From: Fred Morcos <fred.morcos@open-xchange.com>
Date: Fri, 18 Mar 2022 12:00:17 +0000 (+0100)
Subject: Enable named curves on ECDSA key generation and import from ISC
X-Git-Tag: rec-4.7.0-beta1~48^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F11432%2Fhead;p=thirdparty%2Fpdns.git

Enable named curves on ECDSA key generation and import from ISC

Fixes #11429

Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>
---

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index 280d8b15ef..bd01209cce 100644
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -658,6 +658,8 @@ void OpenSSLECDSADNSCryptoKeyEngine::create(unsigned int bits)
   if (res == 0) {
     throw runtime_error(getName()+" key generation failed");
   }
+
+  EC_KEY_set_asn1_flag(d_eckey.get(), OPENSSL_EC_NAMED_CURVE);
 }
 
 void OpenSSLECDSADNSCryptoKeyEngine::createFromPEMFile(DNSKEYRecordContent& drc, const string& filename, std::FILE& fp)
@@ -872,6 +874,8 @@ void OpenSSLECDSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::m
   if (ret != 1) {
     throw runtime_error(getName()+" setting public key failed");
   }
+
+  EC_KEY_set_asn1_flag(d_eckey.get(), OPENSSL_EC_NAMED_CURVE);
 }
 
 bool OpenSSLECDSADNSCryptoKeyEngine::checkKey(vector<string> *errorMessages) const