Index: libgcrypt-1.6.1/tests/fipsdrv.c =================================================================== --- libgcrypt-1.6.1.orig/tests/fipsdrv.c +++ libgcrypt-1.6.1/tests/fipsdrv.c @@ -2190,11 +2190,12 @@ dsa_hash_from_key(gcry_sexp_t s_key) return GCRY_MD_NONE; } - + /* Sign DATA of length DATALEN using the key taken from the S-expression encoded KEYFILE. */ static void -run_dsa_sign (const void *data, size_t datalen, const char *keyfile) +run_dsa_sign (const void *data, size_t datalen, + int hashalgo, const char *keyfile) { gpg_error_t err; @@ -2202,13 +2203,20 @@ run_dsa_sign (const void *data, size_t d char hash[128]; gcry_mpi_t tmpmpi; int algo; + int algo_len; + int hashalgo_len; s_key = read_sexp_from_file (keyfile); algo = dsa_hash_from_key(s_key); + algo_len = gcry_md_get_algo_dlen(algo); + hashalgo_len = gcry_md_get_algo_dlen(hashalgo); - gcry_md_hash_buffer (algo, hash, data, datalen); + if (hashalgo_len < algo_len) + algo_len = hashalgo_len; + + gcry_md_hash_buffer (hashalgo, hash, data, datalen); err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, - gcry_md_get_algo_dlen(algo), NULL); + algo_len, NULL); if (!err) { err = gcry_sexp_build (&s_data, NULL, @@ -3000,14 +3008,21 @@ main (int argc, char **argv) } else if (!strcmp (mode_string, "dsa-sign")) { + int algo; + if (!key_string) die ("option --key is required in this mode\n"); if (access (key_string, R_OK)) die ("option --key needs to specify an existing keyfile\n"); + if (!algo_string) + die ("option --algo is required in this mode\n"); + algo = gcry_md_map_name (algo_string); + if (!algo) + die ("digest algorithm `%s' is not supported\n", algo_string); if (!data) die ("no data available (do not use --chunk)\n"); - run_dsa_sign (data, datalen, key_string); + run_dsa_sign (data, datalen, algo, key_string); } else if (!strcmp (mode_string, "dsa-verify")) {