[GH-ISSUE #141] ECDSA support is broken #366

New issue

Closed

opened 2026-03-15 22:10:10 +03:00 by kerem · 1 comment

kerem commented

2026-03-15 22:10:10 +03:00

Owner

Originally created by @SAPikachu on GitHub (Jun 7, 2017).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/141

Test case:

#[test]
pub fn test_secure_query_ecdsa() {
    use udp::UdpClientConnection;
    use self::domain::Name;
    let client = SecureSyncClient::new(UdpClientConnection::new("8.8.8.8:53".parse().unwrap()).unwrap()).build();
    client.secure_query(&Name::parse("blog.cloudflare.com.", None).unwrap(), DNSClass::IN, RecordType::A).unwrap();

}

We have 3 issues in the code:

Curve of ECDSAP256SHA256 should be X9_62_PRIME256V1 (aka secp256r1) instead of SECP256K1.
Public key needs to be converted to OpenSSL format.
Signature needs to be converted to ASN.1 DER encoding.

Will send a pull request a bit later.

Originally created by @SAPikachu on GitHub (Jun 7, 2017). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/141 Test case: ``` #[test] pub fn test_secure_query_ecdsa() { use udp::UdpClientConnection; use self::domain::Name; let client = SecureSyncClient::new(UdpClientConnection::new("8.8.8.8:53".parse().unwrap()).unwrap()).build(); client.secure_query(&Name::parse("blog.cloudflare.com.", None).unwrap(), DNSClass::IN, RecordType::A).unwrap(); } ``` We have 3 issues in the code: 1. Curve of `ECDSAP256SHA256` should be `X9_62_PRIME256V1` (aka `secp256r1`) instead of `SECP256K1`. 2. Public key needs to be converted to OpenSSL format. 3. Signature needs to be converted to ASN.1 DER encoding. Will send a pull request a bit later.