And here's the patch -- Kind regards, Met vriendelijke groet, Pieter Lexis Kumina bv www.kumina.nl kvk nr 14095795
>From 61873e94a4787eedc37c5047c325e934d69e0b5a Mon Sep 17 00:00:00 2001 From: Pieter Lexis <pie...@kumina.nl> Date: Fri, 11 Jan 2013 10:09:22 +0100 Subject: [PATCH] Fix the use of ECDSA signatures (Closes: #697904)
--- debian/patches/series | 1 + debian/patches/upstream-3036 | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 0 deletions(-) create mode 100644 debian/patches/upstream-3036 diff --git a/debian/patches/series b/debian/patches/series index 33e33f1..83be648 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -9,3 +9,4 @@ upstream-2608 upstream-2609+2612 upstream-2611 upstream-2622 +upstream-3036 diff --git a/debian/patches/upstream-3036 b/debian/patches/upstream-3036 new file mode 100644 index 0000000..bb2d2c2 --- /dev/null +++ b/debian/patches/upstream-3036 @@ -0,0 +1,31 @@ +--- a/pdns/cryptoppsigners.cc ++++ b/pdns/cryptoppsigners.cc +@@ -82,18 +82,26 @@ + storvect.push_back(make_pair("PrivateKey", string((char*)buffer, sizeof(buffer)))); + return storvect; + } ++ + template<class HASHER, class CURVE, int BITS> + void CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap ) + { ++ AutoSeededRandomPool prng; + privatekey_t* privateKey = new privatekey_t; +- const CryptoPP::Integer x; ++ const CryptoPP::Integer x(reinterpret_cast<const unsigned char*>(stormap["privatekey"].c_str()), BITS/8); // well it should be this long + CryptoPP::OID oid=CURVE(); +- privateKey->Initialize(oid, x ); ++ privateKey->Initialize(oid, x); ++ bool result = privateKey->Validate(prng, 3); ++ if (!result) { ++ throw "Cannot load private key - validation failed!"; ++ } + d_key = shared_ptr<privatekey_t>(privateKey); + publickey_t* publicKey = new publickey_t(); + d_key->MakePublicKey(*publicKey); + d_pubkey = shared_ptr<publickey_t>(publicKey); ++ drc.d_algorithm = atoi(stormap["algorithm"].c_str()); + } ++ + template<class HASHER, class CURVE, int BITS> + std::string CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::getPubKeyHash() const + { -- 1.7.2.5