<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="s-prose js-post-body" itemprop="text">
<p>Hello,</p>
<p>I need to create a certificate request using a pluggable
engine, in my case it's GOST, that I built in LibreSSL and
attached to OpenSSL 3.0.x.<br>
</p>
<p>So, in LibreSSL, say, I have a call like</p>
<pre><code>openssl req -newkey gost2001 -pkeyopt dgst:streebog256 -pkeyopt paramset:A -streebog256 \
-nodes -subj "/C=Some/ST=Some/O=FooBar LLC/CN=John <a class="moz-txt-link-abbreviated" href="mailto:Doe/emailaddress=doe@foo.bar">Doe/emailaddress=doe@foo.bar</a>" \
-keyout /tmp/key.pem -out /tmp/csr.pem -utf8
</code></pre>
<p>and it pretty much does the job. But OpenSSL 3.0.x doesn't
recognize the streebog256 as the acceptable digest:</p>
<pre><code>Key parameter error "dgst:streebog256"
</code></pre>
<p>That is because it's manual page clearly states:</p>
"The engine is not used for digests unless the -engine_impl option
is used or it is configured to do so, see "Engine Configuration
Module" in config(5)."
<p>Funny thing is, the config(5) manual page doesnt'y say a word
about configuring digests (I was able to configure gost as an
engine for default loading as there are plenty of examples).</p>
<p>So, when using <code>openssl dgst</code> with both <code>-engine
gost</code> and <code>-engine_impl gost</code> I can see the
needed <em>streebog256</em> as valid digest but how do I do
this while calling <code>openssl req</code> or when using <code>openssl.cnf</code>
?</p>
<p><br>
</p>
<p>Thanks.</p>
<p>Eugene.<br>
</p>
</div>
</body>
</html>