* options.h, gpg.c (main): Add --enable-dsa2 and --disable-dsa2. Defaults

to disable. * pkclist.c (algo_available): If --enable-dsa2 is set, we're allowed to truncate hashes to fit DSA keys. * sign.c (match_dsa_hash): New. Return the best match hash for a given q size. (do_sign, hash_for, sign_file): When signing with a DSA key, if it has q==160, assume it is an old DSA key and don't allow truncation unless --enable-dsa2 is also set. q!=160 always allows truncation since they must be DSA2 keys. (make_keysig_packet): If the user doesn't specify a --cert-digest-algo, use match_dsa_hash to pick the best hash for key signatures.
2025-07-02 22:46:30 +02:00 · 2006-04-20 21:32:42 +00:00 · 2006-04-20 21:32:42 +00:00 · 0f1c0a9f28
commit 0f1c0a9f28
parent b625a6d1a9
5 changed files with 145 additions and 34 deletions
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -1,6 +1,6 @@
 /* pkclist.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
- *               2004, 2005 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ *               2006 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -1210,8 +1210,20 @@ algo_available( preftype_t preftype, int algo, void *hint )
    }
  else if( preftype == PREFTYPE_HASH )
    {
-      if(hint && ((*(int *)hint) != md_digest_length(algo)))
-	return 0;
+      if(hint)
+	{
+	  if(opt.flags.dsa2)
+	    {
+	      /* If --enable-dsa2 is set, then we'll accept a hash
+		 that is larger than we need.  If --enable-dsa2 is not
+		 set, then we won't accept any hash that isn't exactly
+		 the right size. */
+	      if((*(int *)hint) > md_digest_length(algo))
+		return 0;
+	    }
+	  else if(((*(int *)hint) != md_digest_length(algo)))
+	    return 0;
+	}

      if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
 			    && algo != DIGEST_ALGO_SHA1