OpenSSL 3.0.0 APIs for creating an EVP_PKEY from a p256 private key octet string

Stephen Farrell stephen.farrell at
Wed Mar 10 00:53:31 UTC 2021


On 09/03/2021 03:09, Benjamin Kaduk wrote:
> I would have expected that the API should hide the differences
> other than the group name ... but these APIs are still pretty
> new to me, too.  If you can point me at your code I might have
> more to say.

So again it's probably my fault but I'm still not seeing the
same behaviour for NIST and non-NIST curves. I made up what
I hope is a fairly simple bit of test code [1] so that might
help clarify where I'm wrong or (less likely) where a change
in the library might be useful.

As I build the test code, the p256 cases seem to work, with
or without the public key, but both 25519 cases fail. In my
(still untidy:-) HPKE code EVP_PKEY_new_raw_private_key
for the non-NIST curves works, but not for NIST curves. So I
have an ok workaround, even if the fault's not mine, which
it of course probably is:-)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5AB2FAF17B172BEA.asc
Type: application/pgp-keys
Size: 10689 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssl-users mailing list