-diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/private_key.go
---- a/src/pkg/crypto/openpgp/packet/private_key.go Thu Nov 24 08:51:47 2011 -0800
-+++ b/src/pkg/crypto/openpgp/packet/private_key.go Tue Nov 29 17:21:15 2011 +0100
-@@ -27,7 +27,7 @@
+diff -r 7ec969250bfc src/pkg/crypto/openpgp/packet/private_key.go
+--- a/src/pkg/crypto/openpgp/packet/private_key.go Tue Dec 27 09:49:19 2011 -0500
++++ b/src/pkg/crypto/openpgp/packet/private_key.go Sat Dec 31 02:32:45 2011 +0100
+@@ -28,7 +28,7 @@
encryptedData []byte
cipher CipherFunction
s2k func(out, in []byte)
sha1Checksum bool
iv []byte
}
-@@ -39,6 +39,13 @@
+@@ -40,6 +40,13 @@
return pk
}
-+func NewDSAPrivateKey(currentTimeSecs uint32, priv *dsa.PrivateKey, isSubkey bool) *PrivateKey {
++func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey, isSubkey bool) *PrivateKey {
+ pk := new(PrivateKey)
-+ pk.PublicKey = *NewDSAPublicKey(currentTimeSecs, &priv.PublicKey, isSubkey)
++ pk.PublicKey = *NewDSAPublicKey(currentTime, &priv.PublicKey, isSubkey)
+ pk.PrivateKey = priv
+ return pk
+}
func (pk *PrivateKey) parse(r io.Reader) (err error) {
err = (&pk.PublicKey).parse(r)
if err != nil {
-@@ -120,6 +127,8 @@
+@@ -121,6 +128,8 @@
switch priv := pk.PrivateKey.(type) {
case *rsa.PrivateKey:
err = serializeRSAPrivateKey(privateKeyBuf, priv)
default:
err = error_.InvalidArgumentError("non-RSA private key")
}
-@@ -171,6 +180,10 @@
+@@ -172,6 +181,10 @@
return writeBig(w, priv.Precomputed.Qinv)
}
// Decrypt decrypts an encrypted private key using a passphrase.
func (pk *PrivateKey) Decrypt(passphrase []byte) error {
if !pk.Encrypted {
-diff -r 221f3eb76b52 src/pkg/crypto/openpgp/packet/public_key.go
---- a/src/pkg/crypto/openpgp/packet/public_key.go Thu Nov 24 08:51:47 2011 -0800
-+++ b/src/pkg/crypto/openpgp/packet/public_key.go Tue Nov 29 17:21:15 2011 +0100
-@@ -52,6 +52,23 @@
+diff -r 7ec969250bfc src/pkg/crypto/openpgp/packet/public_key.go
+--- a/src/pkg/crypto/openpgp/packet/public_key.go Tue Dec 27 09:49:19 2011 -0500
++++ b/src/pkg/crypto/openpgp/packet/public_key.go Sat Dec 31 02:32:45 2011 +0100
+@@ -53,6 +53,23 @@
return pk
}
+// NewDSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.
-+func NewDSAPublicKey(creationTimeSecs uint32, pub *dsa.PublicKey, isSubkey bool) *PublicKey {
++func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey, isSubkey bool) *PublicKey {
+ pk := &PublicKey{
-+ CreationTime: creationTimeSecs,
++ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoDSA,
+ PublicKey: pub,
+ IsSubkey: isSubkey,
func (pk *PublicKey) parse(r io.Reader) (err error) {
// RFC 4880, section 5.5.2
var buf [6]byte
+@@ -291,7 +308,14 @@
+ return nil
+ case PubKeyAlgoDSA:
+ dsaPublicKey, _ := pk.PublicKey.(*dsa.PublicKey)
+- if !dsa.Verify(dsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.DSASigR.bytes), new(big.Int).SetBytes(sig.DSASigS.bytes)) {
++ // Hash truncation according to FIPS 186-3 section 4.6
++ // Assuming Q.BitLen() is a multiple of 8
++ n := len(hashBytes)
++ k := dsaPublicKey.Q.BitLen() / 8
++ if n > k {
++ n = k
++ }
++ if !dsa.Verify(dsaPublicKey, hashBytes[:n], new(big.Int).SetBytes(sig.DSASigR.bytes), new(big.Int).SetBytes(sig.DSASigS.bytes)) {
+ return error_.SignatureError("DSA verification failure")
+ }
+ return nil