[openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs

Ethan Rahn ethan.rahn at gmail.com
Fri Mar 10 20:58:41 UTC 2017

Hello Openssl-users,

I'm trying to write some code that derives the shared secret for 2 elliptic
curve keys ( i.e. does ECDH )

I am doing the following to load up both the local and remote EC key ( code
shown for local side ):

EC_KEY* localEC = EC_KEY_new_by_curve_name( curveName );
EC_KEY_set_private_key( localEC, privateKeyLocal )
EC_KEY_set_public_key_affine_coordinates( localEC, publicXCoordLocal,
publicYCoordLocal )

I check the return values for all of these, as well as EC_KEY_check_key at
the end. Everything returns non-zero, so I assume that it is good to go. I
then do the following to turn the EC_KEY into an EVP_PKEY for ECDH:

pkey = EVP_PKEY_new();
EVP_PKEY_set1_EC_KEY( *pkey, localEC );

The same is done for the remote EC, except that the private key is not
loaded up.

Now this is where things get weird.

I run code pretty similar to the example given here ( starting from
EVP_PKEY_CTX_new() since I already have the pkey and peerkey. (
https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman ) and it
fails on the call to EVP_PKEY_derive()without an error message. I tried
running into under gdb() and it gets to ecdh_check() before it's unable to
fill in the ecdh_data structure, i.e. it returns it as NULL.

If I use the example code to generate the local EVP_PKEY with a random set
of points on the correct curve, then run the following line, the key
derivation will work with the parameters I read in:
( in this example, pkey is as in the example code, i.e. generated randomly.
pkey2 is the one I made via EVP_PKEY_set1_EC_KEY )

EVP_PKEY_set1_EC_KEY( pkey, EVP_PKEY_get1_EC_KEY( pkey2 ) );

It would appear that there is something that EVP_PKEY_set1_EC_KEY is not
setting, or perhaps that I need to add, but I'm unclear what that would be.
Does anyone on this list have any ideas?

Much thanks,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170310/696dfb15/attachment.html>

More information about the openssl-users mailing list