BN_GENERATE_PRIME(3) OpenSSL BN_GENERATE_PRIME(3)

BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - gen- erate primes and test for primality

#include <openssl/bn.h> BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); int BN_is_prime_fasttest(const BIGNUM *a, int checks, void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg, int do_trial_division);

BN_generate_prime() generates a pseudo-random prime number ofnumbits. Ifretis notNULL, it will be used to store the number. Ifcallbackis notNULL, it is called as follows:+ callback(0, i, cb_arg) is called after generating the i-th potential prime number.+While the number is being tested for primality,call-back(1, j, cb_arg) is called as described below.+When a prime has been found,callback(2, i, cb_arg) is called. The prime may have to fulfill additional requirements for use in Diffie-Hellman key exchange: Ifaddis notNULL, the prime will fulfill the condition p %add==rem(p %add== 1 ifrem==NULL) in order to suit a given generator. Ifsafeis true, it will be a safe prime (i.e. a prime p so that (p-1)/2 is also prime). The PRNG must be seeded prior to callingBN_generate_prime(). The prime number generation has a negligible error probability.BN_is_prime() andBN_is_prime_fasttest() test if the numberais prime. The following tests are performed until one of them shows thatais composite; ifapasses all these tests, it is considered prime. MirBSD #10-current 2005-02-05 1 BN_GENERATE_PRIME(3) OpenSSL BN_GENERATE_PRIME(3)BN_is_prime_fasttest(), when called withdo_trial_division== 1, first attempts trial division by a number of small primes; if no divisors are found by this test andcallbackis notNULL,callback(1, -1, cb_arg) is called. Ifdo_trial_division == 0, this test is skipped. BothBN_is_prime() andBN_is_prime_fasttest() perform a Miller-Rabin probabilistic primality test withchecksitera- tions. Ifchecks == BN_prime_checks, a number of iterations is used that yields a false positive rate of at most 2^-80 for random input. Ifcallbackis notNULL,callback(1, j, cb_arg) is called after the j-th iteration (j = 0, 1, ...).ctxis a pre- allocatedBN_CTX(to save the overhead of allocating and freeing the structure in a loop), orNULL.

BN_generate_prime() returns the prime number on success,NULLotherwise.BN_is_prime() returns 0 if the number is composite, 1 if it is prime with an error probability of less than 0.25^checks, and -1 on error. The error codes can be obtained byERR_get_error(3).

bn(3),ERR_get_error(3),rand(3)

Thecb_argarguments toBN_generate_prime() and toBN_is_prime() were added in SSLeay 0.9.0. Theretargument toBN_generate_prime() was added in SSLeay 0.9.1.BN_is_prime_fasttest() was added in OpenSSL 0.9.5. MirBSD #10-current 2005-02-05 2