OpenSSL 3.0.0 APIs for creating an EVP_PKEY from a p256 private key octet string

Tomas Mraz tomas at
Wed Mar 10 07:49:35 UTC 2021

On Wed, 2021-03-10 at 00:53 +0000, Stephen Farrell wrote:
> Hiya,
> On 09/03/2021 03:09, Benjamin Kaduk wrote:
> > I would have expected that the API should hide the differences
> > other than the group name ... but these APIs are still pretty
> > new to me, too.  If you can point me at your code I might have
> > more to say.
> So again it's probably my fault but I'm still not seeing the
> same behaviour for NIST and non-NIST curves. I made up what
> I hope is a fairly simple bit of test code [1] so that might
> help clarify where I'm wrong or (less likely) where a change
> in the library might be useful.
> As I build the test code, the p256 cases seem to work, with
> or without the public key, but both 25519 cases fail. In my
> (still untidy:-) HPKE code EVP_PKEY_new_raw_private_key
> for the non-NIST curves works, but not for NIST curves. So I
> have an ok workaround, even if the fault's not mine, which
> it of course probably is:-)

Not sure if there are any other issues, but the public key parameter
should be "encoded-pub-key" AFAIK.

Tomas Mraz

More information about the openssl-users mailing list