From b748651bb011c9e560636d3fd0af35660697b384 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ayd=C4=B1n=20Mercan?= Date: Wed, 14 Jan 2026 17:32:01 +0300 Subject: [PATCH] explicitly set ec points properties in pre-3.0 openssl Generating a P-256 key in pre-3.0 wasn't explicitly using uncompressed named curves in DNSSEC but was when generating an epheremal TLS key. --- lib/isc/ossl_wrap/ossl1_1.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/isc/ossl_wrap/ossl1_1.c b/lib/isc/ossl_wrap/ossl1_1.c index e5d63e2706..7726e9cac3 100644 --- a/lib/isc/ossl_wrap/ossl1_1.c +++ b/lib/isc/ossl_wrap/ossl1_1.c @@ -122,6 +122,9 @@ generate_ec_key(EVP_PKEY **pkeyp, const int nid) { CLEANUP(OSSL_WRAP_ERROR("EC_KEY_generate_key")); } + EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE); + EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED); + pkey = EVP_PKEY_new(); if (pkey == NULL) { CLEANUP(OSSL_WRAP_ERROR("EVP_PKEY_new"));