From e2659684b4a7b4dd767093a7b6101461780bfd38 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 19 May 2014 15:39:49 +0300
Subject: [PATCH] Revert back to DSA-1 only support for NSS

- This essentially reverts commit fe5a1e5dfa93f15b7beda59e193832577143a4d9
  which apparently causes intermittent failures with DSA-1. Look at
  DSA-2 again on some sunnier day...
---
 rpmio/digest_nss.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c
index 7a0dd7d9a..f533bb571 100644
--- a/rpmio/digest_nss.c
+++ b/rpmio/digest_nss.c
@@ -295,25 +295,27 @@ static SECKEYPublicKey *pgpNewPublicKey(KeyType type)
 }
 
 /* compatibility with nss < 3.14 */
-#ifndef DSA_MAX_Q_BITS
-#define DSA_MAX_Q_BITS DSA_Q_BITS
+#ifndef DSA1_SUBPRIME_LEN
+#define DSA1_SUBPRIME_LEN DSA_SUBPRIME_LEN
 #endif
-#ifndef DSA_MIN_Q_BITS
-#define DSA_MIN_Q_BITS DSA_Q_BITS
+#ifndef DSA1_SIGNATURE_LEN
+#define DSA1_SIGNATURE_LEN DSA_SIGNATURE_LEN
+#endif
+#ifndef DSA1_Q_BITS
+#define DSA1_Q_BITS DSA_Q_BITS
 #endif
 
 static int pgpSetSigMpiDSA(pgpDigAlg pgpsig, int num, const uint8_t *p)
 {
     SECItem *sig = pgpsig->data;
-    unsigned int subprlen = (num == 0) ? pgpMpiLen(p) - 2 : sig->len / 2;
-    unsigned int siglen = subprlen * 2;
-    unsigned int qbits = subprlen * 8;
+    unsigned int qbits = DSA1_Q_BITS;
+    unsigned int subprlen = DSA1_SUBPRIME_LEN;
+    unsigned int siglen = DSA1_SIGNATURE_LEN;
     int rc = 1; /* assume failure */
 
     switch (num) {
     case 0:
-	if (qbits >= DSA_MIN_Q_BITS && qbits <= DSA_MAX_Q_BITS)
-	    sig = pgpsig->data = SECITEM_AllocItem(NULL, NULL, siglen);
+	sig = pgpsig->data = SECITEM_AllocItem(NULL, NULL, siglen);
 	if (sig) {
 	    memset(sig->data, 0, siglen);
 	    rc = pgpMpiSet(qbits, sig->data, p);