Synopsis #include <openssl/dsa.h> DSA
*DSA_generate_parameters(int bits, unsigned char *seed, int seed_len,
int *counter_ret, unsigned long *h_ret, void (*callback)(int, int,
void *), void *cb_arg);
DESCRIPTIONDSA_generate_parameters() generates primes p and q and a generator
g for use in the DSA.
bits is the length of the prime to be
generated; the DSS allows a maximum of 1024 bits.
If seed is NULL or seed_len < 20,
the primes will be generated at random. Otherwise, the seed is used
to generate them. If the given seed does not yield a prime q, a
new random seed is chosen and placed at seed.
DSA_generate_parameters() places the iteration count in *counter_ret and
a counter used for finding a generator in *h_ret,
unless these are NULL.
A callback function may be used to provide feedback about
the progress of the key generation. If callback is not NULL,
it will be called as follows:
When a candidate for q is generated, callback(0,
m++, cb_arg) is called (m is 0 for the first candidate).
When a candidate for q has passed a test by trial
division, callback(1, -1, cb_arg) is called.
While a candidate for q is tested by Miller-Rabin primality tests, callback(1,
i, cb_arg) is called in the outer loop (once for each
witness that confirms that the candidate may be prime); i is the
loop counter (starting at 0).
When a prime q has been found, callback(2,
0, cb_arg) and callback(3, 0, cb_arg) are
called.
Before a candidate for p (other than the first)
is generated and tested, callback(0, counter, cb_arg) is called.
When a candidate for p has passed the test by trial
division, callback(1, -1, cb_arg) is called.
While it is tested by the Miller-Rabin primality test, callback(1,
i, cb_arg) is called in the outer loop (once for each witness
that confirms that the candidate may be prime). i is the loop counter
(starting at 0).
When p has been found, callback(2, 1,
cb_arg) is called.
When the generator has been found, callback(3,
1, cb_arg) is called.
RETURN VALUEDSA_generate_parameters() returns a pointer to the DSA structure,
or NULL if the parameter generation fails.
The error codes can be obtained by ERR_get_error(3) . RestrictionsSeed lengths > 20 are not supported. SEE ALSOdsa(3) , ERR_get_error(3) , rand(3) , DSA_free(3) HISTORYDSA_generate_parameters() appeared in SSLeay 0.8. The cb_arg argument
was added in SSLeay 0.9.0. In versions up to OpenSSL 0.9.4, callback(1,
...) was called in the inner loop of the Miller-Rabin
test whenever it reached the squaring step (the parameters to callback did
not reveal how many witnesses had been tested); since OpenSSL 0.9.5, callback(1,
...) is called as in BN_is_prime(3) , i.e. once for each witness.
HP Open Source Security for OpenVMS Volume 2:... 
CRYPTO Application Programming Interface (API)... 
