5 files changed, 66 insertions, 8 deletions

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index c9eb7d29f0..1e892863cc 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -487,6 +487,10 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session)
 	}
 
 	if (resp.data && resp.size > 0) {
+		for (unsigned int i = 0; i < info->nocsp; i++)
+			gnutls_free(info->raw_ocsp_list[i].data);
+		gnutls_free(info->raw_ocsp_list);
+
 		info->raw_ocsp_list = gnutls_malloc(sizeof(gnutls_datum_t));
 		if (info->raw_ocsp_list == NULL) {
 			ret = GNUTLS_E_MEMORY_ERROR;
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index e6fff8d886..3475084f0f 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -3333,6 +3333,27 @@ static int calc_rsa_priv(gnutls_pk_params_st * params)
 	return 0;
 }
 
+static int calc_dsa_pub(gnutls_pk_params_st * params)
+{
+	int ret;
+
+	params->params[DSA_Y] = NULL;
+
+	ret = _gnutls_mpi_init(&params->params[DSA_Y]);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	/* y = g^x mod p */
+	ret = _gnutls_mpi_powm(params->params[DSA_Y], params->params[DSA_G],
+			params->params[DSA_X], params->params[DSA_P]);
+	if (ret < 0) {
+		zrelease_mpi_key(&params->params[DSA_Y]);
+		return gnutls_assert_val(ret);
+	}
+
+	return 0;
+}
+
 static int
 wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
 		     gnutls_direction_t direction,
@@ -3428,7 +3449,13 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
 						     params->spki.salt_size, pub_size,
 						     GNUTLS_E_PK_INVALID_PUBKEY_PARAMS);
 		}
-
+	} else if (algo == GNUTLS_PK_DSA) {
+		if (params->params[DSA_Y] == NULL) {
+			ret = calc_dsa_pub(params);
+			if (ret < 0)
+				return gnutls_assert_val(ret);
+			params->params_nr++;
+		}
 	}
 #if ENABLE_GOST
 	else if (algo == GNUTLS_PK_GOST_01 ||
diff --git a/lib/privkey_raw.c b/lib/privkey_raw.c
index 27327fc6d1..ba6d86d40c 100644
--- a/lib/privkey_raw.c
+++ b/lib/privkey_raw.c
@@ -381,7 +381,7 @@ error:
  * @p: holds the p
  * @q: holds the q
  * @g: holds the g
- * @y: holds the y
+ * @y: holds the y (optional)
  * @x: holds the x
  *
  * This function will convert the given DSA raw parameters to the
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index bb86e02ac8..1b3be77b89 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -977,7 +977,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
  * @p: holds the p
  * @q: holds the q
  * @g: holds the g
- * @y: holds the y
+ * @y: holds the y (optional)
  * @x: holds the x
  *
  * This function will convert the given DSA raw parameters to the
@@ -1026,11 +1026,13 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
 		goto cleanup;
 	}
 
-	siz = y->size;
-	if (_gnutls_mpi_init_scan_nz(&key->params.params[3], y->data, siz)) {
-		gnutls_assert();
-		ret = GNUTLS_E_MPI_SCAN_FAILED;
-		goto cleanup;
+	if (y) {
+		siz = y->size;
+		if (_gnutls_mpi_init_scan_nz(&key->params.params[3], y->data, siz)) {
+			gnutls_assert();
+			ret = GNUTLS_E_MPI_SCAN_FAILED;
+			goto cleanup;
+		}
 	}
 
 	siz = x->size;
diff --git a/tests/key-import-export.c b/tests/key-import-export.c
index fc6c25e6a7..18de0fdc12 100644
--- a/tests/key-import-export.c
+++ b/tests/key-import-export.c
@@ -351,6 +351,31 @@ int check_privkey_import_export(void)
 	gnutls_free(x.data);
 	gnutls_privkey_deinit(key);
 
+	/* Optional y argument */
+	ret = gnutls_privkey_init(&key);
+	if (ret < 0)
+		fail("error\n");
+
+	ret = gnutls_privkey_import_dsa_raw(key, &_dsa_p, &_dsa_q, &_dsa_g, NULL, &_dsa_x);
+	if (ret < 0)
+		fail("error\n");
+
+	ret = gnutls_privkey_export_dsa_raw2(key, &p, &q, &g, &y, &x, 0);
+	if (ret < 0)
+		fail("error: %s\n", gnutls_strerror(ret));
+
+	CMP("p", &p, dsa_p);
+	CMP("q", &q, dsa_q);
+	CMP("g", &g, dsa_g);
+	CMP("y", &y, dsa_y);
+	CMP("x", &x, dsa_x);
+	gnutls_free(p.data);
+	gnutls_free(q.data);
+	gnutls_free(g.data);
+	gnutls_free(y.data);
+	gnutls_free(x.data);
+	gnutls_privkey_deinit(key);
+
 	/* RSA */
 
 	/* Optional arguments */