The flag "decoded-from-explicit" must be imp/exportable

Otherwise the information that the EC group was imported from explicit parameters is lost when the key is moved across providers. Fixes #18600 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18609)
author: Tomas Mraz <tomas@openssl.org> 2022-06-20 12:10:06 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-06-23 15:47:15 +0200
commit: 95a6fbdf0d112582b9ad56f8d42ec92b1ec4787d (patch)
tree: a8042fde3c2caef0817f8fba32d5e8b52a4a5c00 /crypto/ec
parent: 5ad3e76c23576b2e216463bfe43d005a3e09defc (diff)
2 files changed, 23 insertions, 6 deletions
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index bea01fb38f..48721369ae 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
         return 0;
     }
 
+    if (!ossl_param_build_set_int(tmpl, params,
+                                  OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
+                                  group->decoded_from_explicit_params))
+        return 0;
+
     curve_nid = EC_GROUP_get_curve_name(group);
 
     /*
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 6b0591c6c8..b1696d93bd 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
     /* This is the simple named group case */
     ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
     if (ptmp != NULL) {
-        group = group_new_from_name(ptmp, libctx, propq);
-        if (group != NULL) {
-            if (!ossl_ec_group_set_params(group, params)) {
-                EC_GROUP_free(group);
-                group = NULL;
-            }
+        int decoded = 0;
+
+        if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL)
+            return NULL;
+        if (!ossl_ec_group_set_params(group, params)) {
+            EC_GROUP_free(group);
+            return NULL;
+        }
+
+        ptmp = OSSL_PARAM_locate_const(params,
+                                       OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS);
+        if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) {
+            ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS);
+            EC_GROUP_free(group);
+            return NULL;
         }
+        group->decoded_from_explicit_params = decoded > 0;
         return group;
     }
 #ifdef FIPS_MODULE
@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
         EC_GROUP_free(group);
         group = named_group;
     }
+    /* We've imported the group from explicit parameters, set it so. */
+    group->decoded_from_explicit_params = 1;
     ok = 1;
  err:
     if (!ok) {
author	Tomas Mraz <tomas@openssl.org>	2022-06-20 12:10:06 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-06-23 15:47:15 +0200
commit	95a6fbdf0d112582b9ad56f8d42ec92b1ec4787d (patch)
tree	a8042fde3c2caef0817f8fba32d5e8b52a4a5c00 /crypto/ec
parent	5ad3e76c23576b2e216463bfe43d005a3e09defc (diff)