security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

agent: Add debug output for failed RSA signature verification 

* agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
and print some debug info in the error case.
--

Note that the addition of do_encode_dsa has no immediate effect
because we use the code only for RSA.  However, for debugging it can
be useful to change the code to check also other created signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2021-03-26 14:27:00 +01:00
parent 935765b451
commit 6de1ec3ba5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
agent/pksign.c
View File

@ -554,6 +554,8 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
"(data (flags raw) (value %b))",
(int)datalen, data);
}
else if (algo == GCRY_PK_DSA || algo == GCRY_PK_ECC)
err = do_encode_dsa (data, datalen, algo, sexp_key, &s_hash);
else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
err = do_encode_raw_pkcs1 (data, datalen,
gcry_pk_get_nbits (sexp_key), &s_hash);
@ -569,6 +571,12 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
{
log_error (_("checking created signature failed: %s\n"),
gpg_strerror (err));
if (DBG_CRYPTO)
{
gcry_log_debugsxp ("verify s_hsh", s_hash);
gcry_log_debugsxp ("verify s_sig", s_sig);
gcry_log_debugsxp ("verify s_key", sexp_key);
}
gcry_sexp_release (s_sig);
s_sig = NULL;
}