NAME
DSA_sign
,
DSA_sign_setup
, DSA_verify
— DSA signatures
SYNOPSIS
#include
<openssl/dsa.h>
int
DSA_sign
(int type,
const unsigned char *dgst, int
len, unsigned char *sigret,
unsigned int *siglen, DSA
*dsa);
int
DSA_sign_setup
(DSA *dsa,
BN_CTX *ctx, BIGNUM **kinvp,
BIGNUM **rp);
int
DSA_verify
(int type,
const unsigned char *dgst, int
len, unsigned char *sigbuf, int
siglen, DSA *dsa);
DESCRIPTION
DSA_sign
()
computes a digital signature on the len byte message
digest dgst using the private key
dsa and places its ASN.1 DER encoding at
sigret. The length of the signature is placed in
*siglen. sigret must point to
DSA_size
(dsa)
bytes of memory.
DSA_sign_setup
()
may be used to precompute part of the signing operation in case signature
generation is time-critical. It expects dsa to contain
DSA parameters. It places the precomputed values in newly allocated
BIGNUMs at *kinvp and
*rp, after freeing the old ones unless
kinvp and rp are
NULL
. These values may be passed to
DSA_sign
() in dsa->kinv and
dsa->r.
ctx is a pre-allocated BN_CTX or
NULL
.
DSA_verify
()
verifies that the signature sigbuf of size
siglen matches a given message digest
dgst of size len.
dsa is the signer's public key.
The type parameter is ignored.
RETURN VALUES
DSA_sign
() and
DSA_sign_setup
() return 1 on success or 0 on error.
DSA_verify
() returns 1 for a valid signature, 0 for
an incorrect signature, and -1 on error. The error codes can be obtained by
ERR_get_error(3).
SEE ALSO
DSA_do_sign(3), DSA_get0_key(3), DSA_new(3), ERR_get_error(3), RAND_bytes(3)
STANDARDS
US Federal Information Processing Standard FIPS 186 (Digital Signature Standard, DSS), ANSI X9.30
HISTORY
DSA_sign
() and
DSA_verify
() first appeared in SSLeay 0.6.0.
DSA_sign_setup
() first appeared in SSLeay 0.8.0. All
these functions have been available since OpenBSD
2.4.