X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fcrypto%2FDSA_generate_parameters.pod;h=be7c924ff8f971eefa18499b275b8df00971a81c;hb=64cee65ebc4a5a23d9f6d6f73cb25e78a80af5c2;hp=1058c5eb44cb56addd7668f444408444b1e1926e;hpb=38e33cef15e7965ad9fd9db4b08fb2f5dc1bc573;p=oweals%2Fopenssl.git diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index 1058c5eb44..be7c924ff8 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -2,15 +2,15 @@ =head1 NAME -DSA_generate_parameters - Generate DSA parameters +DSA_generate_parameters - generate DSA parameters =head1 SYNOPSIS #include - DSA * DSA_generate_parameters(int bits, unsigned char *seed, + DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, - void (*callback)(), void *cb_arg); + void (*callback)(int, int, void *), void *cb_arg); =head1 DESCRIPTION @@ -20,14 +20,14 @@ for use in the DSA. B is the length of the prime to be generated; the DSS allows a maximum of 1024 bits. -If B is NULL or B E 20, the primes will be +If B is B or B E 20, the primes will be generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random seed is chosen and placed at B. DSA_generate_parameters() places the iteration count in *B and a counter used for finding a generator in -*B, unless these are NULL. +*B, unless these are B. A callback function may be used to provide feedback about the progress of the key generation. If B is not B, it will be @@ -37,13 +37,17 @@ called as follows: =item * -When the the m-th candidate for q is generated, B is called. +When a candidate for q is generated, B is called +(m is 0 for the first candidate). =item * -B is called in the inner loop of the -Miller-Rabin primality test. +When a candidate for q has passed a test by trial division, +B is called. +While a candidate for q is tested by Miller-Rabin primality tests, +B is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0). =item * @@ -52,10 +56,17 @@ B are called. =item * -While candidates for p are being tested, B -is called in the inner loop of the Miller-Rabin primality test, then -B is called when the next candidate -is chosen. +Before a candidate for p (other than the first) is generated and tested, +B is called. + +=item * + +When a candidate for p has passed the test by trial division, +B is called. +While it is tested by the Miller-Rabin primality test, +B is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0). =item * @@ -70,25 +81,25 @@ When the generator has been found, B is called. =head1 RETURN VALUE DSA_generate_parameters() returns a pointer to the DSA structure, or -NULL if the parameter generation fails. The error codes can be +B if the parameter generation fails. The error codes can be obtained by L. =head1 BUGS -The deterministic generation of p does not follow the NIST algorithm: -r0 is SHA1(s+k+1), but should be SHA1(s+j+k) with j_0=2, -j_counter=j_counter-1 + n + 1. - Seed lengths E 20 are not supported. =head1 SEE ALSO -L, L, L, +L, L, L, L =head1 HISTORY DSA_generate_parameters() appeared in SSLeay 0.8. The B argument was added in SSLeay 0.9.0. - +In versions up to OpenSSL 0.9.4, B was called +in the inner loop of the Miller-Rabin test whenever it reached the +squaring step (the parameters to B did not reveal how many +witnesses had been tested); since OpenSSL 0.9.5, B +is called as in BN_is_prime(3), i.e. once for each witness. =cut