> I have been pointed that I did not formulate the question clearly. > Would you prefer to have a static ENGINE thing built into the LibreSSL, > providing 100% API compatibility with original ccgost implementation, > or it would be better to have a cleaner well-integrated cryptosuite?
As already replied by Theo, the LibReSSL position is that GOST algorithms should be implemented as `built-in' algorithm, just like the others (DES, AES, RSA, ECDH...) are; and that they should be available via the EVP interface. Speaking for myself, I am not very fond of the OpenSSL-inherited ENGINE interface; and I'd rather have my crypto built-in, than dependent upon the phase of the moon and whatever uid I might be running as, as well as filesystem permissions. Miod