DNSCrypt: Certificate serials should be in network byte order

diff --git a/pdns/dnscrypt.cc b/pdns/dnscrypt.cc
index c03284585bc2b1058781523d3df1b1be9a8f7255..1f7456348739834b69a0f3dbd281201bcf7b6231 100644 (file)
--- a/pdns/dnscrypt.cc
+++ b/pdns/dnscrypt.cc
@@ -214,7 +214,7 @@ void DNSCryptContext::generateCertificate(uint32_t serial, time_t begin, time_t
   memcpy(cert.protocolMinorVersion, protocolMinorVersion, sizeof(protocolMinorVersion));
   memcpy(cert.signedData.resolverPK, pubK, sizeof(cert.signedData.resolverPK));
   memcpy(cert.signedData.clientMagic, pubK, sizeof(cert.signedData.clientMagic));
-  cert.signedData.serial = serial;
+  cert.signedData.serial = htonl(serial);
   cert.signedData.tsStart = htonl((uint32_t) begin);
   cert.signedData.tsEnd = htonl((uint32_t) end);
 

diff --git a/pdns/dnscrypt.hh b/pdns/dnscrypt.hh
index aad89cd8c87acca7b66ec0f2e27d0be1cad3421e..fea11f0c7f8abfa70154fcc653d2eb39d0804770 100644 (file)
--- a/pdns/dnscrypt.hh
+++ b/pdns/dnscrypt.hh
@@ -86,7 +86,7 @@ class DNSCryptCert
 public:
   uint32_t getSerial() const
   {
-    return signedData.serial;
+    return ntohl(signedData.serial);
   }
   uint32_t getTSStart() const
   {

diff --git a/regression-tests.dnsdist/dnscrypt.py b/regression-tests.dnsdist/dnscrypt.py
index a93aeaea0a98efcc401eceae205fd66a67245ce5..bc1a296b42aeccf681f7db3924b5ff99f37d5ed6 100644 (file)
--- a/regression-tests.dnsdist/dnscrypt.py
+++ b/regression-tests.dnsdist/dnscrypt.py
@@ -41,7 +41,7 @@ class DNSCryptResolverCertificate(object):
 
         resolverPK = orig[0:32]
         clientMagic = orig[32:40]
-        serial = struct.unpack_from("I", orig[40:44])[0]
+        serial = struct.unpack_from("!I", orig[40:44])[0]
         validFrom = struct.unpack_from("!I", orig[44:48])[0]
         validUntil = struct.unpack_from("!I", orig[48:52])[0]
         return DNSCryptResolverCertificate(serial, validFrom, validUntil, resolverPK, clientMagic)