add support for GOST cipher scanning

cipherscan

@@ -42,6 +42,11 @@ if [[ "$TIMEOUTOUTPUT" =~ BusyBox ]]; then
     TIMEOUTBIN="$TIMEOUTBIN -t"
 fi
 
+# use custom config file to enable GOST ciphers
+if [[ -e $(dirname $0)/openssl.cnf ]]; then
+    export OPENSSL_CONF="$(dirname $0)/openssl.cnf"
+fi
+
 # find a list of trusted CAs on the local system, or use the provided list
 if [ -z "$CACERTS" ]; then
     for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do

openssl.cnf

@@ -0,0 +1,12 @@
+openssl_conf = openssl_def
+
+[openssl_def]
+engines = engine_section
+
+[engine_section]
+gost = gost_section
+
+[gost_section]
+engine_id = gost
+default_algorithms = ALL
+CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet