fix ECDSA handling

Submitted by: Nils Larsch

crypto/asn1/d2i_pu.c

@@ -113,7 +113,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_ECDSA
 	case EVP_PKEY_ECDSA:
-		if ((ret->pkey.ecdsa = d2i_ECDSAPublicKey(&(ret->pkey.ecdsa), 
+		if ((ret->pkey.ecdsa = ECDSAPublicKey_set_octet_string(&(ret->pkey.ecdsa), 
 			(const unsigned char **)pp, length)) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);

crypto/asn1/i2d_pu.c

@@ -85,7 +85,7 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 #endif
 #ifndef OPENSSL_NO_ECDSA
 	case EVP_PKEY_ECDSA:
-		return(i2d_ECDSAPublicKey(a->pkey.ecdsa, pp));
+		return(ECDSAPublicKey_get_octet_string(a->pkey.ecdsa, pp));
 #endif
 	default:
 		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

crypto/asn1/t_pkey.c

@@ -237,7 +237,8 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off)
 	unsigned char *buffer=NULL;
 	int     i, buf_len=0, ret=0, reason=ERR_R_BIO_LIB;
 	BIGNUM  *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL,
-		*tmp_4=NULL, *tmp_5=NULL;
+		*tmp_4=NULL, *tmp_5=NULL, *tmp_6=NULL,
+		*tmp_7=NULL;
 	BN_CTX  *ctx=NULL;
 	EC_POINT *point=NULL;
  
@@ -249,7 +250,8 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off)
 		goto err;
 		}
 	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL ||
-		(tmp_3 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL)
+		(tmp_3 = BN_new()) == NULL || (ctx = BN_CTX_new()) == NULL ||
+		(tmp_6 = BN_new()) == NULL || (tmp_7 = BN_new()) == NULL)
 		{
 		reason = ERR_R_MALLOC_FAILURE;
 		goto err;
@@ -264,7 +266,12 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off)
 		reason = ERR_R_EC_LIB;
 		goto err;
 		}
-	if ((buf_len = EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx)) == 0)
+	if (!EC_GROUP_get_order(x->group, tmp_6, NULL) || !EC_GROUP_get_cofactor(x->group, tmp_7, NULL))
+		{
+		reason = ERR_R_EC_LIB;
+		goto err;
+		}
+	if ((buf_len = EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), NULL, 0, ctx)) == 0)
 		{
 		reason = ECDSA_R_UNEXPECTED_PARAMETER_LENGTH;
 		goto err;
@@ -274,14 +281,14 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off)
 		reason = ERR_R_MALLOC_FAILURE;
 		goto err;
 		}
-	if (!EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, 
+	if (!EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), 
 				buffer, buf_len, ctx)) goto err;
 	if ((tmp_4 = BN_bin2bn(buffer, buf_len, NULL)) == NULL)
 		{
 		reason = ERR_R_BN_LIB;
 		goto err;
 		}
-	if ((i = EC_POINT_point2oct(x->group, x->pub_key, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx)) == 0)
+	if ((i = EC_POINT_point2oct(x->group, x->pub_key, ECDSA_get_conversion_form(x), NULL, 0, ctx)) == 0)
 		{
 		reason = ECDSA_R_UNEXPECTED_PARAMETER_LENGTH;
 		goto err;
@@ -292,7 +299,7 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off)
 		buf_len = i;
 		goto err;
 		}
-	if (!EC_POINT_point2oct(x->group, x->pub_key, POINT_CONVERSION_COMPRESSED, 
+	if (!EC_POINT_point2oct(x->group, x->pub_key, ECDSA_get_conversion_form(x), 
 				buffer, buf_len, ctx))
 		{
 		reason = ERR_R_EC_LIB;
@@ -330,6 +337,8 @@ int ECDSA_print(BIO *bp, const ECDSA *x, int off)
 	if ((tmp_2 != NULL) && !print(bp, "A:   ", tmp_2, buffer, off)) goto err;
 	if ((tmp_3 != NULL) && !print(bp, "B:   ", tmp_3, buffer, off)) goto err;
 	if ((tmp_4 != NULL) && !print(bp, "Gen: ", tmp_4, buffer, off)) goto err;
+	if ((tmp_6 != NULL) && !print(bp, "Order: ", tmp_6, buffer, off)) goto err;
+	if ((tmp_7 != NULL) && !print(bp, "Cofactor: ", tmp_7, buffer, off)) goto err;
 	ret=1;
 err:
 	if (!ret)
@@ -339,6 +348,8 @@ err:
 	if (tmp_3) BN_free(tmp_3);
 	if (tmp_4) BN_free(tmp_4);
 	if (tmp_5) BN_free(tmp_5);
+	if (tmp_6) BN_free(tmp_6);
+	if (tmp_7) BN_free(tmp_7);
 	if (ctx)   BN_CTX_free(ctx);
 	if (buffer != NULL) OPENSSL_free(buffer);
 	return(ret);
@@ -541,13 +552,13 @@ int ECDSAParameters_print(BIO *bp, const ECDSA *x)
 	if ((point = EC_GROUP_get0_generator(x->group)) == NULL) goto err;
 	if (!EC_GROUP_get_order(x->group, tmp_5, ctx)) goto err;
 	if (!EC_GROUP_get_cofactor(x->group, tmp_6, ctx)) goto err;	
-	buf_len = EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx);
+	buf_len = EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), NULL, 0, ctx);
 	if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL)
 	{
 		reason = ERR_R_MALLOC_FAILURE;
 		goto err;
 	}
-	if (!EC_POINT_point2oct(x->group, point, POINT_CONVERSION_COMPRESSED, buffer, buf_len, ctx))
+	if (!EC_POINT_point2oct(x->group, point, ECDSA_get_conversion_form(x), buffer, buf_len, ctx))
 	{
 		reason = ERR_R_EC_LIB;
 		goto err;

crypto/asn1/x_pubkey.c

@@ -136,7 +136,6 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		ECDSA *ecdsa;
 		
 		ecdsa = pkey->pkey.ecdsa;
-		ecdsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
 		if ((i = i2d_ECDSAParameters(ecdsa, NULL)) == 0)
 			{
@@ -272,7 +271,6 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
-			ret->pkey.ecdsa->write_params = 0;
 			cp = p = a->parameter->value.sequence->data;
 			j = a->parameter->value.sequence->length;
 			if (!d2i_ECDSAParameters(&ret->pkey.ecdsa, &cp, (long)j))

crypto/ecdsa/ecdsa.h

@@ -99,7 +99,7 @@ typedef struct ecdsa_method
 struct ecdsa_st
 {
 	int version;
-	int write_params;
+	point_conversion_form_t conversion_form;
 
 	EC_GROUP *group;
 
@@ -164,6 +164,15 @@ int	ECDSA_print_fp(FILE *fp, const ECDSA *x, int off);
 void 	ECDSA_set_parameter_flags(ECDSA *, int);
 int	ECDSA_get_parameter_flags(const ECDSA*);
 
+/* The ECDSA_{set|get}_conversion_type() functions set/get the
+ * conversion form for ec-points (see ec.h) in a ECDSA-structure */
+void	ECDSA_set_conversion_form(ECDSA *, const point_conversion_form_t);
+point_conversion_form_t ECDSA_get_conversion_form(const ECDSA *);
+/* The ECDSA_{set|get}_default_conversion_form() functions set/get the 
+ * default conversion form */
+void	ECDSA_set_default_conversion_form(const point_conversion_form_t);
+point_conversion_form_t ECDSA_get_default_conversion_form(void);
+
 /* the basic de- and encode functions ( see ecs_asn1.c ) */
 ECDSA   *d2i_ECDSAParameters(ECDSA **a, const unsigned char **in, long len);
 int     i2d_ECDSAParameters(ECDSA *a, unsigned char **out);
@@ -171,8 +180,14 @@ int     i2d_ECDSAParameters(ECDSA *a, unsigned char **out);
 ECDSA   *d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len);
 int     i2d_ECDSAPrivateKey(ECDSA *a, unsigned char **out);
 
-ECDSA   *d2i_ECDSAPublicKey(ECDSA **a, const unsigned char **in, long len);
-int     i2d_ECDSAPublicKey(ECDSA *a, unsigned char **out);
+/* ECDSAPublicKey_set_octet_string() sets the public key in the ECDSA-structure.
+ * (*a) must be a pointer to a ECDSA-structure with (*a)->group not zero 
+ * (e.g. a ECDSA-structure with a valid EC_GROUP-structure) */
+ECDSA 	*ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, long len);
+/* ECDSAPublicKey_get_octet_string() returns the length of the octet string encoding
+ * of the public key. If out != NULL then the function returns in *out 
+ * a pointer to the octet string */
+int 	ECDSAPublicKey_get_octet_string(ECDSA *a, unsigned char **out);
 
 
 #define ECDSAParameters_dup(x) (ECDSA *)ASN1_dup((int (*)())i2d_ECDSAParameters, \

crypto/ecdsa/ecdsatest.c

@@ -390,23 +390,6 @@ int main(void)
 	OPENSSL_free(buffer);
 	buffer = NULL;
 
-	/* i2d_ - d2i_ECDSAPublicKey() */
-
-	BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPublicKey \n");
-	buf_len = i2d_ECDSAPublicKey(ecdsa, NULL);
-	if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err;
-	pp = buffer;
-	if (!i2d_ECDSAPublicKey(ecdsa, &pp)) goto err;
-	pp = buffer;
-	if ((ret_ecdsa = d2i_ECDSAPublicKey(&ret_ecdsa , (const unsigned char**)&pp, 
-			buf_len)) == NULL) goto err;
-	ECDSA_print(bio_err, ret_ecdsa, 0);
-	if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err;
-	OPENSSL_free(buffer);
-	buffer = NULL;
-	ECDSA_free(ret_ecdsa);
-	ret_ecdsa = NULL;	
-	
 	/* X509_PUBKEY_set() &  X509_PUBKEY_get() */	
 
 	BIO_printf(bio_err, "\nTesting X509_PUBKEY_{get,set}            : ");

crypto/ecdsa/ecs_asn1.c

@@ -59,8 +59,6 @@
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 
-static point_conversion_form_t POINT_CONVERSION_FORM = POINT_CONVERSION_COMPRESSED;
-
 ASN1_SEQUENCE(ECDSA_SIG) = {
 	ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
 	ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
@@ -122,19 +120,6 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPrivateKey)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(ECDSAPrivateKey, ECDSAPrivateKey, ECDSAPrivateKey)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPrivateKey, ecdsaPrivateKey)
 
-ASN1_SEQUENCE(ecdsa_pub_internal) = {
-	ASN1_SIMPLE(ECDSAPrivateKey, pub_key, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(ECDSAPrivateKey, parameters, EC_PARAMETERS),
-} ASN1_SEQUENCE_END_name(ECDSAPrivateKey, ecdsa_pub_internal)
-
-ASN1_CHOICE(ECDSAPublicKey) = {
-	ASN1_SIMPLE(ECDSAPrivateKey, pub_key, ASN1_OCTET_STRING),
-	ASN1_EX_COMBINE(0, 0, ecdsa_pub_internal)
-} ASN1_CHOICE_END_selector(ECDSAPrivateKey, ECDSAPublicKey, write_params)
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPublicKey)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPublicKey, ecdsaPublicKey)
-
 
 X9_62_FIELDID 	*ECDSA_get_X9_62_FIELDID(const ECDSA *ecdsa, X9_62_FIELDID *field)
 {
@@ -583,7 +568,6 @@ ECDSA 	*d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len)
 	if ((ret = ECDSA_ecparameters2ecdsa(priv_key->parameters, NULL)) == NULL)
 		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_FAILURE)
 	ret->version = priv_key->version;
-	ret->write_params = priv_key->write_params;
 	if (priv_key->priv_key)
 	{
 		if ((ret->priv_key = BN_dup(priv_key->priv_key)) == NULL)
@@ -641,85 +625,58 @@ err:	if (!ok)
 }
 
 
-ECDSA 	*d2i_ECDSAPublicKey(ECDSA **a, const unsigned char **in, long len)
+ECDSA 	*ECDSAPublicKey_set_octet_string(ECDSA **a, const unsigned char **in, long len)
 {
-	int reason=ERR_R_BN_LIB, ok=0, ecdsa_new=1;
 	ECDSA *ret=NULL;
-	ECDSAPrivateKey *priv_key=NULL;
 
-	if (a && *a)
+	if (a == NULL || (*a) == NULL || (*a)->group == NULL)
 	{
-		ecdsa_new = 0;
-		ret = *a;
+		/* sorry, but a EC_GROUP-structur is necessary
+                 * to set the public key */
+		ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ECDSA_R_MISSING_PARAMETERS);
+		return 0;
 	}
-	else if ((ret = ECDSA_new()) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE); 
-	if ((priv_key = ECDSAPrivateKey_new()) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE)
-	if ((priv_key = d2i_ecdsaPublicKey(&priv_key, in, len)) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE)
-	if (priv_key->write_params == 0)
+	ret = *a;
+	if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
 	{
-		if (ecdsa_new || !ret->group)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
-		if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
-		if (!EC_POINT_oct2point(ret->group, ret->pub_key, priv_key->pub_key->data,
-					priv_key->pub_key->length, NULL))
-			OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-	}
-	else if (priv_key->write_params == 1)
-	{
-		if ((ret = ECDSA_ecparameters2ecdsa(priv_key->parameters, ret)) == NULL)
-			OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_FAILURE)
-		if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
-			OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-		if (!EC_POINT_oct2point(ret->group, ret->pub_key, priv_key->pub_key->data, 
-				priv_key->pub_key->length, NULL))
-			OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
-	}
-	else	OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_PARAMETER)
-	ret->write_params = 1;
-	ok = 1;
-err :	if (!ok)
+		ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))
 	{
-		if (ret && ecdsa_new) ECDSA_free(ret);
-		ret = NULL;
-		ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, reason);
+		ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, ERR_R_EC_LIB);
+		return 0;
 	}
-	if (priv_key)	ECDSAPrivateKey_free(priv_key);
-	return(ret);
+	ECDSA_set_conversion_form(ret, (point_conversion_form_t)*in[0]);
+	return ret;
 }
 
-int 	i2d_ECDSAPublicKey(ECDSA *a, unsigned char **out)
+int 	ECDSAPublicKey_get_octet_string(ECDSA *a, unsigned char **out)
 {
-        int 	ret=0, reason=ERR_R_EC_LIB, ok=0;
-        unsigned char   *buffer=NULL;
-        size_t          buf_len=0;
-        ECDSAPrivateKey *priv_key=NULL;
+        size_t  buf_len=0;
 
         if (a == NULL) 
-		OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
-        if ((priv_key = ECDSAPrivateKey_new()) == NULL) 
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE)
-        if ((priv_key->parameters = ECDSA_get_EC_PARAMETERS(a, priv_key->parameters)) == NULL)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE)
-        priv_key->version = a->version;
-        priv_key->write_params = a->write_params;
-        buf_len = EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_FORM, NULL, 0, NULL);
-        if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL)
-		OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
-        if (!EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_FORM,
-	 		        buffer, buf_len, NULL)) goto err;
-        if (!M_ASN1_OCTET_STRING_set(priv_key->pub_key, buffer, buf_len))
-		OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
-        if ((ret = i2d_ecdsaPublicKey(priv_key, out)) == 0)
-		OPENSSL_ECDSA_ABORT(ECDSA_R_I2D_ECDSA_PUBLICKEY)
-	ok = 1;
-
-err:    if (!ok)
-		ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, reason);
-	if (buffer)   OPENSSL_free(buffer);
-        if (priv_key) ECDSAPrivateKey_free(priv_key);
-        return(ok?ret:0);
+	{
+		ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ECDSA_R_MISSING_PARAMETERS);
+		return 0;
+	}
+        buf_len = EC_POINT_point2oct(a->group, a->pub_key, ECDSA_get_conversion_form(a), NULL, 0, NULL);
+	if (out == NULL || buf_len == 0)
+	/* out == NULL => just return the length of the octet string */
+		return buf_len;
+	if (*out == NULL)
+		if ((*out = OPENSSL_malloc(buf_len)) == NULL)
+		{
+			ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+        if (!EC_POINT_point2oct(a->group, a->pub_key, ECDSA_get_conversion_form(a),
+				*out, buf_len, NULL))
+	{
+		ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, ERR_R_EC_LIB);
+		OPENSSL_free(*out);
+		*out = NULL;
+		return 0;
+	}
+	return buf_len;
 }

crypto/ecdsa/ecs_lib.c

@@ -177,7 +177,7 @@ ECDSA *ECDSA_new_method(ENGINE *engine)
 	}
 
 	ret->version = 1;
-	ret->write_params=1;
+	ret->conversion_form = ECDSA_get_default_conversion_form();
 	ret->group = NULL;
 
 	ret->pub_key = NULL;
@@ -310,3 +310,25 @@ int ECDSA_get_parameter_flags(const ECDSA *ecdsa)
 {
 	return ecdsa->parameter_flags;
 }
+
+void	ECDSA_set_conversion_form(ECDSA *ecdsa, const point_conversion_form_t form)
+{
+	if (ecdsa) ecdsa->conversion_form = form;
+}
+
+point_conversion_form_t ECDSA_get_conversion_form(const ECDSA *ecdsa)
+{
+	return ecdsa ? ecdsa->conversion_form : 0;
+}
+
+static point_conversion_form_t default_conversion_form = POINT_CONVERSION_COMPRESSED;
+
+void	ECDSA_set_default_conversion_form(const point_conversion_form_t form)
+{
+	default_conversion_form = form;
+}
+
+point_conversion_form_t ECDSA_get_default_conversion_form(void)
+{
+	return default_conversion_form;
+}

crypto/ecdsa/ecs_locl.h

@@ -96,7 +96,6 @@ typedef struct ec_parameters {
 
 typedef struct ecdsa_priv_key_st {
         int               version;
-        int               write_params;
         EC_PARAMETERS	  *parameters;
 	ASN1_OBJECT	  *named_curve;
         ASN1_OCTET_STRING *pub_key;

crypto/evp/evp_pkey.c

@@ -585,11 +585,11 @@ static int ecdsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 			EVPerr(EVP_F_ECDSA_PKEY2PKCS8, ERR_R_EC_LIB);
 			return 0;
 		}
-		len = EC_POINT_point2oct(pkey->pkey.ecdsa->group, point, POINT_CONVERSION_COMPRESSED,
+		len = EC_POINT_point2oct(pkey->pkey.ecdsa->group, point, ECDSA_get_conversion_form(pkey->pkey.ecdsa),
 				         NULL, 0, NULL);
 		p = OPENSSL_malloc(len);
 		if (!len || !p || !EC_POINT_point2oct(pkey->pkey.ecdsa->group, point,
-			POINT_CONVERSION_COMPRESSED, p, len, NULL))
+			ECDSA_get_conversion_form(pkey->pkey.ecdsa), p, len, NULL))
 		{
 			EVPerr(EVP_F_ECDSA_PKEY2PKCS8, ERR_R_EC_LIB);
 			OPENSSL_free(p);