From: Aydın Mercan <aydin@isc.org>
Date: Wed, 14 Jan 2026 14:32:01 +0000 (+0300)
Subject: explicitly set ec points properties in pre-3.0 openssl
X-Git-Tag: v9.21.18~2^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b748651bb011c9e560636d3fd0af35660697b384;p=thirdparty%2Fbind9.git

explicitly set ec points properties in pre-3.0 openssl

Generating a P-256 key in pre-3.0 wasn't explicitly using uncompressed
named curves in DNSSEC but was when generating an epheremal TLS key.
---

diff --git a/lib/isc/ossl_wrap/ossl1_1.c b/lib/isc/ossl_wrap/ossl1_1.c
index e5d63e2706e..7726e9cac3d 100644
--- a/lib/isc/ossl_wrap/ossl1_1.c
+++ b/lib/isc/ossl_wrap/ossl1_1.c
@@ -122,6 +122,9 @@ generate_ec_key(EVP_PKEY **pkeyp, const int nid) {
 		CLEANUP(OSSL_WRAP_ERROR("EC_KEY_generate_key"));
 	}
 
+	EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
+	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
+
 	pkey = EVP_PKEY_new();
 	if (pkey == NULL) {
 		CLEANUP(OSSL_WRAP_ERROR("EVP_PKEY_new"));