DSA_GENERATE_PARAMETERS(3) OpenSSL DSA_GENERATE_PARAMETERS(3)
DSA_generate_parameters - generate DSA parameters
#include <openssl/dsa.h>
DSA *DSA_generate_parameters(int bits, unsigned char *seed,
int seed_len, int *counter_ret, unsigned long *h_ret,
void (*callback)(int, int, void *), void *cb_arg);
DSA_generate_parameters() generates primes p and q and a
generator g for use in the DSA.
bits is the length of the prime to be generated; the DSS
allows a maximum of 1024 bits.
If seed is NULL or seed_len < 20, the primes will be gen-
erated at random. Otherwise, the seed is used to generate
them. If the given seed does not yield a prime q, a new ran-
dom seed is chosen and placed at seed.
DSA_generate_parameters() places the iteration count in
*counter_ret and a counter used for finding a generator in
*h_ret, unless these are NULL.
A callback function may be used to provide feedback about
the progress of the key generation. If callback is not NULL,
it will be called as follows:
+ When a candidate for q is generated, callback(0, m++,
cb_arg) is called (m is 0 for the first candidate).
+ When a candidate for q has passed a test by trial divi-
sion, callback(1, -1, cb_arg) is called. While a candi-
date for q is tested by Miller-Rabin primality tests,
callback(1, i, cb_arg) is called in the outer loop (once
for each witness that confirms that the candidate may be
prime); i is the loop counter (starting at 0).
+ When a prime q has been found, callback(2, 0, cb_arg)
and callback(3, 0, cb_arg) are called.
+ Before a candidate for p (other than the first) is gen-
erated and tested, callback(0, counter, cb_arg) is
called.
+ When a candidate for p has passed the test by trial
division, callback(1, -1, cb_arg) is called. While it is
tested by the Miller-Rabin primality test, callback(1,
i, cb_arg) is called in the outer loop (once for each
witness that confirms that the candidate may be prime).
MirBSD #10-current 2005-02-05 1
DSA_GENERATE_PARAMETERS(3) OpenSSL DSA_GENERATE_PARAMETERS(3)
i is the loop counter (starting at 0).
+ When p has been found, callback(2, 1, cb_arg) is called.
+ When the generator has been found, callback(3, 1,
cb_arg) is called.
DSA_generate_parameters() returns a pointer to the DSA
structure, or NULL if the parameter generation fails. The
error codes can be obtained by ERR_get_error(3).
Seed lengths > 20 are not supported.
dsa(3), ERR_get_error(3), rand(3), DSA_free(3)
DSA_generate_parameters() appeared in SSLeay 0.8. The cb_arg
argument was added in SSLeay 0.9.0. In versions up to
OpenSSL 0.9.4, callback(1, ...) was called in the inner loop
of the Miller-Rabin test whenever it reached the squaring
step (the parameters to callback did not reveal how many
witnesses had been tested); since OpenSSL 0.9.5, callback(1,
...) is called as in BN_is_prime(3), i.e. once for each wit-
ness. =cut
MirBSD #10-current 2005-02-05 2