From: Aydın Mercan <aydin@isc.org>
Date: Tue, 28 Apr 2026 10:34:31 +0000 (+0300)
Subject: chg: dev: don't set named curves explicitly in pre-3.0 libcrypto
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e923899059ab045f9d36297b96c2c204eddd793;p=thirdparty%2Fbind9.git

chg: dev: don't set named curves explicitly in pre-3.0 libcrypto

The function EC_KEY_set_asn1_flag is deprecated in AWS-LC. Fortunately
calling it to make sure we use named curve keys is entirely unnecessary.

More information for pre-3.0 libcrypto and significant forks are as
following:

OpenSSL: Named curves were the default between 1.1.0 and 3.6.1 [1],[2]

AWS-LC: Library only supports named curves in the first place [3]

BoringSSL: Likewise with AWS-LC [4]

LibreSSL: EC_GROUPs are named by default [5]

[1]: https://github.com/openssl/openssl/commit/86f300d38540ead85543aee0cb30c32145931744
[2]: https://github.com/openssl/openssl/commit/9db6af922c48c5cab5398ef9f37e425e382f9440
[3]: https://github.com/aws/aws-lc/blob/a605df416bc6ddd0a3b79d728770664ce2302e71/include/openssl/ec_key.h#L442-L445
[4]: https://github.com/google/boringssl/blob/514abb73bb80130000b46cf589190c967c6647cd/include/openssl/ec_key.h#L279-L280
[5]: https://github.com/libressl/openbsd/blob/c9338745181f31ae01336081edfdb738c0b76d5f/src/lib/libcrypto/ec/ec_lib.c#L94

Merge branch '5542-ec_key_set_asn1_flag-is-deprecated-with-aws-lc' into 'main'

See merge request isc-projects/bind9!11530
---

2e923899059ab045f9d36297b96c2c204eddd793