Commit 9e29188aa7 for openssl.org
commit 9e29188aa77e248cac3f76e0c308a76f285b10cc
Author: Norbert Pocs <norbertp@openssl.org>
Date: Tue Dec 2 11:58:07 2025 +0100
Add GOST provider related docs
GOST provider is in a good shape already, so keep the mentions rewritten
to provider instead of the engine.
Resolves: https://github.com/openssl/project/issues/1733
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29286)
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index 24852e2dc9..217326d122 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -359,7 +359,7 @@ Cipher suites using SHA256 or SHA384.
=item B<aGOST>
Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
-(needs a provider supporting GOST algorithms).
+(needs a provider that supports GOST algorithms).
=item B<aGOST01>
@@ -512,8 +512,9 @@ is used.
=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0
-Note: these ciphers require a GOST provider which isn't part of OpenSSL and a
-3rd party implementation is a work in progress.
+Note: these ciphers require a provider that supports GOST cryptographic
+algorithms, such as the B<gostprov> provider, which isn't part of the OpenSSL
+distribution.
TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
@@ -522,8 +523,9 @@ Note: these ciphers require a GOST provider which isn't part of OpenSSL and a
=head2 GOST cipher suites, extending TLS v1.2
-Note: these ciphers require a GOST provider which isn't part of OpenSSL and a
-3rd party implementation is a work in progress.
+Note: these ciphers require a provider that supports GOST cryptographic
+algorithms, such as the B<gostprov> provider, which isn't part of the OpenSSL
+distribution.
TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912
TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12
diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in
index eaf332367d..8aa2cf79c1 100644
--- a/doc/man1/openssl-dgst.pod.in
+++ b/doc/man1/openssl-dgst.pod.in
@@ -190,8 +190,9 @@ option.
Create MAC (keyed Message Authentication Code). The most popular MAC
algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
-which are not based on hash. MAC keys and other options should be set
-via B<-macopt> parameter.
+which are not based on a digest algorithm, for instance the B<gost-mac>
+algorithm, supported by the B<gostprov> provider. MAC keys and other options
+should be set via B<-macopt> parameter.
Cannot be used together with -hmac, -hmac-env and -hmac-stdin.
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in
index 8e3dea6a2c..ae9724b16e 100644
--- a/doc/man1/openssl-req.pod.in
+++ b/doc/man1/openssl-req.pod.in
@@ -202,7 +202,11 @@ any necessary parameters should be specified via the B<-pkeyopt> option.
B<dsa:>I<filename> generates a DSA key using the parameters
in the file I<filename>. B<ec:>I<filename> generates EC key (usable both with
-ECDSA or ECDH algorithms).
+ECDSA or ECDH algorithms), B<gost2001:>I<filename>, B<gost2012_256:>I<filename>
+and B<gost2012_512:>I<filename> generate GOST R 34.10-2001 and GOST R 34.10-2012
+keys with a 256 and 512 bit modulus respectively (these require the B<gostprov>
+provider). If just B<gost2001> is specified, a parameter set should be specified
+by B<-pkeyopt> I<paramset:X>.
=item B<-pkeyopt> I<opt>:I<value>