+ if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0)
+ return 0;
+ key->dirty_cnt++;
+ /*
+ * Save the point conversion form.
+ * For non-custom curves the first octet of the buffer (excluding
+ * the last significant bit) contains the point conversion form.
+ * EC_POINT_oct2point() has already performed sanity checking of
+ * the buffer so we know it is valid.
+ */
+ if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0)
+ key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01);
+ return 1;
+}
+
+size_t EC_KEY_priv2oct(const EC_KEY *eckey,
+ unsigned char *buf, size_t len)
+{
+ if (eckey->group == NULL || eckey->group->meth == NULL)
+ return 0;
+ if (eckey->group->meth->priv2oct == NULL) {
+ ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
+ return eckey->group->meth->priv2oct(eckey, buf, len);
+}
+
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+ unsigned char *buf, size_t len)
+{
+ size_t buf_len;
+
+ buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8;
+ if (eckey->priv_key == NULL)
+ return 0;
+ if (buf == NULL)
+ return buf_len;
+ else if (len < buf_len)
+ return 0;
+
+ /* Octetstring may need leading zeros if BN is to short */
+
+ if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) {
+ ECerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ return buf_len;
+}
+
+int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+ int ret;
+
+ if (eckey->group == NULL || eckey->group->meth == NULL)
+ return 0;
+ if (eckey->group->meth->oct2priv == NULL) {
+ ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ ret = eckey->group->meth->oct2priv(eckey, buf, len);
+ if (ret == 1)
+ eckey->dirty_cnt++;
+ return ret;
+}
+
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+ if (eckey->priv_key == NULL)
+ eckey->priv_key = BN_secure_new();
+ if (eckey->priv_key == NULL) {
+ ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key);
+ if (eckey->priv_key == NULL) {
+ ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
+ return 0;
+ }
+ eckey->dirty_cnt++;
+ return 1;
+}
+
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf)
+{
+ size_t len;
+ unsigned char *buf;
+
+ len = EC_KEY_priv2oct(eckey, NULL, 0);
+ if (len == 0)
+ return 0;
+ if ((buf = OPENSSL_malloc(len)) == NULL) {
+ ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ len = EC_KEY_priv2oct(eckey, buf, len);
+ if (len == 0) {
+ OPENSSL_free(buf);
+ return 0;
+ }
+ *pbuf = buf;
+ return len;
+}
+
+int EC_KEY_can_sign(const EC_KEY *eckey)
+{
+ if (eckey->group == NULL || eckey->group->meth == NULL
+ || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN))
+ return 0;
+ return 1;
+}
+
+/*
+ * FIPS 140-2 IG 9.9 AS09.33
+ * Perform a sign/verify operation.
+ *
+ * NOTE: When generating keys for key-agreement schemes - FIPS 140-2 IG 9.9
+ * states that no additional pairwise tests are required (apart from the tests
+ * specified in SP800-56A) when generating keys. Hence pairwise ECDH tests are
+ * omitted here.
+ */
+static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb,
+ void *cbarg)
+{
+ int ret = 0;
+ unsigned char dgst[16] = {0};
+ int dgst_len = (int)sizeof(dgst);
+ ECDSA_SIG *sig = NULL;
+ OSSL_SELF_TEST *st = NULL;
+
+ st = OSSL_SELF_TEST_new(cb, cbarg);
+ if (st == NULL)
+ return 0;
+
+ OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
+ OSSL_SELF_TEST_DESC_PCT_ECDSA);
+
+ sig = ECDSA_do_sign(dgst, dgst_len, eckey);
+ if (sig == NULL)
+ goto err;
+
+ OSSL_SELF_TEST_oncorrupt_byte(st, dgst);
+
+ if (ECDSA_do_verify(dgst, dgst_len, sig, eckey) != 1)
+ goto err;
+
+ ret = 1;
+err:
+ OSSL_SELF_TEST_onend(st, ret);
+ OSSL_SELF_TEST_free(st);
+ ECDSA_SIG_free(sig);
+ return ret;