DSA_sign(3) — Subroutines
NAME
DSA_sign, DSA_sign_setup, DSA_verify − DSA signatures
SYNOPSIS
#include <openssl/dsa.h>
intDSA_sign(
int type, const unsigned char ∗dgst, int len, unsigned char ∗sigret, unsigned int ∗siglen, DSA ∗dsa ); int DSA_sign_setup(
DSA ∗dsa, BN_CTX ∗ctx, BIGNUM ∗∗kinvp, BIGNUM ∗∗rp ); int DSA_verify(
int type, const unsigned char ∗dgst, int len, unsigned char ∗sigbuf, int siglen, DSA ∗dsa );
DESCRIPTION
The DSA_sign() function computes a digital signature on the len byte message digest (dgst) using the private key dsa and places its ASN.1 DER encoding at sigret. The length of the signature is placed in ∗siglen. The sigret must point to DSA_size(dsa) bytes of memory.
The DSA_sign_setup() function may be used to precompute part of the signing operation in case signature generation is time-critical. It expects dsa to contain DSA parameters. It places the precomputed values in newly allocated BIGNUMs at ∗kinvp and ∗rp, after freeing the old ones unless ∗kinvp and ∗rp are NULL. These values may be passed to DSA_sign() in dsa->kinv and dsa->r. The ctx is a pre-allocated BN_CTX or NULL.
The DSA_verify() function verifies that the signature sigbuf of size siglen matches a given message digest dgst of size len. The dsa is the signer’s public key.
The type parameter is ignored.
The PRNG must be seeded before the DSA_sign() or DSA_sign_setup() function is called.
These functions conform to US Federal Information Processing Standard FIPS 186 (Digital Signature Standard, DSS), ANSI X9.30.
RETURN VALUES
The DSA_sign() and DSA_sign_setup() functions return 1 on success, 0 on error. The DSA_verify() function returns 1 for a valid signature, 0 for an incorrect signature, and -1 on error. The error codes can be obtained from ERR_get_error().
HISTORY
The DSA_sign() and DSA_verify() functions are available in all versions of SSLeay. The DSA_sign_setup() function was added in SSLeay 0.8.
SEE ALSO
Functions: dsa(3), err(3), rand(3), DSA_do_sign(3)