From: Pauli Date: Tue, 6 May 2025 03:34:33 +0000 (+1000) Subject: ecx/ml-kem: add security category support X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2f1890eb181d3c13219d8c0991cbd6209338cf63;p=thirdparty%2Fopenssl.git ecx/ml-kem: add security category support Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/27571) --- diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c b/providers/implementations/keymgmt/mlx_kmgmt.c index bea87832760..3c00aa2f0df 100644 --- a/providers/implementations/keymgmt/mlx_kmgmt.c +++ b/providers/implementations/keymgmt/mlx_kmgmt.c @@ -478,6 +478,7 @@ static const OSSL_PARAM *mlx_kem_gettable_params(void *provctx) OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), OSSL_PARAM_END @@ -510,6 +511,12 @@ static int mlx_kem_get_params(void *vkey, OSSL_PARAM params[]) if (!OSSL_PARAM_set_int(p, key->minfo->secbits)) return 0; + /* The reported security category are those of the ML-KEM key */ + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY); + if (p != NULL) + if (!OSSL_PARAM_set_int(p, key->minfo->security_category)) + return 0; + /* The ciphertext sizes are additive */ p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE); if (p != NULL)