* sign.c (do_sign): Accept a truncated hash even for DSA1 keys (be liberal

in what you accept, etc).

2 files changed, 13 insertions, 1 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index b6c84f3a5..ef6765289 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,8 +1,13 @@
+2006-06-22  David Shaw  <[email protected]>
+
+	* sign.c (do_sign): Accept a truncated hash even for DSA1 keys (be
+	liberal in what you accept, etc).
+
 2006-06-12  David Shaw  <[email protected]>
 
 	* import.c (import_one): Add a flag (from_sk) so we don't check
 	prefs on an autoconverted public key.  The check should only
-	happen on the sk size.  Noted by Dirk Traulsen.
+	happen on the sk side.  Noted by Dirk Traulsen.
 
 2006-06-09  David Shaw  <[email protected]>
 
diff --git a/g10/sign.c b/g10/sign.c
index d3d0c29b6..39e39c633 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -319,6 +319,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
       }
     else 
       {
+#if 0
+	/* Disabled for now.  It seems reasonable to accept a
+	   truncated hash for a DSA1 key, even though we don't
+	   generate it without --enable-dsa2.  Be liberal in what you
+	   accept, etc. */
+
 	/* If it's a DSA key, and q is 160 bits, it might be an
 	   old-style DSA key.  If the hash doesn't match the q, fail
 	   unless --enable-dsa2 is set.  If the q isn't 160 bits, then
@@ -333,6 +339,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
 	    log_error(_("DSA requires the use of a 160 bit hash algorithm\n"));
 	    return G10ERR_GENERAL;
 	  }
+#endif
 
         frame = encode_md_value( NULL, sk, md, digest_algo );
         if (!frame)