int BN_rand(rnd, bits, top, bottom)
BIGNUM *rnd;
int bits, top, bottom;
int BN_is_prime(p, nchecks, callback, ctx, cb_arg)
BIGNUM *p;
int nchecks;
void (*callback)(int,int,char *);
BN_CTX *ctx;
char *cb_arg;
BIGNUM *BN_generate_prime(bits, strong, add, callback, cb_arg)
int bits, strong;
BIGNUM *add, *rem;
void (*callback)(int,int,char *);
char *cb_arg;
BN_rand uses the RAND library to generate a random BIGNUM of bits bits in length. The new value is placed in rnd, which must have been previously allocated to be big enough to hold the new value.
If bottom is set, then the value returned is odd.
If top is set, the top two bits of the new value are set to 1, thus guaranteeing that if two such values are retrieved using this function, their product will have length 2*bits, and not something smaller.
The internal function probable_prime uses this feature.
BN_is_prime checks whether p is prime, by using the Miller-Rabin randomized primality test. This is a probablistic test that requires a number of rounds to ensure the number is prime to a high degree of probability. Since this can take quite some time, a callback function can be passed and it will be called each time p passes a round of the prime testing.
callback will be called as follows: callback(1,n,cb_arg) where n is the number of the round that just passed.
ncheck is the number of Miller-Rabin tests to run. The predefined value BN_prime_checks is a good default (currently 5).
ctx, which holds the temporary BIGNUMs required by this function, must have been previously allocated.
1 is returned if the value passes the tests, 0 if not.
BN_generate_prime generates a probable prime of bits bits in length and returns it. If strong is set, the returned value will also be a strong prime ((p-1)/2 is also prime). This function uses BN_is_prime extensively.
While searching for a prime p, we can add the requirement that the prime fill the following condition p%add == rem. This can be used to help search for primes with specific features, which is required when looking for primes suitable for use with certain 'g' values in the Diffie-Hellman key exchange algorithm. If add is NULL, this condition is not checked. If rem is NULL, rem is assumed to be 1.
Since this search for a prime can take quite some time, if callback is not NULL, it is called in the following situations.