Fix assigning public_key in ECDSA

Fix based on ruby/openssl#619 (comment)
kubicek · Mar 9, 2024 · 943bf85 · 943bf85
1 parent 053d474
commit 943bf85
Showing 1 changed file with 13 additions and 10 deletions.
diff --git a/lib/dnsruby/resource/DNSKEY.rb b/lib/dnsruby/resource/DNSKEY.rb
@@ -395,16 +395,19 @@ def ec_key(curve = 'prime256v1')
         # DNSSEC pub does not have first octet that determines whether it's uncompressed
         # or compressed form, but it's required by OpenSSL to parse EC point correctly
         dnskey_bn = OpenSSL::BN.new("\x04" + @key, 2)
-        key = OpenSSL::PKey::EC.new(group)
-        begin
-          key.public_key = OpenSSL::PKey::EC::Point.new(group, dnskey_bn)
-        rescue
-          TheLog.info("Sadly, this version of OpenSSL does not let us generate an ECDSA key from the public key. This means, unfortunately, that Dnsruby will be unable to verify ECDSA signatures with this OpenSSL")
-        end
-
-        return key
-
+        key_point = OpenSSL::PKey::EC::Point.new(group, dnskey_bn)
+        
+        asn1 = OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Sequence.new([
+              OpenSSL::ASN1::ObjectId.new("id-ecPublicKey"),
+              OpenSSL::ASN1::ObjectId.new(group.curve_name)
+            ]),
+            OpenSSL::ASN1::BitString.new(key_point.to_octet_string(:uncompressed))
+          ]
+        )
+        OpenSSL::PKey::EC.new(asn1.to_der)
       end
     end
   end
-end
+end