When verifying TLS signatures, verifyParameters only returns the error even is the digest of the message was successfully computed.
When a signature fails to verify, it can be useful to have the hashed message for verification or determining what caused the failure. If there is a reason why the digest is intentionally not returned I would be interested to know why. Otherwise, I will attach a PR to always return the digest even if there is a signature verification error.
https://github.com/zmap/zcrypto/blob/4dfcec6e9a8c2014f73dd584e64dc797129d77b8/tls/key_agreement.go#L457-L501
dadrian
commented
2 years ago
When verifying TLS signatures,
verifyParametersonly returns the error even is the digest of the message was successfully computed.When a signature fails to verify, it can be useful to have the hashed message for verification or determining what caused the failure. If there is a reason why the digest is intentionally not returned I would be interested to know why. Otherwise, I will attach a PR to always return the digest even if there is a signature verification error. https://github.com/zmap/zcrypto/blob/4dfcec6e9a8c2014f73dd584e64dc797129d77b8/tls/key_agreement.go#L457-L501