DSA_generate_parameters 3 2003-07-24 0.9.9-dev OpenSSL

NAME

DSA_generate_parameters - generate DSA parameters

LIBRARY

libcrypto, -lcrypto

SYNOPSIS


 #include 


 DSA *DSA_generate_parameters(int bits, unsigned char *seed,
                int seed_len, int *counter_ret, unsigned long *h_ret,
                void (*callback)(int, int, void *), void *cb_arg);

DESCRIPTION

_D_S_A___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) generates primes p and q and a generator g for use in the DSA.

bbiittss is the length of the prime to be generated; the DSS allows a maximum of 1024 bits.

If sseeeedd is NNUULLLL or sseeeedd__lleenn < 20, the primes will be generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random seed is chosen and placed at sseeeedd.

_D_S_A___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) places the iteration count in *ccoouunntteerr__rreett and a counter used for finding a generator in *hh__rreett, unless these are NNUULLLL.

A callback function may be used to provide feedback about the progress of the key generation. If ccaallllbbaacckk is not NNUULLLL, it will be called as follows:

· When a candidate for q is generated, ccaallllbbaacckk((00,, mm++++,, ccbb__aarrgg)) is called
(m is 0 for the first candidate).
· When a candidate for q has passed a test by trial division,
ccaallllbbaacckk((11,, --11,, ccbb__aarrgg)) is called. While a candidate for q is tested by Miller-Rabin primality tests, ccaallllbbaacckk((11,, ii,, ccbb__aarrgg)) is called in the outer loop (once for each witness that confirms that the candidate may be prime); i is the loop counter (starting at 0).
· When a prime q has been found, ccaallllbbaacckk((22,, 00,, ccbb__aarrgg)) and
ccaallllbbaacckk((33,, 00,, ccbb__aarrgg)) are called.
· Before a candidate for p (other than the first) is generated and tested,
ccaallllbbaacckk((00,, ccoouunntteerr,, ccbb__aarrgg)) is called.
· When a candidate for p has passed the test by trial division,
ccaallllbbaacckk((11,, --11,, ccbb__aarrgg)) is called. While it is tested by the Miller-Rabin primality test, ccaallllbbaacckk((11,, ii,, ccbb__aarrgg)) is called in the outer loop (once for each witness that confirms that the candidate may be prime). i is the loop counter (starting at 0).
· When p has been found, ccaallllbbaacckk((22,, 11,, ccbb__aarrgg)) is called.
· When the generator has been found, ccaallllbbaacckk((33,, 11,, ccbb__aarrgg)) is called.

RETURN VALUE

_D_S_A___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) returns a pointer to the DSA structure, or NNUULLLL if the parameter generation fails. The error codes can be obtained by _E_R_R___g_e_t___e_r_r_o_r(3).

BUGS

Seed lengths > 20 are not supported.

SEE ALSO

_o_p_e_n_s_s_l___d_s_a(3), _E_R_R___g_e_t___e_r_r_o_r(3), _o_p_e_n_s_s_l___r_a_n_d(3), _D_S_A___f_r_e_e(3)

HISTORY

_D_S_A___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) appeared in SSLeay 0.8. The ccbb__aarrgg argument was added in SSLeay 0.9.0. In versions up to OpenSSL 0.9.4, ccaallllbbaacckk((11,, ......)) was called in the inner loop of the Miller-Rabin test whenever it reached the squaring step (the parameters to ccaallllbbaacckk did not reveal how many witnesses had been tested); since OpenSSL 0.9.5, ccaallllbbaacckk((11,, ......)) is called as in _B_N___i_s___p_r_i_m_e(3), i.e. once for each witness. =cut