Sortix
current nightly

Sortix 1.1dev ports manual

This manual documents Sortix 1.1dev ports. You can instead view this document in the latest official manual.

BN_GENERATE_PRIME(3) Library Functions Manual BN_GENERATE_PRIME(3)

NAME

BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttestgenerate primes and test for primality

SYNOPSIS

#include <openssl/bn.h>
int
BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb);
int
BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
int
BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb);
int
BN_GENCB_call(BN_GENCB *cb, int a, int b);
BN_GENCB *
BN_GENCB_new(void);
void
BN_GENCB_free(BN_GENCB *cb);
void
BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), void *cb_arg);
void
BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), void *cb_arg);
void *
BN_GENCB_get_arg(BN_GENCB *cb);
Deprecated:

BIGNUM *
BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
int
BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
int
BN_is_prime_fasttest(const BIGNUM *a, int checks, void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg, int do_trial_division);

DESCRIPTION

BN_generate_prime_ex() generates a pseudo-random prime number of at least bit length bits. The returned number is probably prime, but there is a very small probability of returning a non-prime number. If ret is not NULL, it will be used to store the number.
If cb is not NULL, it is used as follows:
  • BN_GENCB_call(cb, 0, i) is called after generating the i-th potential prime number.
  • While the number is being tested for primality, BN_GENCB_call(cb, 1, j) is called as described below.
  • When a prime has been found, BN_GENCB_call(cb, 2, i) is called.
  • The callers of BN_generate_prime_ex() may call BN_GENCB_call() with other values as described in their respective manual pages; see SEE ALSO.
The prime may have to fulfill additional requirements for use in Diffie-Hellman key exchange:
If add is not NULL, the prime will fulfill the condition p % add == rem (p % add == 1 if rem == NULL) in order to suit a given generator.
If safe is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 is also prime).
BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number p is prime. The following tests are performed until one of them shows that p is composite; if p passes all these tests, it is considered prime.
BN_is_prime_fasttest_ex(), when called with do_trial_division == 1, first attempts trial division by a number of small primes; if no divisors are found by this test and cb is not NULL, BN_GENCB_call(cb, 1, -1) is called. If do_trial_division == 0, this test is skipped.
Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with nchecks iterations. If nchecks == BN_prime_checks, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, 2^-192 at 3747 bits and 2^-256 at 6394 bits.
When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: It should equal half of the targeted security level in bits (rounded up to the next integer if necessary). For instance, to reach the 128-bit security level, nchecks should be set to 64.
If cb is not NULL, BN_GENCB_call cb 1 j is called after the j-th iteration (j = 0, 1, ...). ctx is a pre-allocated BN_CTX (to save the overhead of allocating and freeing the structure in a loop), or NULL.
BN_GENCB_call() calls the callback function held in the BN_GENCB structure and passes the ints a and b as arguments. There are two types of BN_GENCB structures that are supported: "new" style and "old" style. New programs should prefer the "new" style, whilst the "old" style is provided for backwards compatibility purposes.
A BN_GENCB structure should be created through a call to BN_GENCB_new() and freed through a call to BN_GENCB_free().
For "new" style callbacks a BN_GENCB structure should be initialised with a call to BN_GENCB_set(), where gencb is a BN_GENCB *, callback is of type int (*callback)(int, int, BN_GENCB *) and cb_arg is a void *. "Old" style callbacks are the same except they are initialised with a call to BN_GENCB_set_old() and callback is of type void (*callback)(int, int, void *).
A callback is invoked through a call to BN_GENCB_call(). This will check the type of the callback and will invoke callback(a, b, gencb) for new style callbacks or callback(a, b, cb_arg) for old style.
It is possible to obtain the argument associated with a BN_GENCB structure (set via a call to BN_GENCB_set() or BN_GENCB_set_old()) using BN_GENCB_get_arg().
BN_generate_prime() (deprecated) works in the same way as BN_generate_prime_ex() but expects an old style callback function directly in the callback parameter, and an argument to pass to it in the cb_arg. Similarly BN_is_prime() and BN_is_prime_fasttest() are deprecated and can be compared to BN_is_prime_ex() and BN_is_prime_fasttest_ex() respectively.

RETURN VALUES

BN_generate_prime_ex() returns 1 on success or 0 on error.
BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime(), and BN_is_prime_fasttest() return 0 if the number is composite, 1 if it is prime with an error probability of less than 0.25^nchecks, and -1 on error.
BN_generate_prime() returns the prime number on success, NULL otherwise.
BN_GENCB_new() returns a pointer to a BN_GENCB structure on success, or NULL otherwise.
BN_GENCB_get_arg() returns the argument previously associated with a BN_GENCB structure.
Callback functions should return 1 on success or 0 on error.
The error codes can be obtained by ERR_get_error(3).

SEE ALSO

BN_new(3), DH_generate_parameters(3), DSA_generate_parameters(3), RSA_generate_key(3)

HISTORY

BN_generate_prime() and BN_is_prime() first appeared in SSLeay 0.5.1 and had their cb_arg argument added in SSLeay 0.9.0. These two functions have been available since OpenBSD 2.4.
The ret argument to BN_generate_prime() was added in SSLeay 0.9.1 and OpenBSD 2.6.
BN_is_prime_fasttest() first appeared in OpenSSL 0.9.5 and has been available since OpenBSD 2.7.
BN_generate_prime_ex(), BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_GENCB_call(), BN_GENCB_set_old(), and BN_GENCB_set() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.
BN_GENCB_new(), BN_GENCB_free(), and BN_GENCB_get_arg() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.3.
June 24, 2020 Debian
Copyright 2011-2022 Jonas 'Sortie' Termansen and contributors.
Sortix is free software under the ISC license. 		#sortix on irc.sortix.org
@sortix_org