Hello, I have started looking into GOST (re)implementation for LibreSSL. I would like to know, how much do you want for LibreSSL to mimic the OpenSSL behaviour.
Originally (thanks CryptoCom) GOST algorithms were implemented as a separate OpenSSL engine (to ease certification, to ease replacing ccgost engine with proprietary certified engine, etc). Most of the programs should not probably depend on exact implementation of that part of the code (if written in algorithm-neutral way). Apache2 patches (http://www.cryptocom.ru/opensource/apache.html - in Russian) for example do not show exact dependency on Gost being implemented as an engine. The only exception probably is the bind9 & utilities. It tries to load and configure GOST engine (to enable one of DNSSEC extensions). Sometimes this causes additional problems (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611054#15). I would like to implement GOST as a plain part of the LibreSSL w/o any additional engine-like troubles, not actually caring abound bind9 & utils at this moment - they will have to be fixed later. -- With best wishes Dmitry
