Understand how to test Bouncy Castle Domain pair generation/validation

[jldodds]

It is likely that it generates only probable primes (Appendix A.1.1.2 of FIPS 186-4) instead of guaranteed primes (A.1.2.1), although it's possible it can do both.

Generator method also matters: The generator g must be generated using either the method of Appendix A.2.1 of FIPS 186-4, for an unverifiable generation, or the method of A.2.3 for a verifiable canonical generation of the value. An implementation may support one or both of these methods for generating g.

It is not clear what OpenSSL uses either, because this isn't a requirement for the old tests. This also means that the OpenSSL vectors are outdated.

[dmzimmerman]

I have taken care of this for BouncyCastle by digging into its source code and extracting/replicating the two private methods it uses to do this generation. In OpenSSL, the test harness appears to do the right thing - even though their sample vectors are outdated, the ones the test harness actually generates (for DSA, at least) seem fine.