Hi, On Tue, Apr 15, 2014 at 09:24:48PM +0000, �?�?�?�?�? �?�?�?омин wrote: > Log message: > Remove the GOST engine: It is not compiled or used and depends on the > "dynamic engine" feature that is not enabled in our build. People who > need it can still pull it out of the Attic; if it is to have a Russian > engine just because it's a Russian engine. > ---------------------------------------------------------------------- > > This hash function is a formal requirement in all public institutions in > Russia. Removing it, the work of people using OpenBSD in these > institutions is greatly complicated by its return. > > This is a political decision, or indeed it is necessary for the cleaning > OpenSSL? Do not throw out the child along with the bath. >
No, I have no objections against GOST and it is not a political decision. But the GOST engine was not even compiled on OpenBSD and we have OPENSSL_NO_DYNAMIC_ENGINE defined by default. It was just sitting in our source tree. If there is really a demand for GOST, the better way would be to include it as normal built-in ciphers and algorithms instead of using GOST with an engine. So we basically have concerns about these dynamic engines and code that is not enabled by default. Reyk
