singe/thirdparty/openssl/gost-engine/README.prov.md

# GOST provider

The GOST provider is currently built in parallell with the GOST
engine, and is implemented like a wrapper around the engine code.

## Currently implemented

Symmetric ciphers:

-   gost89
-   gost89-cnt
-   gost89-cnt-12
-   gost89-cbc
-   kuznyechik-ecb
-   kuznyechik-cbc
-   kuznyechik-cfb
-   kuznyechik-ofb
-   kuznyechik-ctr
-   magma-cbc
-   magma-ctr
-   magma-ctr-acpkm
-   magma-ctr-acpkm-omac
-   kuznyechik-ctr-acpkm
-   kuznyechik-ctr-acpkm-omac

Hashes:

-   id-tc26-gost3411-12-256 (md_gost12_256)
-   id-tc26-gost3411-12-512 (md_gost12_512)
-   id-GostR3411-94 (md_gost94)

MACs:

-   gost-mac
-   gost-mac-12
-   magma-mac
-   kuznyechik-mac
-   kuznyechik-ctr-acpkm-omac

## TODO, not requiring additional OpenSSL support

-   Basic support for GOST keys, i.e. implementations of KEYMGMT
    (including key generation), DECODER and DECODER.

-   Support for these operations using GOST keys:

    -   ASYM_CIPHER (encryption and decryption using GOST keys)
    -   SIGNATURE (signing and verifying using GOST keys)
    
## TODO, which requires additional OpenSSL support

-   TLSTREE support.  This may require additional changes in libssl.
    Needs investigation.

-   PKCS7 and CMS support.  This requires OpenSSL PKCS7 and CMS code
    to change for better interfacing with providers.

## TODO, far future

-   Refactor the code into being just a provider.  This is to be done
    when engines aren't supported any more.