diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c
index 0fddfd4517..1fc6edfea2 100644
--- a/lib/dns/openssleddsa_link.c
+++ b/lib/dns/openssleddsa_link.c
@@ -349,13 +349,20 @@ err:
 static bool
 openssleddsa_isprivate(const dst_key_t *key) {
 	EVP_PKEY *pkey = key->keydata.pkey;
-	size_t len;
+	unsigned char buf[DNS_KEY_ED448SIZE];
+	size_t len = sizeof(buf);
+
+	STATIC_ASSERT(sizeof(buf) >= DNS_KEY_ED448SIZE,
+		      "increase size of 'buf'");
+	STATIC_ASSERT(sizeof(buf) >= DNS_KEY_ED25519SIZE,
+		      "increase size of 'buf'");
 
 	if (pkey == NULL) {
 		return (false);
 	}
 
-	if (EVP_PKEY_get_raw_private_key(pkey, NULL, &len) == 1 && len > 0) {
+	/* Must have a buffer to actually check if there is a private key. */
+	if (EVP_PKEY_get_raw_private_key(pkey, buf, &len) == 1) {
 		return (true);
 	}
 	/* can check if first error is EC_R_INVALID_PRIVATE_KEY */