Call dsa_check_keys() before signing or verifying

Call dsa_check_keys() before signing or verifying

We already had some checks on both sides, but they were less precise
and differed between the functions. The code here is messy enough, so
any simplification is helpful...

ok beck jsing