From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 13 Mar 2014 23:05:38 +0000 (+0100)
Subject: bugfix #563: Correct DNSKEY from DSA private key.
X-Git-Tag: release-1.7.0-rc1~161^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1063b441922290caf5be7ba91f373a5976b2b09e;p=thirdparty%2Fldns.git

bugfix #563: Correct DNSKEY from DSA private key.

Thanks Peter Koch.
---

diff --git a/Changelog b/Changelog
index a3d7f0d0..77f20738 100644
--- a/Changelog
+++ b/Changelog
@@ -7,6 +7,7 @@ TBD
 	  BSD license.
 	* -e option makes ldns-compare-zones exit with status code 2 on difference
 	* Filter out specified RR types with ldns-read-zone -e and -E options
+	* bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
 
 1.6.17	2014-01-10
 	* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
diff --git a/keys.c b/keys.c
index 46f6a3d0..eb9cf427 100644
--- a/keys.c
+++ b/keys.c
@@ -1324,7 +1324,6 @@ ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
 	/* See RFC2536 */
 	*size = (uint16_t)BN_num_bytes(k->p);
 	T = (*size - 64) / 8;
-	memcpy(data, &T, 1);
 
 	if (T > 8) {
 #ifdef STDERR_MSGS
@@ -1335,12 +1334,13 @@ ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
 	}
 
 	/* size = 64 + (T * 8); */
+	memset(data, 0, 21 + *size * 3);
 	data[0] = (unsigned char)T;
 	BN_bn2bin(k->q, data + 1 ); 		/* 20 octects */
 	BN_bn2bin(k->p, data + 21 ); 		/* offset octects */
-	BN_bn2bin(k->g, data + 21 + *size); 	/* offset octets */
-	BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */
-	*size = 21 + (*size * 3);
+	BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g));
+	BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key));
+	*size = 21 + *size * 3;
 	return true;
 }