=head1 NAME
-DSA_generate_parameters - Generate DSA parameters
+DSA_generate_parameters - generate DSA parameters
=head1 SYNOPSIS
#include <openssl/dsa.h>
- DSA * DSA_generate_parameters(int bits, unsigned char *seed,
+ DSA *DSA_generate_parameters(int bits, unsigned char *seed,
int seed_len, int *counter_ret, unsigned long *h_ret,
- void (*callback)(), void *cb_arg);
+ void (*callback)(int, int, void *), void *cb_arg);
=head1 DESCRIPTION
B<bits> is the length of the prime to be generated; the DSS allows a
maximum of 1024 bits.
-If B<seed> is NULL or B<seed_len> E<lt> 20, the primes will be
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
generated at random. Otherwise, the seed is used to generate
them. If the given seed does not yield a prime q, a new random
seed is chosen and placed at B<seed>.
DSA_generate_parameters() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
-*B<h_ret>, unless these are NULL.
+*B<h_ret>, unless these are B<NULL>.
A callback function may be used to provide feedback about the progress
of the key generation. If B<callback> is not B<NULL>, it will be
=item *
-When the the m-th candidate for q is generated, B<callback(0, m,
-cb_arg)> is called.
+When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
+(m is 0 for the first candidate).
=item *
-B<callback(1, j++, cb_arg)> is called in the inner loop of the
-Miller-Rabin primality test.
+When a candidate for q has passed a test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While a candidate for q is tested by Miller-Rabin primality tests,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime);
+i is the loop counter (starting at 0).
=item *
=item *
-While candidates for p are being tested, B<callback(1, j++, cb_arg)>
-is called in the inner loop of the Miller-Rabin primality test, then
-B<callback(0, counter, cb_arg)> is called when the next candidate
-is chosen.
+Before a candidate for p (other than the first) is generated and tested,
+B<callback(0, counter, cb_arg)> is called.
+
+=item *
+
+When a candidate for p has passed the test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While it is tested by the Miller-Rabin primality test,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime).
+i is the loop counter (starting at 0).
=item *
=head1 RETURN VALUE
DSA_generate_parameters() returns a pointer to the DSA structure, or
-NULL if the parameter generation fails. The error codes can be
+B<NULL> if the parameter generation fails. The error codes can be
obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 BUGS
-The deterministic generation of p does not follow the NIST algorithm:
-r0 is SHA1(s+k+1), but should be SHA1(s+j+k) with j_0=2,
-j_counter=j_counter-1 + n + 1.
-
Seed lengths E<gt> 20 are not supported.
=head1 SEE ALSO
DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
argument was added in SSLeay 0.9.0.
-
+In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
+in the inner loop of the Miller-Rabin test whenever it reached the
+squaring step (the parameters to B<callback> did not reveal how many
+witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
+is called as in BN_is_prime(3), i.e. once for each witness.
=cut
projects / openssl.git / blobdiff