bugfix #563: Correct DNSKEY from DSA private key.

Thanks Peter Koch.

diff --git a/Changelog b/Changelog
index a3d7f0d08baae3635a48210300890b4434e4170f..77f20738dfd24463f11d8234fb44962975844e76 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -7,6 +7,7 @@ TBD
          BSD license.
        * -e option makes ldns-compare-zones exit with status code 2 on difference
        * Filter out specified RR types with ldns-read-zone -e and -E options
+       * bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
 
 1.6.17 2014-01-10
        * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a

diff --git a/keys.c b/keys.c
index 46f6a3d0cb68955514bf974f69914ebf97a9b8ad..eb9cf4273af3e0e12c7b4c32b504f95f4d1072fb 100644 (file)
--- a/keys.c
+++ b/keys.c
@@ -1324,7 +1324,6 @@ ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
        /* See RFC2536 */
        *size = (uint16_t)BN_num_bytes(k->p);
        T = (*size - 64) / 8;
-       memcpy(data, &T, 1);
 
        if (T > 8) {
 #ifdef STDERR_MSGS
@@ -1335,12 +1334,13 @@ ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
        }
 
        /* size = 64 + (T * 8); */
+       memset(data, 0, 21 + *size * 3);
        data[0] = (unsigned char)T;
        BN_bn2bin(k->q, data + 1 );             /* 20 octects */
        BN_bn2bin(k->p, data + 21 );            /* offset octects */
-       BN_bn2bin(k->g, data + 21 + *size);     /* offset octets */
-       BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */
-       *size = 21 + (*size * 3);
+       BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g));
+       BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key));
+       *size = 21 + *size * 3;
        return true;
 }