diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index e8f7b7100..b6228d3a2 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -552,7 +552,6 @@ struct mbedtls_ssl_handshake_params
 
 #if defined(MBEDTLS_USE_TINYCRYPT)
     uint8_t ecdh_privkey[NUM_ECC_BYTES];
-    uint8_t ecdh_ownpubkey[2*NUM_ECC_BYTES];
     uint8_t ecdh_peerkey[2*NUM_ECC_BYTES];
 #endif /* MBEDTLS_USE_TINYCRYPT */
 };
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ef68244ce..f7a05495e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3576,19 +3576,17 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
         ((void) n);
         ((void) ret);
 
-        if( !uECC_make_key( ssl->handshake->ecdh_ownpubkey,
-                            ssl->handshake->ecdh_privkey,
-                            uecc_curve ) )
-        {
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
         if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 )
             return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
 
         *p++ = 2 * NUM_ECC_BYTES + 1;
         *p++ = 0x04; /* uncompressed point presentation */
-        memcpy( p, ssl->handshake->ecdh_ownpubkey, 2 * NUM_ECC_BYTES );
+
+        if( !uECC_make_key( p, ssl->handshake->ecdh_privkey,
+                            uecc_curve ) )
+        {
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
         p += 2 * NUM_ECC_BYTES;
     }
     else
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 435588ef2..4afb27ccf 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3398,14 +3398,6 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
                 0x04 /* Uncompressed */
             };
 
-            if( !uECC_make_key( ssl->handshake->ecdh_ownpubkey,
-                                ssl->handshake->ecdh_privkey,
-                                uecc_curve ) )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Key creation failed" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-            }
-
 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
             dig_signed = ssl->out_msg + ssl->out_msglen;
 #endif
@@ -3414,9 +3406,14 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
                     ecdh_param_hdr, sizeof( ecdh_param_hdr ) );
             ssl->out_msglen += sizeof( ecdh_param_hdr );
 
-            memcpy( &ssl->out_msg[ssl->out_msglen],
-                    ssl->handshake->ecdh_ownpubkey,
-                    2*NUM_ECC_BYTES );
+            if( !uECC_make_key( &ssl->out_msg[ ssl->out_msglen ],
+                                ssl->handshake->ecdh_privkey,
+                                uecc_curve ) )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Key creation failed" ) );
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
+
             ssl->out_msglen += 2*NUM_ECC_BYTES;
         }
         else