diff --git a/src/ssl.c b/src/ssl.c
index 7fd595708..159a5980b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -36869,6 +36869,7 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
 {
     word32 len;
     ecc_key* key;
+    int ret;
 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
     && !defined(HAVE_FIPS)
     int setGlobalRNG = 0;
@@ -36908,19 +36909,17 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
         setGlobalRNG = 1;
     }
 #endif
-
-    if (wc_ecc_shared_secret_ssh(key,
-                                 (ecc_point*)pub_key->internal,
-                                 (byte *)out, &len) != MP_OKAY) {
-        WOLFSSL_MSG("wc_ecc_shared_secret failed");
-        return WOLFSSL_FATAL_ERROR;
-    }
-
+    ret = wc_ecc_shared_secret_ssh(key, (ecc_point*)pub_key->internal,
+            (byte *)out, &len);
 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
     && !defined(HAVE_FIPS)
     if (setGlobalRNG)
         key->rng = NULL;
 #endif
+    if (ret != MP_OKAY) {
+        WOLFSSL_MSG("wc_ecc_shared_secret failed");
+        return WOLFSSL_FATAL_ERROR;
+    }
 
     return len;
 }
diff --git a/tests/api.c b/tests/api.c
index 55c3d1203..d248e187a 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -33801,6 +33801,9 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
     /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
     AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
     AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    /* Should fail since ecKey is empty */
+    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
 
     /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
@@ -34133,6 +34136,8 @@ static void test_wolfSSL_EVP_PKEY_assign(void)
     AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE);
     AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL),  WOLFSSL_FAILURE);
     AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey),   WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey),   WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
     wolfSSL_EVP_PKEY_free(pkey);
 #endif /* HAVE_ECC */
@@ -36545,6 +36550,9 @@ static void test_EVP_PKEY_ec(void)
     AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
     AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
     AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    /* Should fail since ecKey is empty */
+    AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
     AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
     wolfSSL_EVP_PKEY_free(pkey);
 
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 61d89027c..207f8aede 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -16695,6 +16695,9 @@ int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen)
     return eccToPKCS8(key, output, outLen, 0);
 }
 
+/* Write both private and public ecc keys to unencrypted PKCS#8 format.
+ *
+ * return length on success else < 0 */
 int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
                      word32* outLen)
 {
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index fbd542261..9fa353389 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4035,14 +4035,6 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
                             byte* out, word32 *outlen)
 {
     int err;
-#ifdef ECC_TIMING_RESISTANT
-    int initTmpRng = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    WC_RNG *tmpRNG = NULL;
-#else
-    WC_RNG tmpRNG[1];
-#endif
-#endif
 
     if (private_key == NULL || point == NULL || out == NULL ||
                                                             outlen == NULL) {
@@ -4067,35 +4059,8 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
         case ECC_STATE_SHARED_SEC_GEN:
             private_key->state = ECC_STATE_SHARED_SEC_GEN;
 
-            #ifdef ECC_TIMING_RESISTANT
-            if (private_key->rng == NULL) {
-                #ifdef WOLFSSL_SMALL_STACK
-                tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
-                if (tmpRNG == NULL)
-                    return MEMORY_E;
-                #endif
-                if ((err = wc_InitRng(tmpRNG)) != MP_OKAY) {
-                    #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
-                    #endif
-                    break;
-                }
-                private_key->rng = tmpRNG;
-                initTmpRng = 1;
-            }
-            #endif
             err = wc_ecc_shared_secret_gen(private_key, point, out, outlen);
-            #ifdef ECC_TIMING_RESISTANT
-            if (initTmpRng) {
-                wc_FreeRng(tmpRNG);
-                #ifdef WOLFSSL_SMALL_STACK
-                XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
-                #endif
-                private_key->rng = NULL;
-            }
-            #endif
             if (err < 0) {
-                WOLFSSL_MSG("wc_ecc_shared_secret_gen failed");
                 break;
             }
             FALL_THROUGH;
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 254fd5204..749352269 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -6176,13 +6176,13 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
 
 #if defined(HAVE_ECC)
 /* try and populate public pkey_sz and pkey.ptr */
-static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc)
+static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc)
 {
     word32 derSz = 0;
     if (!pkey || !ecc)
-        return;
+        return WOLFSSL_FAILURE;
     if (wc_EccKeyToPKCS8(ecc, NULL, &derSz) == LENGTH_ONLY_E) {
-        byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
         if (derBuf) {
             if (wc_EccKeyToPKCS8(ecc, derBuf, &derSz) >= 0) {
                 if (pkey->pkey.ptr) {
@@ -6190,13 +6190,15 @@ static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc)
                 }
                 pkey->pkey_sz = (int)derSz;
                 pkey->pkey.ptr = (char*)derBuf;
+                return WOLFSSL_SUCCESS;
             }
-            else { /* failure - okay to ignore */
-                XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            else {
+                XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL);
                 derBuf = NULL;
             }
         }
     }
+    return WOLFSSL_FAILURE;
 }
 
 WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)
@@ -6228,8 +6230,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_
     pkey->ecc    = key;
     pkey->ownEcc = 0; /* pkey does not own EC key */
     pkey->type   = EVP_PKEY_EC;
-    ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal);
-    return WOLFSSL_SUCCESS;
+    return ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal);
 #else
     (void)pkey;
     (void)key;
@@ -6265,9 +6266,7 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
     pkey->ownEcc = 1;
 
     /* try and populate public pkey_sz and pkey.ptr */
-    ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal);
-
-    return WOLFSSL_SUCCESS;
+    return ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal);
 }
 #endif /* HAVE_ECC */