NAME
BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, BN_check_prime, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality
SYNOPSIS
#include <openssl/bn.h>
int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
BN_CTX *ctx);
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
const BIGNUM *rem, BN_GENCB *cb);
int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb);
int BN_GENCB_call(BN_GENCB *cb, int a, int b);
BN_GENCB *BN_GENCB_new(void);
void BN_GENCB_free(BN_GENCB *cb);
void BN_GENCB_set_old(BN_GENCB *gencb,
void (*callback)(int, int, void *), void *cb_arg);
void BN_GENCB_set(BN_GENCB *gencb,
int (*callback)(int, int, BN_GENCB *), void *cb_arg);
void *BN_GENCB_get_arg(BN_GENCB *cb);
Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining OPENSSL_API_COMPAT with a suitable version value, see BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *),
void *cb_arg);
int BN_is_prime(const BIGNUM *p, int nchecks,
void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
void (*callback)(int, int, void *), BN_CTX *ctx,
void *cb_arg, int do_trial_division);
Deprecated since OpenSSL 3.0: BN_generate_prime_ex2() generates a pseudo-random prime number of at least bit length bits using the BN_CTX provided in ctx. The value of ctx must not be NULL. The returned number is probably prime with a negligible error. The maximum error rate is 2^-128. It's 2^-287 for a 512 bit prime, 2^-435 for a 1024 bit prime, 2^-648 for a 2048 bit prime, and lower than 2^-882 for primes larger than 2048 bit. If add is NULL the returned prime number will have exact bit length bits with the top most two bits set. If ret is not NULL, it will be used to store the number. If cb is not NULL, it is used as follows: BN_GENCB_call(cb, 0, i) is called after generating the i-th potential prime number. While the number is being tested for primality, BN_GENCB_call(cb, 1, j) is called as described below. When a prime has been found, BN_GENCB_call(cb, 2, i) is called. The callers of BN_generate_prime_ex() may call BN_GENCB_call(cb, i, j) with other values as described in their respective man pages; see "SEE ALSO". The prime may have to fulfill additional requirements for use in Diffie-Hellman key exchange: If add is not NULL, the prime will fulfill the condition p % add == rem (p % add == 1 if rem == NULL) in order to suit a given generator. If safe is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 is also prime). If safe is true, and rem == NULL the condition will be p % add == 3. It is recommended that add is a multiple of 4. The random generator must be seeded prior to calling BN_generate_prime_ex(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RETURN VALUES
BN_generate_prime_ex() return 1 on success or 0 on error. BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime(), BN_is_prime_fasttest() and BN_check_prime return 0 if the number is composite, 1 if it is prime with an error probability of less than 0.25^nchecks, and -1 on error. BN_generate_prime() returns the prime number on success, NULL otherwise. BN_GENCB_new returns a pointer to a BN_GENCB structure on success, or NULL otherwise. BN_GENCB_get_arg returns the argument previously associated with a BN_GENCB structure. Callback functions should return 1 on success or 0 on error. The error codes can be obtained by REMOVED FUNCTIONALITY
As of OpenSSL 1.1.0 it is no longer possible to create a BN_GENCB structure directly, as in: Instead applications should create a BN_GENCB structure using BN_GENCB_new: DSA_generate_parameters(3), ERR_get_error(3), RAND(7) The BN_GENCB_new(), BN_GENCB_free(), and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0. BN_check_prime() was added in OpenSSL 3.0. Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html. int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb);
DESCRIPTION
BN_GENCB callback;
BN_GENCB *callback;
callback = BN_GENCB_new();
if (!callback)
/* error */
...
BN_GENCB_free(callback);
SEE ALSO
HISTORY
COPYRIGHT