Matthew Julius Raibert wrote:
I'm working on a project for which I need to generate big primes. Along
the way I noticed that when I run BN_generate_prime() it seems to always
set the two most significant bits to one. In other words, if I ask for
a thousand 16 bit primes, I get a thousand primes that lie between hex
C000 and hex 10000 and not a single prime that lies between hex 8000 and
hex C000.
yep, that's intentional. It should ensure that the product of two
q bits prime numbers is 2*q bits long (useful for rsa key generation).
A simple workaround might be to generate a dh prime (or at least
let openssl think you want to do this) by supplying a trivial non-NULL
"add" parameter to BN_generate_prime, for example:
#include <openssl/bn.h>
#include <iostream>
#include <math.h>
#include <stdlib.h>
#include <time.h>
using namespace std;
int main()
{
BIGNUM* prime = BN_new();
BIGNUM* two = BN_new();
BN_set_word(two, 2);
for(int j = 0; j < 100; j++) {
BN_generate_prime(prime,16,0,two,NULL,NULL,NULL);
cout << "A PRIME: " << BN_bn2hex(prime) << endl;
}
return 0;
}
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
