OpenBSD manual page server

Manual Page Search Parameters

DSA_GENERATE_PARAMETERS(3) Library Functions Manual DSA_GENERATE_PARAMETERS(3)

DSA_generate_parameters_ex, DSA_generate_parametersgenerate DSA parameters

#include <openssl/dsa.h>

int
DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

Deprecated:


DSA *
DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), void *cb_arg);

() generates primes p and q and a generator g for use in the DSA and stores the result in dsa.

bits is the length of the prime to be generated; the DSS allows a maximum of 1024 bits.

If seed is NULL or seed_len < 20, the primes will be generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random seed is chosen and placed at seed.

() places the iteration count in *counter_ret and a counter used for finding a generator in *h_ret, unless these are NULL.

A callback function may be used to provide feedback about the progress of the key generation. If cb is not NULL, it will be called as shown below. For information on the BN_GENCB structure, refer to BN_GENCB_call(3).

() (deprecated) works in much the same way as for DSA_generate_parameters_ex(), except that no dsa parameter is passed and instead a newly allocated DSA structure is returned. Additionally "old style" callbacks are used instead of the newer BN_GENCB based approach. Refer to BN_generate_prime(3) for further information.

DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise.

DSA_generate_parameters() returns a pointer to the DSA structure, or NULL if the parameter generation fails.

The error codes can be obtained by ERR_get_error(3).

BN_generate_prime(3), DSA_new(3), ERR_get_error(3), RAND_bytes(3)

DSA_generate_parameters() appeared in SSLeay 0.8. The cb_arg argument was added in SSLeay 0.9.0. In versions up to OpenSSL 0.9.4, callback(1, ...) was called in the inner loop of the Miller-Rabin test whenever it reached the squaring step (the parameters to callback() did not reveal how many witnesses had been tested); since OpenSSL 0.9.5, callback(1, ...) is called as in BN_is_prime(3), i.e. once for each witness.

Seed lengths > 20 are not supported.

December 10, 2016 OpenBSD-6.1