } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
         /*
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1661b0e..01a0a8c 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3059,8 +3059,7 @@
             n = j + 2;
         } else
 #endif
-        if (pkey->type == NID_id_GostR3410_94
-                || pkey->type == NID_id_GostR3410_2001) {
+        if (pkey->type == NID_id_GostR3410_2001) {
             unsigned char signbuf[64];
             int i;
             size_t sigsize = 64;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 83b8f68..0a3bba4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1147,19 +1147,6 @@
 
     {
      1,
-     "GOST94-GOST89-GOST89",
-     0x3000080,
-     SSL_kGOST,
-     SSL_aGOST94,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
-     256,
-     256},
-    {
-     1,
      "GOST2001-GOST89-GOST89",
      0x3000081,
      SSL_kGOST,
@@ -1170,20 +1157,8 @@
      SSL_NOT_EXP | SSL_HIGH,
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
      256,
-     256},
-    {
-     1,
-     "GOST94-NULL-GOST94",
-     0x3000082,
-     SSL_kGOST,
-     SSL_aGOST94,
-     SSL_eNULL,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
-     0,
-     0},
+     256
+    },
     {
      1,
      "GOST2001-NULL-GOST94",
@@ -1196,7 +1171,8 @@
      SSL_NOT_EXP | SSL_STRONG_NONE,
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
      0,
-     0},
+     0
+    },
 
 #ifndef OPENSSL_NO_CAMELLIA
     /* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -3474,63 +3450,6 @@
      256},
 #endif
 
-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
-    {
-     1,
-     "GOST-MD5",
-     0x0300ff00,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_MD5,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-    {
-     1,
-     "GOST-GOST94",
-     0x0300ff01,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256},
-    {
-     1,
-     "GOST-GOST89MAC",
-     0x0300ff02,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256},
-    {
-     1,
-     "GOST-GOST89STREAM",
-     0x0300ff03,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
-     256,
-     256},
-#endif
-
 /* end of list */
 };
 
@@ -4694,7 +4613,6 @@
 #ifndef OPENSSL_NO_GOST
     if (s->version >= TLS1_VERSION) {
         if (alg_k & SSL_kGOST) {
-            p[ret++] = TLS_CT_GOST94_SIGN;
             p[ret++] = TLS_CT_GOST01_SIGN;
             return (ret);
         }
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 76f49bd..acb2fa9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2736,9 +2736,7 @@
 
         /* Get our certificate private key */
         alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-        if (alg_a & SSL_aGOST94)
-            pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
-        else if (alg_a & SSL_aGOST01)
+        if (alg_a & SSL_aGOST01)
             pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
 
         pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
@@ -2874,8 +2872,7 @@
      * If key is GOST and n is exactly 64, it is bare signature without
      * length field
      */
-    if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
-                    pkey->type == NID_id_GostR3410_2001)) {
+    if (n == 64 && pkey->type == NID_id_GostR3410_2001) {
         len = 64;
     } else {
         if (SSL_USE_SIGALGS(s)) {
@@ -2984,8 +2981,7 @@
         }
     } else
 #endif
-    if (pkey->type == NID_id_GostR3410_94
-            || pkey->type == NID_id_GostR3410_2001) {
+    if (pkey->type == NID_id_GostR3410_2001) {
         unsigned char signature[64];
         int idx;
         EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index da64301..08a95f9 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -331,9 +331,8 @@
     {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
     {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
     {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
     {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
     {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0},
 
     /* aliases combining key exchange and server authentication */
@@ -528,14 +527,12 @@
         disabled_mac_mask |= SSL_GOST89MAC;
     }
 
-    if (!get_optional_pkey_id("gost94"))
-        disabled_auth_mask |= SSL_aGOST94;
     if (!get_optional_pkey_id("gost2001"))
         disabled_auth_mask |= SSL_aGOST01;
     /*
      * Disable GOST key exchange if no GOST signature algs are available *
      */
-    if ((disabled_auth_mask & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01))
+    if ((disabled_auth_mask & SSL_aGOST01) == SSL_aGOST01)
         disabled_mkey_mask |= SSL_kGOST;
 }
 
@@ -1673,9 +1670,6 @@
     case SSL_aSRP:
         au = "SRP";
         break;
-    case SSL_aGOST94:
-        au = "GOST94";
-        break;
     case SSL_aGOST01:
         au = "GOST01";
         break;
@@ -1961,8 +1955,6 @@
         return SSL_PKEY_DSA_SIGN;
     else if (alg_a & SSL_aRSA)
         return SSL_PKEY_RSA_ENC;
-    else if (alg_a & SSL_aGOST94)
-        return SSL_PKEY_GOST94;
     else if (alg_a & SSL_aGOST01)
         return SSL_PKEY_GOST01;
     return -1;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5a0ec8a..2a2eb78 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2007,11 +2007,6 @@
         mask_k |= SSL_kGOST;
         mask_a |= SSL_aGOST01;
     }
-    cpk = &(c->pkeys[SSL_PKEY_GOST94]);
-    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-        mask_k |= SSL_kGOST;
-        mask_a |= SSL_aGOST94;
-    }
 
     if (rsa_enc || (rsa_tmp && rsa_sign))
         mask_k |= SSL_kRSA;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index bc8388a..63b547a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -339,8 +339,6 @@
 # define SSL_aECDSA              0x00000040L
 /* PSK auth */
 # define SSL_aPSK                0x00000080L
-/* GOST R 34.10-94 signature auth */
-# define SSL_aGOST94                             0x00000100L
 /* GOST R 34.10-2001 signature auth */
 # define SSL_aGOST01                     0x00000200L
 /* SRP auth */
@@ -508,7 +506,6 @@
 # define SSL_PKEY_DH_RSA         3
 # define SSL_PKEY_DH_DSA         4
 # define SSL_PKEY_ECC            5
-# define SSL_PKEY_GOST94         6
 # define SSL_PKEY_GOST01         7
 # define SSL_PKEY_NUM            8