[openssl-users] How to provide KDF to ECDH key computation when using EVP API?

Reinier Torenbeek reinier.torenbeek at gmail.com
Mon Jun 22 13:27:13 UTC 2015


My goal is to implement ECDH in my own engine. The snippet below shows
the struct that needs to be filled and set as the engine's ECDH method:

struct ecdh_method {
    const char *name;
    int (*compute_key) (void *key, size_t outlen, const EC_POINT *pub_key,
                        EC_KEY *ecdh, void *(*KDF) (const void *in,
                                                    size_t inlen, void *out,
                                                    size_t *outlen));
# if 0
    int (*init) (EC_KEY *eckey);
    int (*finish) (EC_KEY *eckey);
# endif
    int flags;
    char *app_data;

I intend to leverage the KDF mechanism, but it does not seem to be
exposed in the EVP API. Is that possible at all? If yes, how do I do
that? If no, what is the purpose of the KDF() parameter in compute_key?

(By the way, struct ecdh_method is in crypto/ecdh/ech_locl.h, which
seems to be a private header file. Am I supposed/allowed to include it

Thanks in advance,

More information about the openssl-users mailing list