--- a/dbutil.c	Fri Aug 04 17:15:05 2006 +0000
+++ b/dbutil.c	Fri Aug 04 17:15:35 2006 +0000
@@ -482,6 +482,10 @@
 
 	int i;
 
+	if (!debug_trace) {
+		return;
+	}
+
 	fprintf(stderr, "%s\n", label);
 	for (i = 0; i < len; i++) {
 		fprintf(stderr, "%02x", buf[i]);
@@ -494,6 +498,28 @@
 	}
 	fprintf(stderr, "\n");
 }
+
+void print_mp_int(const char * label, mp_int *mp) {
+	int ret;
+	int size;
+	char * buf = NULL;
+
+	if (!debug_trace) {
+		return;
+	}
+
+	fprintf(stderr, "mp_int %s: ", label);
+	ret = mp_radix_size(mp, 10, &size);
+	dropbear_assert(ret == MP_OKAY);
+
+	buf = m_malloc(size);
+	ret = mp_toradix(mp, buf, 10);
+	dropbear_assert(ret == MP_OKAY);
+	fprintf(stderr, "%s\n", buf);
+	m_free(buf);
+}
+
+
 #endif
 
 /* Strip all control characters from text (a null-terminated string), except

--- a/dbutil.h	Fri Aug 04 17:15:05 2006 +0000
+++ b/dbutil.h	Fri Aug 04 17:15:35 2006 +0000
@@ -43,6 +43,7 @@
 #ifdef DEBUG_TRACE
 void dropbear_trace(const char* format, ...);
 void printhex(const char * label, const unsigned char * buf, int len);
+void print_mp_int(const char * label, mp_int *mp);
 extern int debug_trace;
 #endif
 char * stripcontrol(const char * text);

--- a/debug.h	Fri Aug 04 17:15:05 2006 +0000
+++ b/debug.h	Fri Aug 04 17:15:35 2006 +0000
@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-/*#define DEBUG_TRACE */
+#define DEBUG_TRACE
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're

--- a/rsa.c	Fri Aug 04 17:15:05 2006 +0000
+++ b/rsa.c	Fri Aug 04 17:15:35 2006 +0000
@@ -211,6 +211,10 @@
 
 	dropbear_assert(key != NULL);
 
+	printhex("buf_rsa_verify buffer", buf->data, buf->len);
+	print_mp_int("buf_rsa_verify key n", key->n);
+	print_mp_int("buf_rsa_verify key e", key->e);
+
 	m_mp_init_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL);
 
 	slen = buf_getint(buf);
@@ -225,6 +229,8 @@
 		goto out;
 	}
 
+	print_mp_int("buf_rsa_verify rsa_s", &rsa_s);
+
 	/* check that s <= n-1 */
 	if (mp_cmp(&rsa_s, key->n) != MP_LT) {
 		TRACE(("s > n-1"))
@@ -233,11 +239,13 @@
 
 	/* create the magic PKCS padded value */
 	rsa_pad_em(key, data, len, &rsa_em);
+	print_mp_int("buf_rsa_verify rsa_em", &rsa_em);
 
 	if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
 		TRACE(("failed exptmod rsa_s"))
 		goto out;
 	}
+	print_mp_int("buf_rsa_verify rsa_mdash", &rsa_mdash);
 
 	if (mp_cmp(&rsa_em, &rsa_mdash) == MP_EQ) {
 		/* signature is valid */