[svn] GnuPG - r4167 - trunk/g10

[svn author dshaw]

Author: dshaw
Date: 2006-06-22 21:17:21 +0200 (Thu, 22 Jun 2006)
New Revision: 4167

Modified:
   trunk/g10/ChangeLog
   trunk/g10/sign.c
Log:
* sign.c (do_sign): Accept a truncated hash even for DSA1 keys (be liberal
in what you accept, etc).


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2006-06-22 19:13:18 UTC (rev 4166)
+++ trunk/g10/ChangeLog	2006-06-22 19:17:21 UTC (rev 4167)
@@ -1,3 +1,8 @@
+2006-06-22  David Shaw  <dshaw at jabberwocky.com>
+
+	* sign.c (do_sign): Accept a truncated hash even for DSA1 keys (be
+	liberal in what you accept, etc).
+
 2006-06-12  David Shaw  <dshaw at jabberwocky.com>
 
 	* import.c (import_one): Add a flag (from_sk) so we don't check
@@ -2,3 +7,3 @@
 	prefs on an autoconverted public key.  The check should only
-	happen on the sk size.  Noted by Dirk Traulsen.
+	happen on the sk side.  Noted by Dirk Traulsen.
 

Modified: trunk/g10/sign.c
===================================================================
--- trunk/g10/sign.c	2006-06-22 19:13:18 UTC (rev 4166)
+++ trunk/g10/sign.c	2006-06-22 19:17:21 UTC (rev 4167)
@@ -319,6 +319,12 @@
       }
     else 
       {
+#if 0
+	/* Disabled for now.  It seems reasonable to accept a
+	   truncated hash for a DSA1 key, even though we don't
+	   generate it without --enable-dsa2.  Be liberal in what you
+	   accept, etc. */
+
 	/* If it's a DSA key, and q is 160 bits, it might be an
 	   old-style DSA key.  If the hash doesn't match the q, fail
 	   unless --enable-dsa2 is set.  If the q isn't 160 bits, then
@@ -333,6 +339,7 @@
 	    log_error(_("DSA requires the use of a 160 bit hash algorithm\n"));
 	    return G10ERR_GENERAL;
 	  }
+#endif
 
         frame = encode_md_value( NULL, sk, md, digest_algo );
         if (!frame)