"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.0.2q/doc/crypto/DSA_sign.pod" (20 Nov 2018, 2341 Bytes) of package /linux/misc/openssl-1.0.2q.tar.gz:

Caution: As a special service "Fossies" has tried to format the requested pod source page into HTML format but links to other pod pages may be missing or even errorneous. Alternatively you can here view or download the uninterpreted pod source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the last Fossies "Diffs" side-by-side code changes report for "DSA_sign.pod": 1.1.0g_vs_1.1.1-pre2.


DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures


 #include <openssl/dsa.h>

 int    DSA_sign(int type, const unsigned char *dgst, int len,
                unsigned char *sigret, unsigned int *siglen, DSA *dsa);

 int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
                BIGNUM **rp);

 int    DSA_verify(int type, const unsigned char *dgst, int len,
                unsigned char *sigbuf, int siglen, DSA *dsa);


DSA_sign() computes a digital signature on the len byte message digest dgst using the private key dsa and places its ASN.1 DER encoding at sigret. The length of the signature is places in *siglen. sigret must point to DSA_size(dsa) bytes of memory.

DSA_sign_setup() may be used to precompute part of the signing operation in case signature generation is time-critical. It expects dsa to contain DSA parameters. It places the precomputed values in newly allocated BIGNUMs at *kinvp and *rp, after freeing the old ones unless *kinvp and *rp are NULL. These values may be passed to DSA_sign() in dsa->kinv and dsa->r. ctx is a pre-allocated BN_CTX or NULL. The precomputed values from DSA_sign_setup() MUST NOT be used for more than one signature: using the same dsa->kinv and dsa->r pair twice under the same private key on different plaintexts will result in permanently exposing the DSA private key.

DSA_verify() verifies that the signature sigbuf of size siglen matches a given message digest dgst of size len. dsa is the signer's public key.

The type parameter is ignored.

The PRNG must be seeded before DSA_sign() (or DSA_sign_setup()) is called.


DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error. DSA_verify() returns 1 for a valid signature, 0 for an incorrect signature and -1 on error. The error codes can be obtained by ERR_get_error(3).


US Federal Information Processing Standard FIPS 186 (Digital Signature Standard, DSS), ANSI X9.30


dsa(3), ERR_get_error(3), rand(3), DSA_do_sign(3)


DSA_sign() and DSA_verify() are available in all versions of SSLeay. DSA_sign_setup() was added in SSLeay 0.8.