From 077ed48edf66ffb5cbb29d3a0e6773f55d73a82c Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Tue, 6 May 2025 13:08:37 +1000
Subject: [PATCH] ecx: add security category support

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27571)
---
 providers/implementations/keymgmt/ecx_kmgmt.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index b229b0bf39c..3324eab99eb 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -304,6 +304,10 @@ static int ecx_get_params(void *key, OSSL_PARAM params[], int bits, int secbits,
         if (!OSSL_PARAM_set_octet_string(p, ecx->pubkey, ecx->keylen))
             return 0;
     }
+    if ((p = OSSL_PARAM_locate(params,
+                               OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL
+        && !OSSL_PARAM_set_int(p, 0))
+            return 0;
 #ifdef FIPS_MODULE
     {
         /* X25519 and X448 are not approved */
@@ -359,6 +363,7 @@ static const OSSL_PARAM ecx_gettable_params[] = {
     OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL),
     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
     ECX_KEY_TYPES(),
     OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
-- 
2.47.2