From: Timo Teräs <timo.teras@iki.fi>
Date: Fri, 28 Jul 2023 10:15:48 +0000 (+0300)
Subject: Fix OpenSSL 3.0 API EC curve names
X-Git-Tag: v9.19.17~62^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=de45aab184725b4cf5a02e9a9d5ad8be491bc3fd;p=thirdparty%2Fbind9.git

Fix OpenSSL 3.0 API EC curve names

The OpenSSL man page examples used the NIST curve names which
are supported. But when querying the name, the native OpenSSL
name is returned. Use these names to pass curve type checks for
engine/provider objects.
---

diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 04bd67deac4..e064c7e7f54 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -125,9 +125,9 @@ static const char *
 opensslecdsa_key_alg_to_group_name(unsigned int key_alg) {
 	switch (key_alg) {
 	case DST_ALG_ECDSA256:
-		return ("P-256");
+		return ("prime256v1");
 	case DST_ALG_ECDSA384:
-		return ("P-384");
+		return ("secp384r1");
 	default:
 		UNREACHABLE();
 	}