Add GOST provider related docs

GOST provider is in a good shape already, so keep the mentions rewritten
to provider instead of the engine.

Resolves: https://github.com/openssl/project/issues/1733

Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29286)

diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index 24852e2dc9b42345a1b78f3f82d4923926996d0d..217326d12215c562025c5c41f723e0b27ef2872f 100644 (file)
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -359,7 +359,7 @@ Cipher suites using SHA256 or SHA384.
 =item B<aGOST>
 
 Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
-(needs a provider supporting GOST algorithms).
+(needs a provider that supports GOST algorithms).
 
 =item B<aGOST01>
 
@@ -512,8 +512,9 @@ is used.
 
 =head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0
 
-Note: these ciphers require a GOST provider which isn't part of OpenSSL and a
-3rd party implementation is a work in progress.
+Note: these ciphers require a provider that supports GOST cryptographic
+algorithms, such as the B<gostprov> provider, which isn't part of the OpenSSL
+distribution.
 
  TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
  TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
@@ -522,8 +523,9 @@ Note: these ciphers require a GOST provider which isn't part of OpenSSL and a
 
 =head2 GOST cipher suites, extending TLS v1.2
 
-Note: these ciphers require a GOST provider which isn't part of OpenSSL and a
-3rd party implementation is a work in progress.
+Note: these ciphers require a provider that supports GOST cryptographic
+algorithms, such as the B<gostprov> provider, which isn't part of the OpenSSL
+distribution.
 
  TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912
  TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12

diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in
index eaf332367dbfed7ec3d65199e5d9204283096a91..8aa2cf79c191215a14a566245709d957a16c5449 100644 (file)
--- a/doc/man1/openssl-dgst.pod.in
+++ b/doc/man1/openssl-dgst.pod.in
@@ -190,8 +190,9 @@ option.
 
 Create MAC (keyed Message Authentication Code). The most popular MAC
 algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
-which are not based on hash. MAC keys and other options should be set
-via B<-macopt> parameter.
+which are not based on a digest algorithm, for instance the B<gost-mac>
+algorithm, supported by the B<gostprov> provider. MAC keys and other options
+should be set via B<-macopt> parameter.
 
 Cannot be used together with -hmac, -hmac-env and -hmac-stdin.
 

diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in
index 8e3dea6a2c5f5c468abc930aded337d17f1a7a6b..ae9724b16e32e198c1f3403be987dd3b95894c0d 100644 (file)
--- a/doc/man1/openssl-req.pod.in
+++ b/doc/man1/openssl-req.pod.in
@@ -202,7 +202,11 @@ any necessary parameters should be specified via the B<-pkeyopt> option.
 
 B<dsa:>I<filename> generates a DSA key using the parameters
 in the file I<filename>. B<ec:>I<filename> generates EC key (usable both with
-ECDSA or ECDH algorithms).
+ECDSA or ECDH algorithms), B<gost2001:>I<filename>, B<gost2012_256:>I<filename>
+and B<gost2012_512:>I<filename> generate GOST R 34.10-2001 and GOST R 34.10-2012
+keys with a 256 and 512 bit modulus respectively (these require the B<gostprov>
+provider). If just B<gost2001> is specified, a parameter set should be specified
+by B<-pkeyopt> I<paramset:X>.
 
 =item B<-pkeyopt> I<opt>:I<value>