=pod

=head1 NAME

DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters

=head1 SYNOPSIS

 #include <openssl/dsa.h>

 int DSA_generate_parameters_ex(DSA *dsa, int bits,
		const unsigned char *seed,int seed_len,
		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

Deprecated:

 DSA *DSA_generate_parameters(int bits, unsigned char *seed,
                int seed_len, int *counter_ret, unsigned long *h_ret,
		void (*callback)(int, int, void *), void *cb_arg);

=head1 DESCRIPTION

DSA_generate_parameters_ex() generates primes p and q and a generator g
for use in the DSA and stores the result in B<dsa>.

B<bits> is the length of the prime to be generated; the DSS allows a
maximum of 1024 bits.

If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
generated at random. Otherwise, the seed is used to generate
them. If the given seed does not yield a prime q, a new random
seed is chosen.

DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
*B<h_ret>, unless these are B<NULL>.

A callback function may be used to provide feedback about the progress
of the key generation. If B<cb> is not B<NULL>, it will be
called as shown below. For information on the BN_GENCB structure and the
BN_GENCB_call function discussed below, refer to
L<BN_generate_prime(3)|BN_generate_prime(3)>.

=over 4

=item *

When a candidate for q is generated, B<BN_GENCB_call(cb, 0, m++)> is called
(m is 0 for the first candidate).

=item *

When a candidate for q has passed a test by trial division,
B<BN_GENCB_call(cb, 1, -1)> is called.
While a candidate for q is tested by Miller-Rabin primality tests,
B<BN_GENCB_call(cb, 1, i)> is called in the outer loop
(once for each witness that confirms that the candidate may be prime);
i is the loop counter (starting at 0).

=item *

When a prime q has been found, B<BN_GENCB_call(cb, 2, 0)> and
B<BN_GENCB_call(cb, 3, 0)> are called.

=item *

Before a candidate for p (other than the first) is generated and tested,
B<BN_GENCB_call(cb, 0, counter)> is called.

=item *

When a candidate for p has passed the test by trial division,
B<BN_GENCB_call(cb, 1, -1)> is called.
While it is tested by the Miller-Rabin primality test,
B<BN_GENCB_call(cb, 1, i)> is called in the outer loop
(once for each witness that confirms that the candidate may be prime).
i is the loop counter (starting at 0).

=item *

When p has been found, B<BN_GENCB_call(cb, 2, 1)> is called.

=item *

When the generator has been found, B<BN_GENCB_call(cb, 3, 1)> is called.

=back

DSA_generate_parameters() (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no B<dsa> parameter is passed and
instead a newly allocated B<DSA> structure is returned. Additionally "old
style" callbacks are used instead of the newer BN_GENCB based approach.
Refer to L<BN_generate_prime(3)|BN_generate_prime(3)> for further information.

=head1 RETURN VALUE

DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise.

DSA_generate_parameters() returns a pointer to the DSA structure, or
B<NULL> if the parameter generation fails.

The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.

=head1 BUGS

Seed lengths E<gt> 20 are not supported.

=head1 SEE ALSO

L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_free(3)|DSA_free(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)>

=head1 HISTORY

DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
argument was added in SSLeay 0.9.0.
In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
in the inner loop of the Miller-Rabin test whenever it reached the
squaring step (the parameters to B<callback> did not reveal how many
witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
is called as in BN_is_prime(3), i.e. once for each witness.
=cut