# Security library for the system with GOST



## YuryG (Jul 21, 2016)

Sorry, but couldn't find it on the forum already existing, are there any tutorials how to step up for some good security library supporting GOST ciphers for the system?

For, base OpenSSL 1.0.1t-freebsd in my FreeBSD 10.3-STABLE amd64 couldn't do GOST ciphers, also I couldn't do it with GnuPG plus GnuTLS from ports. Not sure, if LibreSSL supports GOST, but I hope ports' OpenSSL support it?


----------



## cpm@ (Jul 23, 2016)

Did you read the following discussion in the freebsd-security mailing list?

https://lists.freebsd.org/pipermail/freebsd-security/2016-July/008971.html


----------



## YuryG (Jul 23, 2016)

Thanks for the link. It happen to be informative at first, but than became politics… (Although existing GOST ciphers are good enough and do not have any backdoors or other harmful aftermath, obviously looking in the source and internationally acclaimed maths of elliptic curves.)

It says that OpenSSL has GOST in 10.* and 11.*, but for some unknown reason (compatibility with 9.*?) many ports (say, bind910) refuse to use base OpenSSL. So, I leave hopes it will work somehow.


----------



## cpm@ (Jul 24, 2016)

Well, you can also read /usr/src/crypto/openssl/engines/ccgost/README.gost

It contains useful information about the GOST engine.


```
% openssl engine gost -t -c -vvvv
(gost) Reference implementation of GOST engine
 [gost89, gost89-cnt, md_gost94, gost-mac, gost94, gost2001, gost-mac]
     [ available ]
     CRYPT_PARAMS: OID of default GOST 28147-89 parameters
          (input flags): STRING
```


----------



## YuryG (Jul 24, 2016)

Thank you, half of that I've already found. But only half.


----------

