The flag "decoded-from-explicit" must be imp/exportable

Otherwise the information that the EC group was imported from explicit parameters is lost when the key is moved across providers. Fixes #18600 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18629)
author: Tomas Mraz <tomas@openssl.org> 2022-06-20 12:10:06 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-06-23 15:51:06 +0200
commit: 16f1c6e1abfc9d80c9e2fd78d72d51d4b8e739a0 (patch)
tree: ebc0c2dc6db78220758e9e9d09a8f9efba5abf56 /crypto/ec
parent: bfa5f0f574dbdb82be70586f70975d28512f3554 (diff)
2 files changed, 23 insertions, 6 deletions
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index 7abe26e2c4..98e2c418e4 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
         return 0;
     }
 
+    if (!ossl_param_build_set_int(tmpl, params,
+                                  OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
+                                  group->decoded_from_explicit_params))
+        return 0;
+
     curve_nid = EC_GROUP_get_curve_name(group);
 
     /*
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 6b0591c6c8..b1696d93bd 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
     /* This is the simple named group case */
     ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
     if (ptmp != NULL) {
-        group = group_new_from_name(ptmp, libctx, propq);
-        if (group != NULL) {
-            if (!ossl_ec_group_set_params(group, params)) {
-                EC_GROUP_free(group);
-                group = NULL;
-            }
+        int decoded = 0;
+
+        if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL)
+            return NULL;
+        if (!ossl_ec_group_set_params(group, params)) {
+            EC_GROUP_free(group);
+            return NULL;
+        }
+
+        ptmp = OSSL_PARAM_locate_const(params,
+                                       OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS);
+        if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) {
+            ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS);
+            EC_GROUP_free(group);
+            return NULL;
         }
+        group->decoded_from_explicit_params = decoded > 0;
         return group;
     }
 #ifdef FIPS_MODULE
@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
         EC_GROUP_free(group);
         group = named_group;
     }
+    /* We've imported the group from explicit parameters, set it so. */
+    group->decoded_from_explicit_params = 1;
     ok = 1;
  err:
     if (!ok) {
author	Tomas Mraz <tomas@openssl.org>	2022-06-20 12:10:06 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-06-23 15:51:06 +0200
commit	16f1c6e1abfc9d80c9e2fd78d72d51d4b8e739a0 (patch)
tree	ebc0c2dc6db78220758e9e9d09a8f9efba5abf56 /crypto/ec
parent	bfa5f0f574dbdb82be70586f70975d28512f3554 (diff)