Revision a520723f29aac6598ff0d69e34f5e9b88213e511 authored by Matt Caswell on 14 October 2016, 12:07:00 UTC, committed by Matt Caswell on 28 October 2016, 08:43:41 UTC
The previous commit inspired a review of all the length checks for the extension adding code. This adds more robust checks and adds checks where some were missing previously. The real solution for this is to use WPACKET which is currently in master - but that cannot be applied to release branches. Reviewed-by: Rich Salz <rsalz@openssl.org>
1 parent 83a1d4b
DSA_do_sign.pod
=pod
=head1 NAME
DSA_do_sign, DSA_do_verify - raw DSA signature operations
=head1 SYNOPSIS
#include <openssl/dsa.h>
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
int DSA_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
=head1 DESCRIPTION
DSA_do_sign() computes a digital signature on the B<len> byte message
digest B<dgst> using the private key B<dsa> and returns it in a
newly allocated B<DSA_SIG> structure.
L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
of the signing operation in case signature generation is
time-critical.
DSA_do_verify() verifies that the signature B<sig> matches a given
message digest B<dgst> of size B<len>. B<dsa> is the signer's public
key.
=head1 RETURN VALUES
DSA_do_sign() returns the signature, NULL on error. DSA_do_verify()
returns 1 for a valid signature, 0 for an incorrect signature and -1
on error. The error codes can be obtained by
L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
L<DSA_sign(3)|DSA_sign(3)>
=head1 HISTORY
DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
=cut
Computing file changes ...
