38e33cef15
New function BN_pseudo_rand(). Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes (why not use BN_is_prime()?)
95 lines
2.3 KiB
Plaintext
95 lines
2.3 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
DSA_generate_parameters - Generate DSA parameters
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/dsa.h>
|
|
|
|
DSA * DSA_generate_parameters(int bits, unsigned char *seed,
|
|
int seed_len, int *counter_ret, unsigned long *h_ret,
|
|
void (*callback)(), void *cb_arg);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
DSA_generate_parameters() generates primes p and q and a generator g
|
|
for use in the DSA.
|
|
|
|
B<bits> is the length of the prime to be generated; the DSS allows a
|
|
maximum of 1024 bits.
|
|
|
|
If B<seed> is NULL or B<seed_len> E<lt> 20, the primes will be
|
|
generated at random. Otherwise, the seed is used to generate
|
|
them. If the given seed does not yield a prime q, a new random
|
|
seed is chosen and placed at B<seed>.
|
|
|
|
DSA_generate_parameters() places the iteration count in
|
|
*B<counter_ret> and a counter used for finding a generator in
|
|
*B<h_ret>, unless these are NULL.
|
|
|
|
A callback function may be used to provide feedback about the progress
|
|
of the key generation. If B<callback> is not B<NULL>, it will be
|
|
called as follows:
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
When the the m-th candidate for q is generated, B<callback(0, m,
|
|
cb_arg)> is called.
|
|
|
|
=item *
|
|
|
|
B<callback(1, j++, cb_arg)> is called in the inner loop of the
|
|
Miller-Rabin primality test.
|
|
|
|
=item *
|
|
|
|
When a prime q has been found, B<callback(2, 0, cb_arg)> and
|
|
B<callback(3, 0, cb_arg)> are called.
|
|
|
|
=item *
|
|
|
|
While candidates for p are being tested, B<callback(1, j++, cb_arg)>
|
|
is called in the inner loop of the Miller-Rabin primality test, then
|
|
B<callback(0, counter, cb_arg)> is called when the next candidate
|
|
is chosen.
|
|
|
|
=item *
|
|
|
|
When p has been found, B<callback(2, 1, cb_arg)> is called.
|
|
|
|
=item *
|
|
|
|
When the generator has been found, B<callback(3, 1, cb_arg)> is called.
|
|
|
|
=back
|
|
|
|
=head1 RETURN VALUE
|
|
|
|
DSA_generate_parameters() returns a pointer to the DSA structure, or
|
|
NULL if the parameter generation fails. The error codes can be
|
|
obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
|
|
|
|
=head1 BUGS
|
|
|
|
The deterministic generation of p does not follow the NIST algorithm:
|
|
r0 is SHA1(s+k+1), but should be SHA1(s+j+k) with j_0=2,
|
|
j_counter=j_counter-1 + n + 1.
|
|
|
|
Seed lengths E<gt> 20 are not supported.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
|
|
L<DSA_free(3)|DSA_free(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
|
|
argument was added in SSLeay 0.9.0.
|
|
|
|
=cut
|