diff options
Diffstat (limited to 'g10/sign.c')
| -rw-r--r-- | g10/sign.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/g10/sign.c b/g10/sign.c index 3e1d7bc53..0538f0020 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -320,6 +320,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, } else { +#if 0 /* disabled *. + /* Disabled for now. It seems reasonable to accept a + truncated hash for a DSA1 key, even though we don't + generate it without --enable-dsa2. Be liberal in what you + accept, etc. */ + /* If it's a DSA key, and q is 160 bits, it might be an old-style DSA key. If the hash doesn't match the q, fail unless --enable-dsa2 is set. If the q isn't 160 bits, then @@ -333,6 +339,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, log_error(_("DSA requires the use of a 160 bit hash algorithm\n")); return G10ERR_GENERAL; } +#endif /* disabled */ frame = encode_md_value( NULL, sk, md, digest_algo ); if (!frame) @@ -1539,7 +1546,7 @@ update_keysig_packet( PKT_signature **ret_sig, } /* Note that already expired sigs will remain expired (with a - duration of 0) since build-packet.c:build_sig_subpkt_from_sig + duration of 1) since build-packet.c:build_sig_subpkt_from_sig detects this case. */ if( sig->version >= 4 ) |