From a57482e350c5bc04ba886956c11ce9aefb926773 Mon Sep 17 00:00:00 2001
From: snofz <spnofzin@microsoft.com>
Date: Tue, 7 Sep 2021 15:52:39 -0700
Subject: [PATCH 1/3] DH cleanup

---
 SymCryptEngine/src/sc_ossl_dh.c | 33 ++++++++++++++++++++++-----------
 SymCryptEngine/src/sc_ossl_dh.h | 16 +++++++++-------
 2 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/SymCryptEngine/src/sc_ossl_dh.c b/SymCryptEngine/src/sc_ossl_dh.c
index 6e1108f..b677f9e 100644
--- a/SymCryptEngine/src/sc_ossl_dh.c
+++ b/SymCryptEngine/src/sc_ossl_dh.c
@@ -16,8 +16,12 @@ typedef int (*PFN_DH_meth_bn_mod_exp)(const DH* dh, BIGNUM* r,
 typedef int (*PFN_DH_meth_init)(DH* dh);
 typedef int (*PFN_DH_meth_finish)(DH* dh);
 
-
-int sc_ossl_dh_generate_key(DH* dh)
+// Generates public and private DH values.
+// Expects shared parameters dh->p and dh->g to be set.
+// Generates a random private DH key unless dh->priv_key set, and computes corresponding
+// public value dh->pub_key.
+// Returns 1 on success, 0 otherwise
+SCOSSL_STATUS sc_ossl_dh_generate_key(_Inout_ DH* dh)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
 
@@ -29,7 +33,11 @@ int sc_ossl_dh_generate_key(DH* dh)
     return pfn_dh_meth_generate_key(dh);
 }
 
-int sc_ossl_dh_compute_key(unsigned char* key, const BIGNUM* pub_key, DH* dh)
+// Computes the shared secret from the private DH value in dh and the other party's public
+// value in pub_key and stores it in key. key must point to DH_size(dh) bytes of memory.
+// Returns size of shared secret on success, or -1 on error.
+_Success_(return >= 0)
+int sc_ossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsigned char* key, _In_ const BIGNUM* pub_key, _In_ DH* dh)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
 
@@ -41,10 +49,11 @@ int sc_ossl_dh_compute_key(unsigned char* key, const BIGNUM* pub_key, DH* dh)
     return pfn_dh_meth_compute_key(key, pub_key, dh);
 }
 
-
-int sc_ossl_dh_bn_mod_exp(const DH* dh, BIGNUM* r,
-    const BIGNUM* a, const BIGNUM* p,
-    const BIGNUM* m, BN_CTX* ctx, BN_MONT_CTX* m_ctx)
+// Computes r = a ^ p mod m
+// Returns 1 on success, or 0 on error
+SCOSSL_STATUS sc_ossl_dh_bn_mod_exp(_In_ const DH* dh, _Out_ BIGNUM* r,
+    _In_ const BIGNUM* a, _In_ const BIGNUM* p,
+    _In_ const BIGNUM* m, _In_ BN_CTX* ctx, _In_ BN_MONT_CTX* m_ctx)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
 
@@ -56,8 +65,9 @@ int sc_ossl_dh_bn_mod_exp(const DH* dh, BIGNUM* r,
     return pfn_dh_meth_bm_mod_exp(dh, r, a, p, m, ctx, m_ctx);
 }
 
-
-int sc_ossl_dh_init(DH* dh)
+// Initializes a new DH instance.
+// Returns 1 on success, or 0 on error
+SCOSSL_STATUS sc_ossl_dh_init(_Inout_ DH* dh)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
 
@@ -69,8 +79,9 @@ int sc_ossl_dh_init(DH* dh)
     return pfn_dh_meth_init(dh);
 }
 
-
-int sc_ossl_dh_finish(DH* dh)
+// Destroys instance of DH object. The memory for dh is not freed by this function.
+// Returns 1 on success, or 0 on error
+SCOSSL_STATUS sc_ossl_dh_finish(_Inout_ DH* dh)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
 
diff --git a/SymCryptEngine/src/sc_ossl_dh.h b/SymCryptEngine/src/sc_ossl_dh.h
index f7d5716..04623ea 100644
--- a/SymCryptEngine/src/sc_ossl_dh.h
+++ b/SymCryptEngine/src/sc_ossl_dh.h
@@ -3,23 +3,25 @@
 //
 
 #include "sc_ossl.h"
+#include "sc_ossl_helpers.h"
 #include <openssl/dh.h>
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-int sc_ossl_dh_generate_key(DH* dh);
+SCOSSL_STATUS sc_ossl_dh_generate_key(_Inout_ DH* dh);
 
-int sc_ossl_dh_compute_key(unsigned char* key, const BIGNUM* pub_key, DH* dh);
+_Success_(return >= 0)
+int sc_ossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsigned char* key, _In_ const BIGNUM* pub_key, _In_ DH* dh);
 
-int sc_ossl_dh_bn_mod_exp(const DH* dh, BIGNUM* r,
-    const BIGNUM* a, const BIGNUM* p,
-    const BIGNUM* m, BN_CTX* ctx, BN_MONT_CTX* m_ctx);
+SCOSSL_STATUS sc_ossl_dh_bn_mod_exp(_In_ const DH* dh, _Out_ BIGNUM* r,
+    _In_ const BIGNUM* a, _In_ const BIGNUM* p,
+    _In_ const BIGNUM* m, _In_ BN_CTX* ctx, _In_ BN_MONT_CTX* m_ctx);
 
-int sc_ossl_dh_init(DH* dh);
+SCOSSL_STATUS sc_ossl_dh_init(_Inout_ DH* dh);
 
-int sc_ossl_dh_finish(DH* dh);
+SCOSSL_STATUS sc_ossl_dh_finish(_Inout_ DH* dh);
 
 #ifdef __cplusplus
 }

From 03e06f056f4f53d884129f3ec431f554b40e7fba Mon Sep 17 00:00:00 2001
From: snofz <spnofzin@microsoft.com>
Date: Tue, 7 Sep 2021 16:10:56 -0700
Subject: [PATCH 2/3] DSA cleanup

---
 SymCryptEngine/src/sc_ossl_dsa.c | 27 ++++++++++++++++++++-------
 SymCryptEngine/src/sc_ossl_dsa.h | 12 +++++++-----
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/SymCryptEngine/src/sc_ossl_dsa.c b/SymCryptEngine/src/sc_ossl_dsa.c
index ea5e5f0..0fe251b 100644
--- a/SymCryptEngine/src/sc_ossl_dsa.c
+++ b/SymCryptEngine/src/sc_ossl_dsa.c
@@ -14,7 +14,11 @@ typedef int (*PFN_DSA_meth_verify) (const unsigned char* dgst, int dgst_len, DSA
 typedef int (*PFN_DSA_meth_init)(DSA* dsa);
 typedef int (*PFN_DSA_meth_finish)(DSA* dsa);
 
-DSA_SIG* sc_ossl_dsa_sign(const unsigned char* dgst, int dlen, DSA* dsa)
+// Computes a digital signature on the dlen byte message digest dgst using the private key dsa
+// and returns it in a newly allocated DSA_SIG structure.
+// Returns the signature on success, or NULL on error.
+_Success_(return != NULL)
+DSA_SIG* sc_ossl_dsa_sign(_In_reads_bytes_(dlen) const unsigned char* dgst, int dlen, _In_ DSA* dsa)
 {
     const DSA_METHOD* ossl_dsa_meth = DSA_OpenSSL();
     PFN_DSA_meth_sign pfn_dsa_sign = DSA_meth_get_sign(ossl_dsa_meth);
@@ -25,8 +29,10 @@ DSA_SIG* sc_ossl_dsa_sign(const unsigned char* dgst, int dlen, DSA* dsa)
     return pfn_dsa_sign(dgst, dlen, dsa);
 }
 
-int sc_ossl_dsa_sign_setup(DSA* dsa, BN_CTX* ctx_in,
-    BIGNUM** kinvp, BIGNUM** rp)
+// Precalculates the DSA signature values k^-1 and r.
+// Returns 1 on success, or 0 on error.
+SCOSSL_STATUS sc_ossl_dsa_sign_setup(_In_ DSA* dsa, _In_ BN_CTX* ctx_in,
+    _Out_ BIGNUM** kinvp, _Out_ BIGNUM** rp)
 {
     const DSA_METHOD* ossl_dsa_meth = DSA_OpenSSL();
     PFN_DSA_meth_sign_setup pfn_dsa_sign_setup = DSA_meth_get_sign_setup(ossl_dsa_meth);
@@ -37,8 +43,11 @@ int sc_ossl_dsa_sign_setup(DSA* dsa, BN_CTX* ctx_in,
     return pfn_dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 }
 
-int sc_ossl_dsa_verify(const unsigned char* dgst, int dgst_len,
-    DSA_SIG* sig, DSA* dsa)
+// Verifies that the signature sig matches a given message digest dgst of size dgst_len.
+// dsa is the signer's public key.
+// Returns 1 for a valid signature, 0 for an incorrect signature, and -1 on error.
+SCOSSL_STATUS sc_ossl_dsa_verify(_In_reads_bytes_(dgst_len) const unsigned char* dgst, int dgst_len,
+    _In_ DSA_SIG* sig, _In_ DSA* dsa)
 {
     const DSA_METHOD* ossl_dsa_meth = DSA_OpenSSL();
     PFN_DSA_meth_verify pfn_dsa_verify = DSA_meth_get_verify(ossl_dsa_meth);
@@ -49,7 +58,9 @@ int sc_ossl_dsa_verify(const unsigned char* dgst, int dgst_len,
     return pfn_dsa_verify(dgst, dgst_len, sig, dsa);
 }
 
-int sc_ossl_dsa_init(DSA* dsa)
+// Initializes a new DSA instance.
+// Returns 1 on success, or 0 on error
+SCOSSL_STATUS sc_ossl_dsa_init(_Inout_ DSA* dsa)
 {
     const DSA_METHOD* ossl_dsa_meth = DSA_OpenSSL();
     PFN_DSA_meth_init pfn_dsa_init = DSA_meth_get_init(ossl_dsa_meth);
@@ -61,7 +72,9 @@ int sc_ossl_dsa_init(DSA* dsa)
 }
 
 
-int sc_ossl_dsa_finish(DSA* dsa)
+// Destroys instance of DSA object. The memory for dsa is not freed by this function.
+// Returns 1 on success, or 0 on error
+SCOSSL_STATUS sc_ossl_dsa_finish(_Inout_ DSA* dsa)
 {
     const DSA_METHOD* ossl_dsa_meth = DSA_OpenSSL();
     PFN_DSA_meth_finish pfn_dsa_finish = DSA_meth_get_finish(ossl_dsa_meth);
diff --git a/SymCryptEngine/src/sc_ossl_dsa.h b/SymCryptEngine/src/sc_ossl_dsa.h
index 996b26f..9677c60 100644
--- a/SymCryptEngine/src/sc_ossl_dsa.h
+++ b/SymCryptEngine/src/sc_ossl_dsa.h
@@ -3,6 +3,7 @@
 //
 
 #include "sc_ossl.h"
+#include "sc_ossl_helpers.h"
 #include <openssl/dsa.h>
 
 #ifdef __cplusplus
@@ -10,15 +11,16 @@ extern "C" {
 #endif
 
 
-DSA_SIG* sc_ossl_dsa_sign(const unsigned char* dgst, int dlen, DSA* dsa);
+_Success_(return != NULL)
+DSA_SIG* sc_ossl_dsa_sign(_In_reads_bytes_(dlen) const unsigned char* dgst, int dlen, _In_ DSA* dsa);
 
-int sc_ossl_dsa_sign_setup(DSA* dsa, BN_CTX* ctx_in, BIGNUM** kinvp, BIGNUM** rp);
+SCOSSL_STATUS sc_ossl_dsa_sign_setup(_In_ DSA* dsa, _In_ BN_CTX* ctx_in, _Out_ BIGNUM** kinvp, _Out_ BIGNUM** rp);
 
-int sc_ossl_dsa_verify(const unsigned char* dgst, int dgst_len, DSA_SIG* sig, DSA* dsa);
+SCOSSL_STATUS sc_ossl_dsa_verify(_In_reads_bytes_(dgst_len) const unsigned char* dgst, int dgst_len, _In_ DSA_SIG* sig, _In_ DSA* dsa);
 
-int sc_ossl_dsa_init(DSA* dsa);
+SCOSSL_STATUS sc_ossl_dsa_init(_Inout_ DSA* dsa);
 
-int sc_ossl_dsa_finish(DSA* dsa);
+SCOSSL_STATUS sc_ossl_dsa_finish(_Inout_ DSA* dsa);
 
 #ifdef __cplusplus
 }

From fc9aa4174ae14754f1b34df84d3e0f94171fc4c1 Mon Sep 17 00:00:00 2001
From: snofz <spnofzin@microsoft.com>
Date: Mon, 20 Sep 2021 14:10:23 -0700
Subject: [PATCH 3/3] Moved function descriptions to header and changed one
 return type to SCOSSL_RETURNLENGTH

---
 SymCryptEngine/src/sc_ossl_dh.c  | 17 +----------------
 SymCryptEngine/src/sc_ossl_dh.h  | 17 +++++++++++++++--
 SymCryptEngine/src/sc_ossl_dsa.c | 13 -------------
 SymCryptEngine/src/sc_ossl_dsa.h | 12 ++++++++++++
 4 files changed, 28 insertions(+), 31 deletions(-)

diff --git a/SymCryptEngine/src/sc_ossl_dh.c b/SymCryptEngine/src/sc_ossl_dh.c
index b677f9e..c9db66e 100644
--- a/SymCryptEngine/src/sc_ossl_dh.c
+++ b/SymCryptEngine/src/sc_ossl_dh.c
@@ -16,11 +16,6 @@ typedef int (*PFN_DH_meth_bn_mod_exp)(const DH* dh, BIGNUM* r,
 typedef int (*PFN_DH_meth_init)(DH* dh);
 typedef int (*PFN_DH_meth_finish)(DH* dh);
 
-// Generates public and private DH values.
-// Expects shared parameters dh->p and dh->g to be set.
-// Generates a random private DH key unless dh->priv_key set, and computes corresponding
-// public value dh->pub_key.
-// Returns 1 on success, 0 otherwise
 SCOSSL_STATUS sc_ossl_dh_generate_key(_Inout_ DH* dh)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
@@ -33,11 +28,7 @@ SCOSSL_STATUS sc_ossl_dh_generate_key(_Inout_ DH* dh)
     return pfn_dh_meth_generate_key(dh);
 }
 
-// Computes the shared secret from the private DH value in dh and the other party's public
-// value in pub_key and stores it in key. key must point to DH_size(dh) bytes of memory.
-// Returns size of shared secret on success, or -1 on error.
-_Success_(return >= 0)
-int sc_ossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsigned char* key, _In_ const BIGNUM* pub_key, _In_ DH* dh)
+SCOSSL_RETURNLENGTH sc_ossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsigned char* key, _In_ const BIGNUM* pub_key, _In_ DH* dh)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
 
@@ -49,8 +40,6 @@ int sc_ossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsigned char* key, _
     return pfn_dh_meth_compute_key(key, pub_key, dh);
 }
 
-// Computes r = a ^ p mod m
-// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dh_bn_mod_exp(_In_ const DH* dh, _Out_ BIGNUM* r,
     _In_ const BIGNUM* a, _In_ const BIGNUM* p,
     _In_ const BIGNUM* m, _In_ BN_CTX* ctx, _In_ BN_MONT_CTX* m_ctx)
@@ -65,8 +54,6 @@ SCOSSL_STATUS sc_ossl_dh_bn_mod_exp(_In_ const DH* dh, _Out_ BIGNUM* r,
     return pfn_dh_meth_bm_mod_exp(dh, r, a, p, m, ctx, m_ctx);
 }
 
-// Initializes a new DH instance.
-// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dh_init(_Inout_ DH* dh)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
@@ -79,8 +66,6 @@ SCOSSL_STATUS sc_ossl_dh_init(_Inout_ DH* dh)
     return pfn_dh_meth_init(dh);
 }
 
-// Destroys instance of DH object. The memory for dh is not freed by this function.
-// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dh_finish(_Inout_ DH* dh)
 {
     const DH_METHOD* ossl_dh_meth = DH_OpenSSL();
diff --git a/SymCryptEngine/src/sc_ossl_dh.h b/SymCryptEngine/src/sc_ossl_dh.h
index 04623ea..145c274 100644
--- a/SymCryptEngine/src/sc_ossl_dh.h
+++ b/SymCryptEngine/src/sc_ossl_dh.h
@@ -10,17 +10,30 @@
 extern "C" {
 #endif
 
+// Generates public and private DH values.
+// Expects shared parameters dh->p and dh->g to be set.
+// Generates a random private DH key unless dh->priv_key set, and computes corresponding
+// public value dh->pub_key.
+// Returns 1 on success, 0 otherwise
 SCOSSL_STATUS sc_ossl_dh_generate_key(_Inout_ DH* dh);
 
-_Success_(return >= 0)
-int sc_ossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsigned char* key, _In_ const BIGNUM* pub_key, _In_ DH* dh);
+// Computes the shared secret from the private DH value in dh and the other party's public
+// value in pub_key and stores it in key. key must point to DH_size(dh) bytes of memory.
+// Returns size of shared secret on success, or -1 on error.
+SCOSSL_RETURNLENGTH sc_ossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsigned char* key, _In_ const BIGNUM* pub_key, _In_ DH* dh);
 
+// Computes r = a ^ p mod m
+// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dh_bn_mod_exp(_In_ const DH* dh, _Out_ BIGNUM* r,
     _In_ const BIGNUM* a, _In_ const BIGNUM* p,
     _In_ const BIGNUM* m, _In_ BN_CTX* ctx, _In_ BN_MONT_CTX* m_ctx);
 
+// Initializes a new DH instance.
+// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dh_init(_Inout_ DH* dh);
 
+// Destroys instance of DH object. The memory for dh is not freed by this function.
+// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dh_finish(_Inout_ DH* dh);
 
 #ifdef __cplusplus
diff --git a/SymCryptEngine/src/sc_ossl_dsa.c b/SymCryptEngine/src/sc_ossl_dsa.c
index 0fe251b..5f05607 100644
--- a/SymCryptEngine/src/sc_ossl_dsa.c
+++ b/SymCryptEngine/src/sc_ossl_dsa.c
@@ -14,9 +14,6 @@ typedef int (*PFN_DSA_meth_verify) (const unsigned char* dgst, int dgst_len, DSA
 typedef int (*PFN_DSA_meth_init)(DSA* dsa);
 typedef int (*PFN_DSA_meth_finish)(DSA* dsa);
 
-// Computes a digital signature on the dlen byte message digest dgst using the private key dsa
-// and returns it in a newly allocated DSA_SIG structure.
-// Returns the signature on success, or NULL on error.
 _Success_(return != NULL)
 DSA_SIG* sc_ossl_dsa_sign(_In_reads_bytes_(dlen) const unsigned char* dgst, int dlen, _In_ DSA* dsa)
 {
@@ -29,8 +26,6 @@ DSA_SIG* sc_ossl_dsa_sign(_In_reads_bytes_(dlen) const unsigned char* dgst, int
     return pfn_dsa_sign(dgst, dlen, dsa);
 }
 
-// Precalculates the DSA signature values k^-1 and r.
-// Returns 1 on success, or 0 on error.
 SCOSSL_STATUS sc_ossl_dsa_sign_setup(_In_ DSA* dsa, _In_ BN_CTX* ctx_in,
     _Out_ BIGNUM** kinvp, _Out_ BIGNUM** rp)
 {
@@ -43,9 +38,6 @@ SCOSSL_STATUS sc_ossl_dsa_sign_setup(_In_ DSA* dsa, _In_ BN_CTX* ctx_in,
     return pfn_dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 }
 
-// Verifies that the signature sig matches a given message digest dgst of size dgst_len.
-// dsa is the signer's public key.
-// Returns 1 for a valid signature, 0 for an incorrect signature, and -1 on error.
 SCOSSL_STATUS sc_ossl_dsa_verify(_In_reads_bytes_(dgst_len) const unsigned char* dgst, int dgst_len,
     _In_ DSA_SIG* sig, _In_ DSA* dsa)
 {
@@ -58,8 +50,6 @@ SCOSSL_STATUS sc_ossl_dsa_verify(_In_reads_bytes_(dgst_len) const unsigned char*
     return pfn_dsa_verify(dgst, dgst_len, sig, dsa);
 }
 
-// Initializes a new DSA instance.
-// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dsa_init(_Inout_ DSA* dsa)
 {
     const DSA_METHOD* ossl_dsa_meth = DSA_OpenSSL();
@@ -71,9 +61,6 @@ SCOSSL_STATUS sc_ossl_dsa_init(_Inout_ DSA* dsa)
     return pfn_dsa_init(dsa);
 }
 
-
-// Destroys instance of DSA object. The memory for dsa is not freed by this function.
-// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dsa_finish(_Inout_ DSA* dsa)
 {
     const DSA_METHOD* ossl_dsa_meth = DSA_OpenSSL();
diff --git a/SymCryptEngine/src/sc_ossl_dsa.h b/SymCryptEngine/src/sc_ossl_dsa.h
index 9677c60..dbb220a 100644
--- a/SymCryptEngine/src/sc_ossl_dsa.h
+++ b/SymCryptEngine/src/sc_ossl_dsa.h
@@ -11,15 +11,27 @@ extern "C" {
 #endif
 
 
+// Computes a digital signature on the dlen byte message digest dgst using the private key dsa
+// and returns it in a newly allocated DSA_SIG structure.
+// Returns the signature on success, or NULL on error.
 _Success_(return != NULL)
 DSA_SIG* sc_ossl_dsa_sign(_In_reads_bytes_(dlen) const unsigned char* dgst, int dlen, _In_ DSA* dsa);
 
+// Precalculates the DSA signature values k^-1 and r.
+// Returns 1 on success, or 0 on error.
 SCOSSL_STATUS sc_ossl_dsa_sign_setup(_In_ DSA* dsa, _In_ BN_CTX* ctx_in, _Out_ BIGNUM** kinvp, _Out_ BIGNUM** rp);
 
+// Verifies that the signature sig matches a given message digest dgst of size dgst_len.
+// dsa is the signer's public key.
+// Returns 1 for a valid signature, 0 for an incorrect signature, and -1 on error.
 SCOSSL_STATUS sc_ossl_dsa_verify(_In_reads_bytes_(dgst_len) const unsigned char* dgst, int dgst_len, _In_ DSA_SIG* sig, _In_ DSA* dsa);
 
+// Initializes a new DSA instance.
+// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dsa_init(_Inout_ DSA* dsa);
 
+// Destroys instance of DSA object. The memory for dsa is not freed by this function.
+// Returns 1 on success, or 0 on error
 SCOSSL_STATUS sc_ossl_dsa_finish(_Inout_ DSA* dsa);
 
 #ifdef __cplusplus