Truncate the DSA hash; fixes regression.

Removed left over debug code.
2024-12-22 10:19:57 +01:00 · 2011-01-21 15:58:07 +01:00 · 2011-01-21 15:58:07 +01:00 · c3db7705c0
commit c3db7705c0
parent 27929981fc
3 changed files with 8 additions and 7 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,5 +1,7 @@
 2011-01-21  Werner Koch  <wk@g10code.com>

+	* seskey.c (encode_md_value): Truncate the DSA hash again.
+
 	* misc.c (openpgp_pk_algo_name): Always use the gcrypt function.

 2010-12-09  Werner Koch  <wk@g10code.com>
--- a/g10/seskey.c
+++ b/g10/seskey.c
@ -319,11 +319,13 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
 	  return NULL;
 	}

-      /* Note that in case of ECDSA 521 hash is always smaller than
-         the key size.  */
+      /* By passing QBYTES as length to mpi_scan, we do the truncation
+         of the hash.
+
+         Note that in case of ECDSA 521 the hash is always smaller
+         than the key size.  */
      if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG,
-                         gcry_md_read (md, hash_algo),
-                         gcry_md_get_algo_dlen (hash_algo), &qbytes))
+                         gcry_md_read (md, hash_algo), qbytes, &qbytes))
        BUG();
    }
  else
--- a/g10/sign.c
+++ b/g10/sign.c
@ -298,9 +298,6 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
    {
      PKT_public_key *pk = xmalloc_clear (sizeof *pk);

-      log_debug ("checking created signature algo=%d\n", mdalgo);
-      log_printhex ("md:", dp, gcry_md_get_algo_dlen (mdalgo));
-
      if (get_pubkey (pk, sig->keyid ))
        err = gpg_error (GPG_ERR_NO_PUBKEY);
      else