From c3db7705c049e31e678ff87e230b8160aa0027f1 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 21 Jan 2011 15:58:07 +0100
Subject: [PATCH] Truncate the DSA hash; fixes regression.

Removed left over debug code.
---
 g10/ChangeLog |  2 ++
 g10/seskey.c  | 10 ++++++----
 g10/sign.c    |  3 ---
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 75415f466..8e79587d8 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,7 @@
 2011-01-21  Werner Koch  <wk@g10code.com>
 
+	* seskey.c (encode_md_value): Truncate the DSA hash again.
+
 	* misc.c (openpgp_pk_algo_name): Always use the gcrypt function.
 
 2010-12-09  Werner Koch  <wk@g10code.com>
diff --git a/g10/seskey.c b/g10/seskey.c
index fa6765dc6..2d7918d39 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -319,11 +319,13 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
 	  return NULL;
 	}
 
-      /* Note that in case of ECDSA 521 hash is always smaller than
-         the key size.  */
+      /* By passing QBYTES as length to mpi_scan, we do the truncation
+         of the hash.
+
+         Note that in case of ECDSA 521 the hash is always smaller
+         than the key size.  */
       if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG,
-                         gcry_md_read (md, hash_algo),
-                         gcry_md_get_algo_dlen (hash_algo), &qbytes))
+                         gcry_md_read (md, hash_algo), qbytes, &qbytes))
         BUG();
     }
   else
diff --git a/g10/sign.c b/g10/sign.c
index cbb3c62e8..30dc66d5f 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -298,9 +298,6 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
     {
       PKT_public_key *pk = xmalloc_clear (sizeof *pk);
 
-      log_debug ("checking created signature algo=%d\n", mdalgo);
-      log_printhex ("md:", dp, gcry_md_get_algo_dlen (mdalgo));
-
       if (get_pubkey (pk, sig->keyid ))
         err = gpg_error (GPG_ERR_NO_PUBKEY);
       else