diff options
| author | David Shaw <[email protected]> | 2006-03-30 19:20:59 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2006-03-30 19:20:59 +0000 |
| commit | 92e1528bf2206b44b7d321e686ac9a1c1251fc5b (patch) | |
| tree | ba9f1e067f05d7438942c2069b9916d1d99569b2 /g10/sign.c | |
| parent | * README: Some more notes about building fat binaries. (diff) | |
| download | gnupg-92e1528bf2206b44b7d321e686ac9a1c1251fc5b.tar.gz gnupg-92e1528bf2206b44b7d321e686ac9a1c1251fc5b.zip | |
* main.h, seskey.c (encode_md_value): Modify to allow a q size greater
than 160 bits as per DSA2. This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.
* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.
Diffstat (limited to 'g10/sign.c')
| -rw-r--r-- | g10/sign.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/g10/sign.c b/g10/sign.c index 79e756753..925fef461 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -319,8 +319,17 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, } else { - frame = encode_md_value( sk->pubkey_algo, md, - digest_algo, mpi_get_nbits(sk->skey[0]) ); + /* TODO: remove this check in the future once all the + variable-q DSA stuff makes it into the standard. */ + if(!opt.expert + && sk->pubkey_algo==PUBKEY_ALGO_DSA + && md_digest_length(digest_algo)!=20) + { + log_error(_("DSA requires the use of a 160 bit hash algorithm\n")); + return G10ERR_GENERAL; + } + + frame = encode_md_value( NULL, sk, md, digest_algo ); if (!frame) return G10ERR_GENERAL; rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey ); @@ -336,9 +345,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; else { - frame = encode_md_value (pk->pubkey_algo, md, - sig->digest_algo, - mpi_get_nbits(pk->pkey[0]) ); + frame = encode_md_value (pk, NULL, md, sig->digest_algo ); if (!frame) rc = G10ERR_GENERAL; else |