diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 6320330ba6250cbfc421240176cdba603cc7ca14..f7c50822196e3d03796ebcdd0add1c2079366c88 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -1510,6 +1510,7 @@ extern {
 
     pub fn EC_KEY_new() -> *mut EC_KEY;
     pub fn EC_KEY_new_by_curve_name(nid: c_int) -> *mut EC_KEY;
+    pub fn EC_KEY_dup(key: *const EC_KEY) -> *mut EC_KEY;
     pub fn EC_KEY_set_group(key: *mut EC_KEY, group: *const EC_GROUP) -> c_int;
     pub fn EC_KEY_get0_group(key: *const EC_KEY) -> *const EC_GROUP;
     pub fn EC_KEY_set_public_key(key: *mut EC_KEY, key: *const EC_POINT) -> c_int;
@@ -1650,8 +1651,13 @@ extern {
                                 e: *mut ENGINE,
                                 key: *const c_uchar,
                                 keylen: c_int) -> *mut EVP_PKEY;
+    pub fn EVP_PKEY_derive_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
+    pub fn EVP_PKEY_derive_set_peer(ctx: *mut EVP_PKEY_CTX, peer: *mut EVP_PKEY) -> c_int;
+    pub fn EVP_PKEY_derive(ctx: *mut EVP_PKEY_CTX, key: *mut c_uchar, size: *mut size_t) -> c_int;
     pub fn d2i_PKCS8PrivateKey_bio(bp: *mut BIO, x: *mut *mut EVP_PKEY, cb: Option<PasswordCallback>, u: *mut c_void) -> *mut EVP_PKEY;
 
+    pub fn EVP_PKEY_CTX_new(k: *mut EVP_PKEY, e: *mut ENGINE) -> *mut EVP_PKEY_CTX;
+    pub fn EVP_PKEY_CTX_free(ctx: *mut EVP_PKEY_CTX);
     pub fn EVP_PKEY_CTX_ctrl(ctx: *mut EVP_PKEY_CTX, keytype: c_int, optype: c_int, cmd: c_int, p1: c_int, p2: *mut c_void) -> c_int;
 
     pub fn HMAC_CTX_copy(dst: *mut HMAC_CTX, src: *mut HMAC_CTX) -> c_int;
diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs
index 378150212041b484de28848e7d846cfff65b4743..33c15569df11d1d7bbbe59af176157f0ab1aee73 100644
--- a/openssl/src/ec.rs
+++ b/openssl/src/ec.rs
@@ -314,6 +314,10 @@ impl EcKeyRef {
     pub fn check_key(&self) -> Result<(), ErrorStack> {
         unsafe { cvt(ffi::EC_KEY_check_key(self.as_ptr())).map(|_| ()) }
     }
+
+    pub fn to_owned(&self) -> Result<EcKey, ErrorStack> {
+        unsafe { cvt_p(ffi::EC_KEY_dup(self.as_ptr())).map(EcKey) }
+    }
 }
 
 impl EcKey {
@@ -440,6 +444,13 @@ mod test {
         key.private_key().unwrap();
     }
 
+    #[test]
+    fn dup() {
+        let group = EcGroup::from_curve_name(nid::X9_62_PRIME256V1).unwrap();
+        let key = EcKey::generate(&group).unwrap();
+        key.to_owned().unwrap();
+    }
+
     #[test]
     fn point_new() {
         let group = EcGroup::from_curve_name(nid::X9_62_PRIME256V1).unwrap();
diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs
index 6dbe8ec731d2a0d3c11d4fd92e45a4272f12f609..31dc9d82e25ce5ec83acd3888d2a15fdb5c565aa 100644
--- a/openssl/src/pkey.rs
+++ b/openssl/src/pkey.rs
@@ -1,9 +1,9 @@
-use libc::{c_void, c_char, c_int};
+use libc::{c_void, c_char, c_int, size_t};
 use std::ptr;
 use std::mem;
 use std::ffi::CString;
 use ffi;
-use foreign_types::{Opaque, ForeignType, ForeignTypeRef};
+use foreign_types::{ForeignType, ForeignTypeRef};
 
 use {cvt, cvt_p};
 use bio::MemBioSlice;
@@ -199,7 +199,25 @@ impl PKey {
     }
 }
 
-pub struct PKeyCtxRef(Opaque);
+foreign_type! {
+    type CType = ffi::EVP_PKEY_CTX;
+    fn drop = ffi::EVP_PKEY_CTX_free;
+
+    pub struct PKeyCtx;
+    pub struct PKeyCtxRef;
+}
+
+unsafe impl Send for PKeyCtx {}
+unsafe impl Sync for PKeyCtx {}
+
+impl PKeyCtx {
+    pub fn from_pkey(pkey: &PKeyRef) -> Result<PKeyCtx, ErrorStack> {
+        unsafe {
+            let evp = try!(cvt_p(ffi::EVP_PKEY_CTX_new(pkey.as_ptr(), ptr::null_mut())));
+            Ok(PKeyCtx(evp))
+        }
+    }
+}
 
 impl PKeyCtxRef {
     pub fn set_rsa_padding(&mut self, pad: Padding) -> Result<(), ErrorStack> {
@@ -216,10 +234,29 @@ impl PKeyCtxRef {
         };
         Ok(Padding::from_raw(pad))
     }
-}
 
-impl ForeignTypeRef for PKeyCtxRef {
-    type CType = ffi::EVP_PKEY_CTX;
+    pub fn derive_init(&mut self) -> Result<(), ErrorStack> {
+        unsafe {
+            try!(cvt(ffi::EVP_PKEY_derive_init(self.as_ptr())));
+        }
+        Ok(())
+    }
+
+    pub fn derive_set_peer(&mut self, peer: &PKeyRef) -> Result<(), ErrorStack> {
+        unsafe {
+            try!(cvt(ffi::EVP_PKEY_derive_set_peer(self.as_ptr(), peer.as_ptr())));
+        }
+        Ok(())
+    }
+
+    pub fn derive(&mut self) -> Result<Vec<u8>, ErrorStack> {
+        let mut len: size_t = 0;
+        unsafe { try!(cvt(ffi::EVP_PKEY_derive(self.as_ptr(), ptr::null_mut(), &mut len))); }
+
+        let mut key = vec![0u8; len];
+        unsafe { try!(cvt(ffi::EVP_PKEY_derive(self.as_ptr(), key.as_mut_ptr(), &mut len))); }
+        Ok(key)
+    }
 }
 
 #[cfg(test)]
@@ -227,7 +264,7 @@ mod tests {
     use symm::Cipher;
     use dh::Dh;
     use dsa::Dsa;
-    use ec::EcKey;
+    use ec::{EcGroup, EcKey};
     use rsa::Rsa;
     use nid;
 
@@ -319,4 +356,18 @@ mod tests {
         pkey.ec_key().unwrap();
         assert!(pkey.rsa().is_err());
     }
+
+    #[test]
+    fn test_ec_key_derive() {
+        let group = EcGroup::from_curve_name(nid::X9_62_PRIME256V1).unwrap();
+        let ec_key = EcKey::generate(&group).unwrap();
+        let ec_key2 = EcKey::generate(&group).unwrap();
+        let pkey = PKey::from_ec_key(ec_key).unwrap();
+        let pkey2 = PKey::from_ec_key(ec_key2).unwrap();
+        let mut pkey_ctx = PKeyCtx::from_pkey(&pkey).unwrap();
+        pkey_ctx.derive_init().unwrap();
+        pkey_ctx.derive_set_peer(&pkey2).unwrap();
+        let shared = pkey_ctx.derive().unwrap();
+        assert!(!shared.is_empty());
+    }
 }