Add string option 'vko' for EVP_PKEY_CTRL_SET_VKO

Format: vko:<bit length>
Such as:
  vko:256 for VKO_256
  vko:512 for VKO_512
  vko:0   disable strict VKO mode, switch to other derive methods.

2 files changed, 14 insertions, 0 deletions

diff --git a/gost_lcl.h b/gost_lcl.h
index 50446a3..8471ed0 100644
--- a/gost_lcl.h
+++ b/gost_lcl.h
@@ -57,6 +57,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags);
 /* For GOST R34.10 parameters */
 # define param_ctrl_string "paramset"
 # define ukm_ctrl_string "ukmhex"
+# define vko_ctrl_string "vko"
 # define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
 /* For GOST 28147 MAC */
 # define key_ctrl_string "key"
diff --git a/gost_pmeth.c b/gost_pmeth.c
index bceb50e..9c1d602 100644
--- a/gost_pmeth.c
+++ b/gost_pmeth.c
@@ -217,6 +217,19 @@ static int pkey_gost_ec_ctrl_str_common(EVP_PKEY_CTX *ctx,
     OPENSSL_free(tmp);
 
     return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_IV, len, ukm_buf);
+  } else if (strcmp(type, vko_ctrl_string) == 0) {
+      int bits = atoi(value);
+      int vko_dgst_nid = 0;
+
+      if (bits == 256)
+	  vko_dgst_nid = NID_id_GostR3411_2012_256;
+      else if (bits == 512)
+	  vko_dgst_nid = NID_id_GostR3411_2012_512;
+      else if (bits != 0) {
+	  GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_INVALID_DIGEST_TYPE);
+	  return 0;
+      }
+      return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_VKO, vko_dgst_nid, NULL);
   }
   return -2;
 }