1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimDSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/dsa.h> 10e71b7053SJung-uk Kim 11b077aed3SPierre ProncheryThe following functions have been deprecated since OpenSSL 3.0, and can be 12b077aed3SPierre Proncheryhidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 13b077aed3SPierre Proncherysee L<openssl_user_macros(7)>: 14b077aed3SPierre Pronchery 15e71b7053SJung-uk Kim int DSA_generate_parameters_ex(DSA *dsa, int bits, 16e71b7053SJung-uk Kim const unsigned char *seed, int seed_len, 17e71b7053SJung-uk Kim int *counter_ret, unsigned long *h_ret, 18e71b7053SJung-uk Kim BN_GENCB *cb); 19e71b7053SJung-uk Kim 20b077aed3SPierre ProncheryThe following functions have been deprecated since OpenSSL 0.9.8, and can be 21b077aed3SPierre Proncheryhidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 22b077aed3SPierre Proncherysee L<openssl_user_macros(7)>: 23e71b7053SJung-uk Kim 24e71b7053SJung-uk Kim DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, 25e71b7053SJung-uk Kim int *counter_ret, unsigned long *h_ret, 26e71b7053SJung-uk Kim void (*callback)(int, int, void *), void *cb_arg); 27e71b7053SJung-uk Kim 28e71b7053SJung-uk Kim=head1 DESCRIPTION 29e71b7053SJung-uk Kim 30b077aed3SPierre ProncheryAll of the functions described on this page are deprecated. 31b077aed3SPierre ProncheryApplications should instead use L<EVP_PKEY_paramgen_init(3)> and 32b077aed3SPierre ProncheryL<EVP_PKEY_keygen(3)> as described in L<EVP_PKEY-DSA(7)>. 33b077aed3SPierre Pronchery 34e71b7053SJung-uk KimDSA_generate_parameters_ex() generates primes p and q and a generator g 35e71b7053SJung-uk Kimfor use in the DSA and stores the result in B<dsa>. 36e71b7053SJung-uk Kim 37e71b7053SJung-uk KimB<bits> is the length of the prime p to be generated. 38e71b7053SJung-uk KimFor lengths under 2048 bits, the length of q is 160 bits; for lengths 39e71b7053SJung-uk Kimgreater than or equal to 2048 bits, the length of q is set to 256 bits. 40e71b7053SJung-uk Kim 41e71b7053SJung-uk KimIf B<seed> is NULL, the primes will be generated at random. 42e71b7053SJung-uk KimIf B<seed_len> is less than the length of q, an error is returned. 43e71b7053SJung-uk Kim 44e71b7053SJung-uk KimDSA_generate_parameters_ex() places the iteration count in 45e71b7053SJung-uk Kim*B<counter_ret> and a counter used for finding a generator in 46e71b7053SJung-uk Kim*B<h_ret>, unless these are B<NULL>. 47e71b7053SJung-uk Kim 48e71b7053SJung-uk KimA callback function may be used to provide feedback about the progress 49e71b7053SJung-uk Kimof the key generation. If B<cb> is not B<NULL>, it will be 50e71b7053SJung-uk Kimcalled as shown below. For information on the BN_GENCB structure and the 51e71b7053SJung-uk KimBN_GENCB_call function discussed below, refer to 52e71b7053SJung-uk KimL<BN_generate_prime(3)>. 53e71b7053SJung-uk Kim 54*ad991e4cSEd MasteDSA_generate_parameters() is similar to DSA_generate_parameters_ex() but 55e71b7053SJung-uk Kimexpects an old-style callback function; see 56e71b7053SJung-uk KimL<BN_generate_prime(3)> for information on the old-style callback. 57e71b7053SJung-uk Kim 58e71b7053SJung-uk Kim=over 2 59e71b7053SJung-uk Kim 60e71b7053SJung-uk Kim=item * 61e71b7053SJung-uk Kim 62e71b7053SJung-uk KimWhen a candidate for q is generated, B<BN_GENCB_call(cb, 0, m++)> is called 63e71b7053SJung-uk Kim(m is 0 for the first candidate). 64e71b7053SJung-uk Kim 65e71b7053SJung-uk Kim=item * 66e71b7053SJung-uk Kim 67e71b7053SJung-uk KimWhen a candidate for q has passed a test by trial division, 68e71b7053SJung-uk KimB<BN_GENCB_call(cb, 1, -1)> is called. 69e71b7053SJung-uk KimWhile a candidate for q is tested by Miller-Rabin primality tests, 70e71b7053SJung-uk KimB<BN_GENCB_call(cb, 1, i)> is called in the outer loop 71e71b7053SJung-uk Kim(once for each witness that confirms that the candidate may be prime); 72e71b7053SJung-uk Kimi is the loop counter (starting at 0). 73e71b7053SJung-uk Kim 74e71b7053SJung-uk Kim=item * 75e71b7053SJung-uk Kim 76e71b7053SJung-uk KimWhen a prime q has been found, B<BN_GENCB_call(cb, 2, 0)> and 77e71b7053SJung-uk KimB<BN_GENCB_call(cb, 3, 0)> are called. 78e71b7053SJung-uk Kim 79e71b7053SJung-uk Kim=item * 80e71b7053SJung-uk Kim 81e71b7053SJung-uk KimBefore a candidate for p (other than the first) is generated and tested, 82e71b7053SJung-uk KimB<BN_GENCB_call(cb, 0, counter)> is called. 83e71b7053SJung-uk Kim 84e71b7053SJung-uk Kim=item * 85e71b7053SJung-uk Kim 86e71b7053SJung-uk KimWhen a candidate for p has passed the test by trial division, 87e71b7053SJung-uk KimB<BN_GENCB_call(cb, 1, -1)> is called. 88e71b7053SJung-uk KimWhile it is tested by the Miller-Rabin primality test, 89e71b7053SJung-uk KimB<BN_GENCB_call(cb, 1, i)> is called in the outer loop 90e71b7053SJung-uk Kim(once for each witness that confirms that the candidate may be prime). 91e71b7053SJung-uk Kimi is the loop counter (starting at 0). 92e71b7053SJung-uk Kim 93e71b7053SJung-uk Kim=item * 94e71b7053SJung-uk Kim 95e71b7053SJung-uk KimWhen p has been found, B<BN_GENCB_call(cb, 2, 1)> is called. 96e71b7053SJung-uk Kim 97e71b7053SJung-uk Kim=item * 98e71b7053SJung-uk Kim 99e71b7053SJung-uk KimWhen the generator has been found, B<BN_GENCB_call(cb, 3, 1)> is called. 100e71b7053SJung-uk Kim 101e71b7053SJung-uk Kim=back 102e71b7053SJung-uk Kim 103e71b7053SJung-uk Kim=head1 RETURN VALUES 104e71b7053SJung-uk Kim 105e71b7053SJung-uk KimDSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. 106e71b7053SJung-uk KimThe error codes can be obtained by L<ERR_get_error(3)>. 107e71b7053SJung-uk Kim 108e71b7053SJung-uk KimDSA_generate_parameters() returns a pointer to the DSA structure or 109e71b7053SJung-uk KimB<NULL> if the parameter generation fails. 110e71b7053SJung-uk Kim 111e71b7053SJung-uk Kim=head1 BUGS 112e71b7053SJung-uk Kim 113e71b7053SJung-uk KimSeed lengths greater than 20 are not supported. 114e71b7053SJung-uk Kim 115e71b7053SJung-uk Kim=head1 SEE ALSO 116e71b7053SJung-uk Kim 117e71b7053SJung-uk KimL<DSA_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>, 118e71b7053SJung-uk KimL<DSA_free(3)>, L<BN_generate_prime(3)> 119e71b7053SJung-uk Kim 120e71b7053SJung-uk Kim=head1 HISTORY 121e71b7053SJung-uk Kim 122b077aed3SPierre ProncheryDSA_generate_parameters_ex() was deprecated in OpenSSL 3.0. 123b077aed3SPierre Pronchery 124e71b7053SJung-uk KimDSA_generate_parameters() was deprecated in OpenSSL 0.9.8; use 125e71b7053SJung-uk KimDSA_generate_parameters_ex() instead. 126e71b7053SJung-uk Kim 127e71b7053SJung-uk Kim=head1 COPYRIGHT 128e71b7053SJung-uk Kim 129*ad991e4cSEd MasteCopyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. 130e71b7053SJung-uk Kim 131b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 132e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 133e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 134e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 135e71b7053SJung-uk Kim 136e71b7053SJung-uk Kim=cut 137