HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > CRYPTO Application Programming Interface (API) Reference

DSA_generate_parameters

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

DSA_generate_parameters — generate DSA parameters

Synopsis

#include <openssl/dsa.h> 
DSA
*DSA_generate_parameters(int bits, unsigned char *seed, int seed_len,
int *counter_ret, unsigned long *h_ret, void (*callback)(int, int,
void *), void *cb_arg);

DESCRIPTION

DSA_generate_parameters() generates primes p and q and a generator g for use in the DSA.

bits is the length of the prime to be generated; the DSS allows a maximum of 1024 bits.

If seed is NULL or seed_len < 20, the primes will be generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random seed is chosen and placed at seed.

DSA_generate_parameters() places the iteration count in *counter_ret and a counter used for finding a generator in *h_ret, unless these are NULL.

A callback function may be used to provide feedback about the progress of the key generation. If callback is not NULL, it will be called as follows:

  • When a candidate for q is generated, callback(0, m++, cb_arg) is called (m is 0 for the first candidate).

  • When a candidate for q has passed a test by trial division, callback(1, -1, cb_arg) is called. While a candidate for q is tested by Miller-Rabin primality tests, callback(1, i, cb_arg) is called in the outer loop (once for each witness that confirms that the candidate may be prime); i is the loop counter (starting at 0).

  • When a prime q has been found, callback(2, 0, cb_arg) and callback(3, 0, cb_arg) are called.

  • Before a candidate for p (other than the first) is generated and tested, callback(0, counter, cb_arg) is called.

  • When a candidate for p has passed the test by trial division, callback(1, -1, cb_arg) is called. While it is tested by the Miller-Rabin primality test, callback(1, i, cb_arg) is called in the outer loop (once for each witness that confirms that the candidate may be prime). i is the loop counter (starting at 0).

  • When p has been found, callback(2, 1, cb_arg) is called.

  • When the generator has been found, callback(3, 1, cb_arg) is called.

RETURN VALUE

DSA_generate_parameters() returns a pointer to the DSA structure, or NULL if the parameter generation fails. The error codes can be obtained by ERR_get_error(3).

Restrictions

Seed lengths > 20 are not supported.

SEE ALSO

dsa(3), ERR_get_error(3), rand(3), DSA_free(3)

HISTORY

DSA_generate_parameters() appeared in SSLeay 0.8. The cb_arg argument was added in SSLeay 0.9.0. In versions up to OpenSSL 0.9.4, callback(1, ...) was called in the inner loop of the Miller-Rabin test whenever it reached the squaring step (the parameters to callback did not reveal how many witnesses had been tested); since OpenSSL 0.9.5, callback(1, ...) is called as in BN_is_prime(3), i.e. once for each witness.



DSA_generate_key
  		 


DSA_get_ex_new_index