[openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs

Matt Caswell matt at openssl.org
Sat Mar 11 20:28:41 UTC 2017

On 11/03/17 18:38, Ethan Rahn wrote:
>    size_t sharedSecretLen = 0;

Set this to sizeof(sharedSecret).

>    // Now derive the Shared Secret
>    EVP_PKEY_CTX *ctx;
>    ctx = EVP_PKEY_CTX_new(pkey, NULL);
>    if (!ctx){
>       fprintf( stderr, "Failed to make EVP_PKEY ctx\n" );
>       ERR_load_crypto_strings();

This should be called once at the start of your program - *before* any
calls that might generate an error.

>    if (EVP_PKEY_derive(ctx, sharedSecret, &sharedSecretLen) <= 0){

>From the EVP_PKEY_derive documentation:


"If key is not NULL then before the call the keylen parameter should
contain the length of the key buffer, if the call is successful the
shared secret is written to key and the amount of data written to keylen."


More information about the openssl-users mailing list