/* $OpenBSD: ec_key.c,v 1.53 2026/03/18 08:02:40 tb Exp $ */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * Portions originally developed by SUN MICROSYSTEMS, INC., and
 * contributed to the OpenSSL project.
 */

#include <string.h>

#include <openssl/opensslconf.h>

#include <openssl/ec.h>

#include "bn_local.h"
#include "ec_local.h"
#include "err_local.h"

EC_KEY *
EC_KEY_new(void)
{
        return EC_KEY_new_method(NULL);
}
LCRYPTO_ALIAS(EC_KEY_new);

EC_KEY *
EC_KEY_new_by_curve_name(int nid)
{
        EC_KEY *ec_key;

        if ((ec_key = EC_KEY_new()) == NULL)
                goto err;

        if ((ec_key->group = EC_GROUP_new_by_curve_name(nid)) == NULL)
                goto err;

        /* XXX - do we want an ec_key_set0_group()? */
        if (ec_key->meth->set_group != NULL) {
                if (!ec_key->meth->set_group(ec_key, ec_key->group))
                        goto err;
        }

        return ec_key;

 err:
        EC_KEY_free(ec_key);

        return NULL;
}
LCRYPTO_ALIAS(EC_KEY_new_by_curve_name);

void
EC_KEY_free(EC_KEY *ec_key)
{
        if (ec_key == NULL)
                return;

        if (CRYPTO_add(&ec_key->references, -1, CRYPTO_LOCK_EC) > 0)
                return;

        if (ec_key->meth != NULL && ec_key->meth->finish != NULL)
                ec_key->meth->finish(ec_key);

        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ec_key, &ec_key->ex_data);

        EC_GROUP_free(ec_key->group);
        EC_POINT_free(ec_key->pub_key);
        BN_free(ec_key->priv_key);

        freezero(ec_key, sizeof(*ec_key));
}
LCRYPTO_ALIAS(EC_KEY_free);

EC_KEY *
EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
{
        if (dest == NULL || src == NULL) {
                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                return NULL;
        }

        if (src->meth != dest->meth) {
                if (dest->meth != NULL && dest->meth->finish != NULL)
                        dest->meth->finish(dest);
        }

        if (src->group != NULL) {
                EC_GROUP_free(dest->group);
                if ((dest->group = EC_GROUP_dup(src->group)) == NULL)
                        return NULL;
                if (src->pub_key != NULL) {
                        EC_POINT_free(dest->pub_key);
                        if ((dest->pub_key = EC_POINT_dup(src->pub_key,
                            src->group)) == NULL)
                                return NULL;
                }
        }

        BN_free(dest->priv_key);
        dest->priv_key = NULL;
        if (src->priv_key != NULL) {
                if ((dest->priv_key = BN_dup(src->priv_key)) == NULL)
                        return NULL;
        }

        dest->enc_flag = src->enc_flag;
        dest->conv_form = src->conv_form;
        dest->version = src->version;
        dest->flags = src->flags;

        /*
         * The fun part about being a toolkit implementer is that the rest of
         * the world gets to live with your terrible API design choices for
         * eternity. (To be fair: the signature was changed in OpenSSL 3).
         */
        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, &dest->ex_data,
            &((EC_KEY *)src)->ex_data)) /* XXX const */
                return NULL;

        dest->meth = src->meth;

        if (src->meth != NULL && src->meth->copy != NULL) {
                if (!src->meth->copy(dest, src))
                        return NULL;
        }

        return dest;
}
LCRYPTO_ALIAS(EC_KEY_copy);

EC_KEY *
EC_KEY_dup(const EC_KEY *in_ec_key)
{
        EC_KEY *ec_key;

        /* XXX - Pass NULL - so we're perhaps not running the right init()? */
        if ((ec_key = EC_KEY_new_method(NULL)) == NULL)
                goto err;
        if (EC_KEY_copy(ec_key, in_ec_key) == NULL)
                goto err;

        return ec_key;

 err:
        EC_KEY_free(ec_key);

        return NULL;
}
LCRYPTO_ALIAS(EC_KEY_dup);

int
EC_KEY_up_ref(EC_KEY *r)
{
        return CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC) > 1;
}
LCRYPTO_ALIAS(EC_KEY_up_ref);

int
EC_KEY_set_ex_data(EC_KEY *r, int idx, void *arg)
{
        return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
}
LCRYPTO_ALIAS(EC_KEY_set_ex_data);

void *
EC_KEY_get_ex_data(const EC_KEY *r, int idx)
{
        return CRYPTO_get_ex_data(&r->ex_data, idx);
}
LCRYPTO_ALIAS(EC_KEY_get_ex_data);

int
EC_KEY_generate_key(EC_KEY *eckey)
{
        if (eckey->meth->keygen != NULL)
                return eckey->meth->keygen(eckey);
        ECerror(EC_R_NOT_IMPLEMENTED);
        return 0;
}
LCRYPTO_ALIAS(EC_KEY_generate_key);

static int
ec_key_generate_key(EC_KEY *eckey)
{
        BIGNUM *priv_key = NULL;
        EC_POINT *pub_key = NULL;
        const BIGNUM *order;
        int ret = 0;

        if (eckey == NULL || eckey->group == NULL) {
                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                goto err;
        }

        if ((priv_key = BN_new()) == NULL)
                goto err;
        if ((pub_key = EC_POINT_new(eckey->group)) == NULL)
                goto err;

        if ((order = EC_GROUP_get0_order(eckey->group)) == NULL)
                goto err;
        if (!bn_rand_interval(priv_key, 1, order))
                goto err;
        if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, NULL))
                goto err;

        BN_free(eckey->priv_key);
        eckey->priv_key = priv_key;
        priv_key = NULL;

        EC_POINT_free(eckey->pub_key);
        eckey->pub_key = pub_key;
        pub_key = NULL;

        ret = 1;

 err:
        EC_POINT_free(pub_key);
        BN_free(priv_key);

        return ret;
}

int
EC_KEY_check_key(const EC_KEY *eckey)
{
        BN_CTX *ctx = NULL;
        EC_POINT *point = NULL;
        const BIGNUM *order;
        int ret = 0;

        if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                goto err;
        }

        if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
                ECerror(EC_R_POINT_AT_INFINITY);
                goto err;
        }

        if ((ctx = BN_CTX_new()) == NULL)
                goto err;

        if ((point = EC_POINT_new(eckey->group)) == NULL)
                goto err;

        /* Ensure public key is on the elliptic curve. */
        if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
                ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
                goto err;
        }

        /* Ensure public key multiplied by the order is the point at infinity. */
        if ((order = EC_GROUP_get0_order(eckey->group)) == NULL) {
                ECerror(EC_R_INVALID_GROUP_ORDER);
                goto err;
        }
        if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
                ECerror(ERR_R_EC_LIB);
                goto err;
        }
        if (!EC_POINT_is_at_infinity(eckey->group, point)) {
                ECerror(EC_R_WRONG_ORDER);
                goto err;
        }

        /*
         * If the private key is present, ensure that the private key multiplied
         * by the generator matches the public key.
         */
        if (eckey->priv_key != NULL) {
                if (BN_cmp(eckey->priv_key, order) >= 0) {
                        ECerror(EC_R_WRONG_ORDER);
                        goto err;
                }
                if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL,
                    NULL, ctx)) {
                        ECerror(ERR_R_EC_LIB);
                        goto err;
                }
                if (EC_POINT_cmp(eckey->group, point, eckey->pub_key,
                    ctx) != 0) {
                        ECerror(EC_R_INVALID_PRIVATE_KEY);
                        goto err;
                }
        }

        ret = 1;

 err:
        BN_CTX_free(ctx);
        EC_POINT_free(point);

        return ret;
}
LCRYPTO_ALIAS(EC_KEY_check_key);

int
EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y)
{
        BN_CTX *ctx = NULL;
        EC_POINT *point = NULL;
        BIGNUM *tx, *ty;
        int ret = 0;

        if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
                ECerror(ERR_R_PASSED_NULL_PARAMETER);
                goto err;
        }

        if ((ctx = BN_CTX_new()) == NULL)
                goto err;

        BN_CTX_start(ctx);

        if ((tx = BN_CTX_get(ctx)) == NULL)
                goto err;
        if ((ty = BN_CTX_get(ctx)) == NULL)
                goto err;

        if ((point = EC_POINT_new(key->group)) == NULL)
                goto err;

        if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx))
                goto err;
        if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx))
                goto err;

        /*
         * Check if retrieved coordinates match originals: if not values are
         * out of range.
         */
        if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) {
                ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
                goto err;
        }
        if (!EC_KEY_set_public_key(key, point))
                goto err;
        if (EC_KEY_check_key(key) == 0)
                goto err;

        ret = 1;

 err:
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
        EC_POINT_free(point);

        return ret;
}
LCRYPTO_ALIAS(EC_KEY_set_public_key_affine_coordinates);

const EC_GROUP *
EC_KEY_get0_group(const EC_KEY *key)
{
        return key->group;
}
LCRYPTO_ALIAS(EC_KEY_get0_group);

int
EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
{
        if (key->meth->set_group != NULL &&
            key->meth->set_group(key, group) == 0)
                return 0;
        EC_GROUP_free(key->group);
        key->group = EC_GROUP_dup(group);
        return (key->group == NULL) ? 0 : 1;
}
LCRYPTO_ALIAS(EC_KEY_set_group);

const BIGNUM *
EC_KEY_get0_private_key(const EC_KEY *key)
{
        return key->priv_key;
}
LCRYPTO_ALIAS(EC_KEY_get0_private_key);

int
EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
{
        if (key->meth->set_private != NULL &&
            key->meth->set_private(key, priv_key) == 0)
                return 0;

        BN_free(key->priv_key);
        if ((key->priv_key = BN_dup(priv_key)) == NULL)
                return 0;

        return 1;
}
LCRYPTO_ALIAS(EC_KEY_set_private_key);

const EC_POINT *
EC_KEY_get0_public_key(const EC_KEY *key)
{
        return key->pub_key;
}
LCRYPTO_ALIAS(EC_KEY_get0_public_key);

int
EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
{
        if (key->meth->set_public != NULL &&
            key->meth->set_public(key, pub_key) == 0)
                return 0;

        EC_POINT_free(key->pub_key);
        if ((key->pub_key = EC_POINT_dup(pub_key, key->group)) == NULL)
                return 0;

        return 1;
}
LCRYPTO_ALIAS(EC_KEY_set_public_key);

unsigned int
EC_KEY_get_enc_flags(const EC_KEY *key)
{
        return key->enc_flag;
}
LCRYPTO_ALIAS(EC_KEY_get_enc_flags);

void
EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
{
        key->enc_flag = flags;
}
LCRYPTO_ALIAS(EC_KEY_set_enc_flags);

point_conversion_form_t
EC_KEY_get_conv_form(const EC_KEY *key)
{
        return key->conv_form;
}
LCRYPTO_ALIAS(EC_KEY_get_conv_form);

void
EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
{
        key->conv_form = cform;
        if (key->group != NULL)
                EC_GROUP_set_point_conversion_form(key->group, cform);
}
LCRYPTO_ALIAS(EC_KEY_set_conv_form);

void
EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
{
        if (key->group != NULL)
                EC_GROUP_set_asn1_flag(key->group, flag);
}
LCRYPTO_ALIAS(EC_KEY_set_asn1_flag);

int
EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
{
        if (key->group == NULL)
                return 0;
        return 1;
}
LCRYPTO_ALIAS(EC_KEY_precompute_mult);

int
EC_KEY_get_flags(const EC_KEY *key)
{
        return key->flags;
}
LCRYPTO_ALIAS(EC_KEY_get_flags);

void
EC_KEY_set_flags(EC_KEY *key, int flags)
{
        key->flags |= flags;
}
LCRYPTO_ALIAS(EC_KEY_set_flags);

void
EC_KEY_clear_flags(EC_KEY *key, int flags)
{
        key->flags &= ~flags;
}
LCRYPTO_ALIAS(EC_KEY_clear_flags);

const EC_KEY_METHOD *
EC_KEY_get_method(const EC_KEY *key)
{
        return key->meth;
}
LCRYPTO_ALIAS(EC_KEY_get_method);

int
EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
{
        void (*finish)(EC_KEY *key) = key->meth->finish;

        if (finish != NULL)
                finish(key);

        key->meth = meth;
        if (meth->init != NULL)
                return meth->init(key);
        return 1;
}
LCRYPTO_ALIAS(EC_KEY_set_method);

EC_KEY *
EC_KEY_new_method(ENGINE *engine)
{
        EC_KEY *ret;

        if ((ret = calloc(1, sizeof(EC_KEY))) == NULL) {
                ECerror(ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        ret->meth = EC_KEY_get_default_method();
        ret->version = 1;
        ret->flags = 0;
        ret->group = NULL;
        ret->pub_key = NULL;
        ret->priv_key = NULL;
        ret->enc_flag = 0;
        ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
        ret->references = 1;

        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data))
                goto err;
        if (ret->meth->init != NULL && ret->meth->init(ret) == 0)
                goto err;

        return ret;

 err:
        EC_KEY_free(ret);
        return NULL;
}
LCRYPTO_ALIAS(EC_KEY_new_method);

#define EC_KEY_METHOD_DYNAMIC   1

EC_KEY_METHOD *
EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
{
        EC_KEY_METHOD *ret;

        if ((ret = calloc(1, sizeof(*meth))) == NULL)
                return NULL;
        if (meth != NULL)
                *ret = *meth;
        ret->flags |= EC_KEY_METHOD_DYNAMIC;
        return ret;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_new);

void
EC_KEY_METHOD_free(EC_KEY_METHOD *meth)
{
        if (meth == NULL)
                return;
        if (meth->flags & EC_KEY_METHOD_DYNAMIC)
                free(meth);
}
LCRYPTO_ALIAS(EC_KEY_METHOD_free);

void
EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
    int (*init)(EC_KEY *key),
    void (*finish)(EC_KEY *key),
    int (*copy)(EC_KEY *dest, const EC_KEY *src),
    int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
    int (*set_private)(EC_KEY *key, const BIGNUM *priv_key),
    int (*set_public)(EC_KEY *key, const EC_POINT *pub_key))
{
        meth->init = init;
        meth->finish = finish;
        meth->copy = copy;
        meth->set_group = set_group;
        meth->set_private = set_private;
        meth->set_public = set_public;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_set_init);

void
EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, int (*keygen)(EC_KEY *key))
{
        meth->keygen = keygen;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_set_keygen);

void
EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
    int (*ckey)(unsigned char **out, size_t *out_len, const EC_POINT *pub_key,
        const EC_KEY *ecdh))
{
        meth->compute_key = ckey;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_set_compute_key);

void
EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
    int (*sign)(int type, const unsigned char *dgst,
        int dlen, unsigned char *sig, unsigned int *siglen,
        const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
    int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
        BIGNUM **kinvp, BIGNUM **rp),
    ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
        int dgst_len, const BIGNUM *in_kinv,
        const BIGNUM *in_r, EC_KEY *eckey))
{
        meth->sign = sign;
        meth->sign_setup = sign_setup;
        meth->sign_sig = sign_sig;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_set_sign);

void
EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
    int (*verify)(int type, const unsigned char *dgst, int dgst_len,
        const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
    int (*verify_sig)(const unsigned char *dgst, int dgst_len,
        const ECDSA_SIG *sig, EC_KEY *eckey))
{
        meth->verify = verify;
        meth->verify_sig = verify_sig;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_set_verify);


void
EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
    int (**pinit)(EC_KEY *key),
    void (**pfinish)(EC_KEY *key),
    int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
    int (**pset_group)(EC_KEY *key, const EC_GROUP *grp),
    int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key),
    int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key))
{
        if (pinit != NULL)
                *pinit = meth->init;
        if (pfinish != NULL)
                *pfinish = meth->finish;
        if (pcopy != NULL)
                *pcopy = meth->copy;
        if (pset_group != NULL)
                *pset_group = meth->set_group;
        if (pset_private != NULL)
                *pset_private = meth->set_private;
        if (pset_public != NULL)
                *pset_public = meth->set_public;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_get_init);

void
EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
    int (**pkeygen)(EC_KEY *key))
{
        if (pkeygen != NULL)
                *pkeygen = meth->keygen;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_get_keygen);

void
EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
    int (**pck)(unsigned char **out, size_t *out_len, const EC_POINT *pub_key,
        const EC_KEY *ecdh))
{
        if (pck != NULL)
                *pck = meth->compute_key;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_get_compute_key);

void
EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
    int (**psign)(int type, const unsigned char *dgst,
        int dlen, unsigned char *sig, unsigned int *siglen,
        const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
    int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
        BIGNUM **kinvp, BIGNUM **rp),
    ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
        int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
        EC_KEY *eckey))
{
        if (psign != NULL)
                *psign = meth->sign;
        if (psign_setup != NULL)
                *psign_setup = meth->sign_setup;
        if (psign_sig != NULL)
                *psign_sig = meth->sign_sig;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_get_sign);

void
EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
    int (**pverify)(int type, const unsigned char *dgst, int dgst_len,
        const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
    int (**pverify_sig)(const unsigned char *dgst, int dgst_len,
        const ECDSA_SIG *sig, EC_KEY *eckey))
{
        if (pverify != NULL)
                *pverify = meth->verify;
        if (pverify_sig != NULL)
                *pverify_sig = meth->verify_sig;
}
LCRYPTO_ALIAS(EC_KEY_METHOD_get_verify);

static const EC_KEY_METHOD openssl_ec_key_method = {
        .name = "OpenSSL EC_KEY method",
        .flags = 0,

        .init = NULL,
        .finish = NULL,
        .copy = NULL,

        .set_group = NULL,
        .set_private = NULL,
        .set_public = NULL,

        .keygen = ec_key_generate_key,
        .compute_key = ec_key_ecdh_compute_key,

        .sign = ec_key_ecdsa_sign,
        .sign_setup = ec_key_ecdsa_sign_setup,
        .sign_sig = ec_key_ecdsa_sign_sig,

        .verify = ec_key_ecdsa_verify,
        .verify_sig = ec_key_ecdsa_verify_sig,
};

const EC_KEY_METHOD *
EC_KEY_OpenSSL(void)
{
        return &openssl_ec_key_method;
}
LCRYPTO_ALIAS(EC_KEY_OpenSSL);

const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;

const EC_KEY_METHOD *
EC_KEY_get_default_method(void)
{
        return default_ec_key_meth;
}
LCRYPTO_ALIAS(EC_KEY_get_default_method);

void
EC_KEY_set_default_method(const EC_KEY_METHOD *meth)
{
        if (meth == NULL)
                default_ec_key_meth = &openssl_ec_key_method;
        else
                default_ec_key_meth = meth;
}
LCRYPTO_ALIAS(EC_KEY_set_default_method);