diff options
| author | Werner Koch <[email protected]> | 2021-03-26 13:27:00 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-03-26 13:30:58 +0000 |
| commit | 6de1ec3ba59fa54ab60b2923ba9caa77fc9d5281 (patch) | |
| tree | faf33339d4d685eb86f5b02d5c6c8dd99abbf294 /agent/pksign.c | |
| parent | common: New function to uncompress an ECC public key. (diff) | |
| download | gnupg-6de1ec3ba59fa54ab60b2923ba9caa77fc9d5281.tar.gz gnupg-6de1ec3ba59fa54ab60b2923ba9caa77fc9d5281.zip | |
agent: Add debug output for failed RSA signature verification
* agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
and print some debug info in the error case.
--
Note that the addition of do_encode_dsa has no immediate effect
because we use the code only for RSA. However, for debugging it can
be useful to change the code to check also other created signatures.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'agent/pksign.c')
| -rw-r--r-- | agent/pksign.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/agent/pksign.c b/agent/pksign.c index 00b31ee45..b877addb0 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -554,6 +554,8 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, "(data (flags raw) (value %b))", (int)datalen, data); } + else if (algo == GCRY_PK_DSA || algo == GCRY_PK_ECC) + err = do_encode_dsa (data, datalen, algo, sexp_key, &s_hash); else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) err = do_encode_raw_pkcs1 (data, datalen, gcry_pk_get_nbits (sexp_key), &s_hash); @@ -569,6 +571,12 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, { log_error (_("checking created signature failed: %s\n"), gpg_strerror (err)); + if (DBG_CRYPTO) + { + gcry_log_debugsxp ("verify s_hsh", s_hash); + gcry_log_debugsxp ("verify s_sig", s_sig); + gcry_log_debugsxp ("verify s_key", sexp_key); + } gcry_sexp_release (s_sig); s_sig = NULL; } |