From 42bf5f3015e094bb3fe0e70ffb41eb6f5e09cbfc Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 14 Jun 2018 18:03:59 +0000
Subject: Clarify the digest truncation comment in DSA signature generation.

Requested by and ok tb@
---
 src/lib/libcrypto/dsa/dsa_ossl.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 9545cff5f8..2f7268839e 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.35 2018/06/14 17:15:41 jsing Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.36 2018/06/14 18:03:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -118,8 +118,9 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 		goto err;
 
 	/*
-	 * If the digest length is greater than the size of q use the
-	 * BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2.
+	 * If the digest length is greater than N (the bit length of q), the
+	 * leftmost N bits of the digest shall be used, see FIPS 186-3, 4.2.
+	 * In this case the digest length is given in bytes.
 	 */
 	if (dlen > BN_num_bytes(dsa->q))
 		dlen = BN_num_bytes(dsa->q);
-- 
cgit v1.2.3-55-g6feb