Truncate the DSA hash; fixes regression.

Removed left over debug code.

3 files changed, 8 insertions, 7 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 75415f466..8e79587d8 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,7 @@
 2011-01-21  Werner Koch  <wk@g10code.com>
 
+	* seskey.c (encode_md_value): Truncate the DSA hash again.
+
 	* misc.c (openpgp_pk_algo_name): Always use the gcrypt function.
 
 2010-12-09  Werner Koch  <wk@g10code.com>
diff --git a/g10/seskey.c b/g10/seskey.c
index fa6765dc6..2d7918d39 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -319,11 +319,13 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
 	  return NULL;
 	}
 
-      /* Note that in case of ECDSA 521 hash is always smaller than
-         the key size.  */
+      /* By passing QBYTES as length to mpi_scan, we do the truncation
+         of the hash.
+
+         Note that in case of ECDSA 521 the hash is always smaller
+         than the key size.  */
       if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG,
-                         gcry_md_read (md, hash_algo),
-                         gcry_md_get_algo_dlen (hash_algo), &qbytes))
+                         gcry_md_read (md, hash_algo), qbytes, &qbytes))
         BUG();
     }
   else
diff --git a/g10/sign.c b/g10/sign.c
index cbb3c62e8..30dc66d5f 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -298,9 +298,6 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
     {
       PKT_public_key *pk = xmalloc_clear (sizeof *pk);
 
-      log_debug ("checking created signature algo=%d\n", mdalgo);
-      log_printhex ("md:", dp, gcry_md_get_algo_dlen (mdalgo));
-
       if (get_pubkey (pk, sig->keyid ))
         err = gpg_error (GPG_ERR_NO_PUBKEY);
       else