From: Pauli <ppzgs1@gmail.com>
Date: Wed, 7 May 2025 02:10:11 +0000 (+1000)
Subject: evp: add EVP_PKEY_get_security_category function
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8bdb1228770df311fb059ee8cf52d11a93e37142;p=thirdparty%2Fopenssl.git

evp: add EVP_PKEY_get_security_category function

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27571)
---

diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index 9ed0ba3caea..d72674ff157 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -296,18 +296,22 @@ void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk)
     if (pk->keydata != NULL) {
         int bits = 0;
         int security_bits = 0;
+        int security_category = -1;
         int size = 0;
-        OSSL_PARAM params[4];
+        OSSL_PARAM params[5];
 
         params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits);
         params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS,
                                              &security_bits);
-        params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size);
-        params[3] = OSSL_PARAM_construct_end();
+        params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY,
+                                             &security_category);
+        params[3] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size);
+        params[4] = OSSL_PARAM_construct_end();
         if (evp_keymgmt_get_params(pk->keymgmt, pk->keydata, params)) {
             pk->cache.size = size;
             pk->cache.bits = bits;
             pk->cache.security_bits = security_bits;
+            pk->cache.security_category = security_category;
         }
     }
 }
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 7f4508169df..09c36b944db 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -90,6 +90,11 @@ int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey)
     return size;
 }
 
+int EVP_PKEY_get_security_category(const EVP_PKEY *pkey)
+{
+    return pkey != NULL ? pkey->cache.security_category : -1;
+}
+
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 {
 # ifndef OPENSSL_NO_DSA
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 3f1eed3ff63..8623b487632 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -730,6 +730,7 @@ struct evp_pkey_st {
     struct {
         int bits;
         int security_bits;
+        int security_category;
         int size;
     } cache;
 }; /* EVP_PKEY */
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 4fe841da35e..0321cfca6c0 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1371,6 +1371,7 @@ int EVP_PKEY_get_bits(const EVP_PKEY *pkey);
 # define EVP_PKEY_bits EVP_PKEY_get_bits
 int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey);
 # define EVP_PKEY_security_bits EVP_PKEY_get_security_bits
+int EVP_PKEY_get_security_category(const EVP_PKEY *pkey);
 int EVP_PKEY_get_size(const EVP_PKEY *pkey);
 # define EVP_PKEY_size EVP_PKEY_get_size
 int EVP_PKEY_can_sign(const EVP_PKEY *pkey);