From 061c5e883166562a77abf9254ef03d65ae9113cf Mon Sep 17 00:00:00 2001
From: Fred Morcos <fred.morcos@open-xchange.com>
Date: Fri, 18 Mar 2022 13:00:17 +0100
Subject: [PATCH] Enable named curves on ECDSA key generation and import from
 ISC

Fixes #11429

Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>
---
 pdns/opensslsigners.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index 280d8b15ef..bd01209cce 100644
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -658,6 +658,8 @@ void OpenSSLECDSADNSCryptoKeyEngine::create(unsigned int bits)
   if (res == 0) {
     throw runtime_error(getName()+" key generation failed");
   }
+
+  EC_KEY_set_asn1_flag(d_eckey.get(), OPENSSL_EC_NAMED_CURVE);
 }
 
 void OpenSSLECDSADNSCryptoKeyEngine::createFromPEMFile(DNSKEYRecordContent& drc, const string& filename, std::FILE& fp)
@@ -872,6 +874,8 @@ void OpenSSLECDSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::m
   if (ret != 1) {
     throw runtime_error(getName()+" setting public key failed");
   }
+
+  EC_KEY_set_asn1_flag(d_eckey.get(), OPENSSL_EC_NAMED_CURVE);
 }
 
 bool OpenSSLECDSADNSCryptoKeyEngine::checkKey(vector<string> *errorMessages) const
-- 
2.47.2