Bug#697904: Acknowledgement (pdns-server: Activating ECDSA keys to a zone makes pdns stop serving that zone and send out SERVFAIL)

Fri, 11 Jan 2013 01:24:13 -0800 

And here's the patch

-- 
Kind regards,
Met vriendelijke groet,
Pieter Lexis
Kumina bv
www.kumina.nl
kvk nr 14095795

>From 61873e94a4787eedc37c5047c325e934d69e0b5a Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pie...@kumina.nl>
Date: Fri, 11 Jan 2013 10:09:22 +0100
Subject: [PATCH] Fix the use of ECDSA signatures (Closes: #697904)

---
 debian/patches/series        |    1 +
 debian/patches/upstream-3036 |   31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/upstream-3036

diff --git a/debian/patches/series b/debian/patches/series
index 33e33f1..83be648 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ upstream-2608
 upstream-2609+2612
 upstream-2611
 upstream-2622
+upstream-3036
diff --git a/debian/patches/upstream-3036 b/debian/patches/upstream-3036
new file mode 100644
index 0000000..bb2d2c2
--- /dev/null
+++ b/debian/patches/upstream-3036
@@ -0,0 +1,31 @@
+--- a/pdns/cryptoppsigners.cc
++++ b/pdns/cryptoppsigners.cc
+@@ -82,18 +82,26 @@
+   storvect.push_back(make_pair("PrivateKey", string((char*)buffer, sizeof(buffer))));
+   return storvect;
+ }
++
+ template<class HASHER, class CURVE, int BITS>
+ void CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap )
+ {
++  AutoSeededRandomPool prng;
+   privatekey_t* privateKey = new privatekey_t;
+-  const CryptoPP::Integer x;
++  const CryptoPP::Integer x(reinterpret_cast<const unsigned char*>(stormap["privatekey"].c_str()), BITS/8); // well it should be this long
+   CryptoPP::OID oid=CURVE();
+-  privateKey->Initialize(oid, x );
++  privateKey->Initialize(oid, x);
++  bool result = privateKey->Validate(prng, 3);
++  if (!result) {
++      throw "Cannot load private key - validation failed!";
++  }
+   d_key = shared_ptr<privatekey_t>(privateKey);
+   publickey_t* publicKey = new publickey_t();
+   d_key->MakePublicKey(*publicKey);
+   d_pubkey = shared_ptr<publickey_t>(publicKey);
++  drc.d_algorithm = atoi(stormap["algorithm"].c_str());
+ }
++
+ template<class HASHER, class CURVE, int BITS>
+ std::string CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::getPubKeyHash() const
+ {
-- 
1.7.2.5

Reply via email to