diff options
| -rw-r--r-- | g10/ChangeLog | 7 | ||||
| -rw-r--r-- | g10/sign.c | 7 |
2 files changed, 13 insertions, 1 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index b6c84f3a5..ef6765289 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,8 +1,13 @@ +2006-06-22 David Shaw <[email protected]> + + * sign.c (do_sign): Accept a truncated hash even for DSA1 keys (be + liberal in what you accept, etc). + 2006-06-12 David Shaw <[email protected]> * import.c (import_one): Add a flag (from_sk) so we don't check prefs on an autoconverted public key. The check should only - happen on the sk size. Noted by Dirk Traulsen. + happen on the sk side. Noted by Dirk Traulsen. 2006-06-09 David Shaw <[email protected]> diff --git a/g10/sign.c b/g10/sign.c index d3d0c29b6..39e39c633 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -319,6 +319,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, } else { +#if 0 + /* Disabled for now. It seems reasonable to accept a + truncated hash for a DSA1 key, even though we don't + generate it without --enable-dsa2. Be liberal in what you + accept, etc. */ + /* If it's a DSA key, and q is 160 bits, it might be an old-style DSA key. If the hash doesn't match the q, fail unless --enable-dsa2 is set. If the q isn't 160 bits, then @@ -333,6 +339,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, log_error(_("DSA requires the use of a 160 bit hash algorithm\n")); return G10ERR_GENERAL; } +#endif frame = encode_md_value( NULL, sk, md, digest_algo ); if (!frame) |