[openssl-users] Problems with deriving EC public key from private

[Mike Blaguszewski]

Some code of mine reads a NIST P256 private key from bytes and derives the public key from it, and this derived public key is incorrect about 0.4% of the time. I’ve attached a sample program that does the following.

1. Generate a key-pair of type NID_X9_62_prime256v1
2. Write the public and private components to memory
3. Read the private key back from memory, derive the public key, and write that back out.
4. Compare this “round-tripped” public key to the public key generated in step 2.

The public key from step 2 almost always matches the public key from step 3, but about 0.4% of the time they will differ. (The sample program runs a loop to determine this.) Further experiments suggest it’s the private_key_from_binary() function that is the problem, where I derive the public key using EC_POINT_mul(). The sample program omits error checking, but in the production code no errors are reported.

Does anyone see a flaw in my logic, especially in how I’m deriving the public key from the private key? Also let me know if this would be better submitted as a GitHub issue, or even if it needs to be handled as a paid support request.

Thanks,
Mike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ec_key_example.cxx
Type: application/octet-stream
Size: 3140 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181217/fd51edde/attachment.obj>