- Fix DNSSEC validation with libnettle for noncanonical RSA

  DNSKEYs with leading zeroes for n. Thanks to Xin Wang and
  Jiajia Liu, Northwestern Polytechnical University, for
  the report.

diff --git a/doc/Changelog b/doc/Changelog
index 8743f3452b8b0d83f6622bb717d9103976c596f5..862e4ce7f13e5032c79be8f33875cafb1ade8439 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -14,6 +14,10 @@
          storage and canonical NSEC owner replacement. Thanks to Xin
          Wang and Jiajia Liu, Northwestern Polytechnical University,
          for the report.
+       - Fix DNSSEC validation with libnettle for noncanonical RSA
+         DNSKEYs with leading zeroes for n. Thanks to Xin Wang and
+         Jiajia Liu, Northwestern Polytechnical University, for
+         the report.
 
 11 May 2026: Yorgos
        - Fix comment and verbose logging for EDNS fallback buffer size.

diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
index be8347b1bc88ea6702ff568a2c767a9e43a697c0..2ce52a74bdd75176ea1c6c3e4d7385cbf875f1e0 100644 (file)
--- a/validator/val_secalgo.c
+++ b/validator/val_secalgo.c
@@ -1874,9 +1874,9 @@ _verify_nettle_rsa(sldns_buffer* buf, unsigned int digest_size, char* sigblock,
        }
        mod_offset = exp_offset + exp_len;
        nettle_rsa_public_key_init(&pubkey);
-       pubkey.size = keylen - mod_offset;
        nettle_mpz_set_str_256_u(pubkey.e, exp_len, &key[exp_offset]);
-       nettle_mpz_set_str_256_u(pubkey.n, pubkey.size, &key[mod_offset]);
+       nettle_mpz_set_str_256_u(pubkey.n, keylen - mod_offset, &key[mod_offset]);
+       pubkey.size = nettle_mpz_sizeinbase_256_u(pubkey.n);
 
        /* Digest content of "buf" and verify its RSA signature in "sigblock"*/
        nettle_mpz_init_set_str_256_u(signature, sigblock_len, (uint8_t*)sigblock);