From 52a26798b7f1b8f7fcba8206beb574391ab8a8b3 Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Thu, 30 Dec 2010 15:12:44 +0100
Subject: [PATCH] dnssec: at least it does not crash

Crashes are fixed, but the signature validation does not work
---
 dnssec/dnssec.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/dnssec/dnssec.go b/dnssec/dnssec.go
index 100431dc..6412c1b7 100644
--- a/dnssec/dnssec.go
+++ b/dnssec/dnssec.go
@@ -208,7 +208,14 @@ func Verify(s *dns.RR_RRSIG, k *dns.RR_DNSKEY, rrset dns.RRset) bool {
                 pubkey.N.SetBytes(keybuf[4:])
                 fmt.Fprintf(os.Stderr, "%s\n", pubkey.N)
 
-                err := rsa.VerifyPKCS1v15(pubkey, rsa.HashSHA256, signeddata, sigbuf)
+        // Hash the signeddata
+        s := sha256.New()
+        io.WriteString(s, string(sigbuf))
+        sighash := s.Sum()
+
+
+
+                err := rsa.VerifyPKCS1v15(pubkey, rsa.HashSHA256, sighash, sigbuf)
                 if err == nil {
                         fmt.Fprintf(os.Stderr, "NO SHIT!!\n")
                 } else {