From: Aydın Mercan <aydin@isc.org>
Date: Fri, 6 Feb 2026 12:31:40 +0000 (+0300)
Subject: don't set named curves explicitly in pre-3.0 libcrypto
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48a77a4bfc1285fca0bf6b2023177b273ac29720;p=thirdparty%2Fbind9.git

don't set named curves explicitly in pre-3.0 libcrypto

The function `EC_KEY_set_asn1_flag` is deprecated in AWS-LC. Fortunately
calling it to make sure we use named curve keys is entirely unnecessary.

More information for pre-3.0 libcrypto and significant forks are as
following:

OpenSSL: Named curves were the default between 1.1.0 and 3.6.1 [1],[2]
AWS-LC: Library only supports named curves in the first place [3]
BoringSSL: Likewise with AWS-LC [4]
LibreSSL: `EC_GROUP`s are named by default [5]

[1] https://github.com/openssl/openssl/commit/86f300d38540ead85543aee0cb30c32145931744
[2] https://github.com/openssl/openssl/commit/9db6af922c48c5cab5398ef9f37e425e382f9440
[3] https://github.com/aws/aws-lc/blob/a605df416bc6ddd0a3b79d728770664ce2302e71/include/openssl/ec_key.h#L442-L445
[4] https://github.com/google/boringssl/blob/514abb73bb80130000b46cf589190c967c6647cd/include/openssl/ec_key.h#L279-L280
[5] https://github.com/libressl/openbsd/blob/c9338745181f31ae01336081edfdb738c0b76d5f/src/lib/libcrypto/ec/ec_lib.c#L94
---

diff --git a/lib/isc/ossl_wrap/ossl1_1.c b/lib/isc/ossl_wrap/ossl1_1.c
index 7726e9cac3d..41547396119 100644
--- a/lib/isc/ossl_wrap/ossl1_1.c
+++ b/lib/isc/ossl_wrap/ossl1_1.c
@@ -122,7 +122,6 @@ generate_ec_key(EVP_PKEY **pkeyp, const int nid) {
 		CLEANUP(OSSL_WRAP_ERROR("EC_KEY_generate_key"));
 	}
 
-	EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
 	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
 
 	pkey = EVP_PKEY_new();