openssl and pluggable engine digests
So, in LibreSSL, say, I have a call like
openssl req -newkey gost2001 -pkeyopt dgst:streebog256 -pkeyopt paramset:A -streebog256 \
-nodes -subj "/C=Some/ST=Some/O=FooBar LLC/CN=John Doe/emailaddress=doe@foo.bar" \
-keyout /tmp/key.pem -out /tmp/csr.pem -utf8
and it pretty much does the job. But in OpenSSL 3.0 I have gost as a pluggable engine, and it doesn't recognize the streebog256 as the acceptable digest:
Key parameter error "dgst:streebog256"
That is because it's manual page clearly states:
"The engine is not used for digests unless the -engine_impl option is used or it is configured to do so, see "Engine Configuration Module" in config(5)."
Funny thing is, the config(5) manual page doesnt'y say a word about configuring digests (I was able to configure gost as an engine for default loading as there are plenty of examples).
So, when using openssl dgst with both -engine gost and -engine_impl gost I can see the needed streebog256 as valid digest but how do I do this while calling openssl req or when using openssl.cnf ?
