Enable named curves on ECDSA key generation and import from ISC

Fixes #11429

Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index 280d8b15efb27a092c5f037f9b15ce55b6631df5..bd01209cce11451706b7010c3c3a5b9bb31b7f2c 100644 (file)
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -658,6 +658,8 @@ void OpenSSLECDSADNSCryptoKeyEngine::create(unsigned int bits)
   if (res == 0) {
     throw runtime_error(getName()+" key generation failed");
   }
+
+  EC_KEY_set_asn1_flag(d_eckey.get(), OPENSSL_EC_NAMED_CURVE);
 }
 
 void OpenSSLECDSADNSCryptoKeyEngine::createFromPEMFile(DNSKEYRecordContent& drc, const string& filename, std::FILE& fp)
@@ -872,6 +874,8 @@ void OpenSSLECDSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::m
   if (ret != 1) {
     throw runtime_error(getName()+" setting public key failed");
   }
+
+  EC_KEY_set_asn1_flag(d_eckey.get(), OPENSSL_EC_NAMED_CURVE);
 }
 
 bool OpenSSLECDSADNSCryptoKeyEngine::checkKey(vector<string> *errorMessages) const