Add string option 'vko' for EVP_PKEY_CTRL_SET_VKO

Format: vko:<bit length>
Such as:
  vko:256 for VKO_256
  vko:512 for VKO_512
  vko:0   disable strict VKO mode, switch to other derive methods.

diff --git a/gost_lcl.h b/gost_lcl.h
index 50446a33b7aae633ec06f629ec821554a024840b..8471ed062cecde22fe78931015eaec8b0b5eb483 100644 (file)
--- a/gost_lcl.h
+++ b/gost_lcl.h
@@ -57,6 +57,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags);
 /* For GOST R34.10 parameters */
 # define param_ctrl_string "paramset"
 # define ukm_ctrl_string "ukmhex"
+# define vko_ctrl_string "vko"
 # define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
 /* For GOST 28147 MAC */
 # define key_ctrl_string "key"

diff --git a/gost_pmeth.c b/gost_pmeth.c
index bceb50e96939f8fcfb6702b13548b6d989485676..9c1d602c303ba030196775ef357ebd6868b4624b 100644 (file)
--- a/gost_pmeth.c
+++ b/gost_pmeth.c
@@ -217,6 +217,19 @@ static int pkey_gost_ec_ctrl_str_common(EVP_PKEY_CTX *ctx,
     OPENSSL_free(tmp);
 
     return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_IV, len, ukm_buf);
+  } else if (strcmp(type, vko_ctrl_string) == 0) {
+      int bits = atoi(value);
+      int vko_dgst_nid = 0;
+
+      if (bits == 256)
+         vko_dgst_nid = NID_id_GostR3411_2012_256;
+      else if (bits == 512)
+         vko_dgst_nid = NID_id_GostR3411_2012_512;
+      else if (bits != 0) {
+         GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_INVALID_DIGEST_TYPE);
+         return 0;
+      }
+      return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_VKO, vko_dgst_nid, NULL);
   }
   return -2;
 }